Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Configured DNS over HTTPS, but DNS is still coming from my ISP

  • 1 reply
  • 2 have this problem
  • 12 views
  • Last reply by TyDraniu

more options

I have configured Firefox (version 74.0 for Mac) for DNS over HTTPS with Cloudflare (see image 1). But if I enter a domain that does not exist, I get a branded page from my ISP, Verizon, that says the domain does not exist (see image 2). So apparently Verizon is still responding to my DNS requests, not Cloudflare over HTTPS. Any idea what's up? Thanks.

I have configured Firefox (version 74.0 for Mac) for DNS over HTTPS with Cloudflare (see image 1). But if I enter a domain that does not exist, I get a branded page from my ISP, Verizon, that says the domain does not exist (see image 2). So apparently Verizon is still responding to my DNS requests, not Cloudflare over HTTPS. Any idea what's up? Thanks.
Attached screenshots

Chosen solution

Right, when a page does not exist (or Firefox fails to resolve a domain via DoH), there is a fallback to the system DNS.

To change it, enter about:config in the url bar and set network.trr.mode = 3

  • 0 - Off (default). use standard native resolving only (don't use TRR at all)
  • 1 - Reserved (used to be Race mode)
  • 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
  • 3 - Only. Only use TRR, never use the native resolver.
    • Up to FF >= 73, this mode also requires the bootstrapAddress pref to be set.
    • Starting with Firefox 74, setting the bootstrap address is no longer mandatory - the browser will simply bootstrap itself using regular DNS, unless the DoH server domain can't be resolved.
  • 4 - Reserved (used to be Shadow mode)
  • 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.
Read this answer in context 👍 1

All Replies (1)

more options

Chosen Solution

Right, when a page does not exist (or Firefox fails to resolve a domain via DoH), there is a fallback to the system DNS.

To change it, enter about:config in the url bar and set network.trr.mode = 3

  • 0 - Off (default). use standard native resolving only (don't use TRR at all)
  • 1 - Reserved (used to be Race mode)
  • 2 - First. Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
  • 3 - Only. Only use TRR, never use the native resolver.
    • Up to FF >= 73, this mode also requires the bootstrapAddress pref to be set.
    • Starting with Firefox 74, setting the bootstrap address is no longer mandatory - the browser will simply bootstrap itself using regular DNS, unless the DoH server domain can't be resolved.
  • 4 - Reserved (used to be Shadow mode)
  • 5 - Off by choice. This is the same as 0 but marks it as done by choice and not done by default.

Modified by TyDraniu