How to use DNS over HTTPS in Firefox Android - Step by Step Guide

Hey everyone, on this guide, I will show you how to use DNS over HTTPS on Firefox Android.


You need : Firefox BETA or NIGHTLY (I will show why later on this guide)

Why Firefox Beta/Nightly?

We need one of these editions of the Firefox Browser to get access to about:config.

Step 1 : Download one of these browsers

That’s a very simple step : Just download Firefox BETA or NIGHTLY on the Google Play Store or Aurora Store.

Step 2 : about:config

Now, open the browser you have downloaded and type on the address bar : about:config

Step 3 : network.trr.mode

This setting enables/disables DoH support in Firefox Android

Now, when you are in about:config, type network.trr.mode on the about:config’s address bar. Change the value to 2 or 3.

2 stands for “DoH is enabled, and regular DNS works as a backup”

3 stands for “DoH is enabled, and regular DNS is disabled”

That’s your choice. Choose whatever seems the best for you.

Step 4 : network.trr.uri

This setting changes the DoH-compatible DNS server where Firefox will send DoH DNS queries to the assigned DNS server. By default, Firefox uses Cloudflare’s DoH service located at

Delete this Cloudflare URL and change it to a DoH server. If you want to use Quad9, then use If you want to use NextDNS, then use and append your configuration number. It is on your setup page on your NextDNS account.

Step 5 : Test your configuration

Now that you have enabled DoH on Firefox Android, you need to test your configuration to see if it works.

If you are using Quad9, go to

If you are using NextDNS, go to and connect to your account and then you will see a green circle.


I have read this recently, and concluded that using a local DNS resolver for blocking ads is the only real use-case for DNS, thaughts?

why dont you just configure this system wide on android, rather than only the browser? much simpler to setup, and covers everything

As the article says, if you’re using cloudfare and trust them with dns, then sni will be encrypted via ECH. As for the ocsp issue, you can use crl instead, and librewolf for e.g does prioritise crl as the default certificate revocation mechanism, but that does come with a security tradeoff of not being as up to date as ocsp.