The DoH protocol encrypts both the DNS lookup before you reach the secure HTTPS site, meaning your lookup data is protected from potential interception.
“At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet,” Selena Deckelmann, VP, Firefox Desktop Product Development said in the announcement.
“Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives […] This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”
The news is controversial as some lawmakers and industry groups have argued it makes it harder for them to block dangerous websites and have voiced their protest.
DoH is on the latest build of Firefox and is turned on by default in the US only. Users in the rest of the world can turn it on manually by going to Settings, General, Network Settings, and can select which of the two trusted DNS servers to use that Mozilla recommends, either CloudFlare or NextDNS. Both should function identically.
Google Chrome and Microsoft Edge allow you to turn on DoH but they make it really tricky. ZDNet has a great guide to help you do it. Apple’s Safari does not yet support the option.