NextDNS is new Firefox DNS-over HTTPS partner
Mozilla has selected the DNS provider NextDNS as a new partner for its Trusted Recursive Resolvers Program. NextDNS is the second DNS provider (after Cloudflare) that has been accepted into the program.
Work on DNS-over-HTTPS in Firefox began in 2017. The feature is designed to protect DNS requests by using encryption in order to thwart of attacks and improve privacy. Additionally, it may also allow users to bypass DNS-based filtering attempts.
When Mozilla announced the integration of DNS-over-HTTPS in the organization's Firefox web browser, it selected Cloudflare as its sole partner. Cloudflare was accepted into the Trusted Recursive Resolvers program with strict operational requirements.
The decision was met with criticism. Two main arguments brought forward were that focusing on a single partner did not give users choice and that Cloudflare was not without criticism either.
Firefox users may configure any DNS provider that supports DNS-over-HTTPS in the browser. Mozilla decision to focus on select partners has advantages but also disadvantages. Advantages, because partners need to meet certain privacy and operational criteria to be selected, and disadvantages, because it limits choice for the most part.
Microsoft and Google selected a different route. The companies made the decision to enable DNS-over-HTTPS automatically if the selected DNS provider supports the technology. In other words: users may benefit from the new technology without needing to make any changes to their systems or them, in some cases, even knowing about it.
Mozilla announced yesterday that NextDNS has been added to the list of official partners for Firefox's DNS-over-HTTPS feature. NextDNS is a new DNS provider that launched in March 2019 that is "a fully customizable, modern, and secure DNS provider" according to Mozilla.
The service is listed as beta currently on the NextDNS website and is completely free during the beta period. NextDNS offers options to enable filtering lists to block known malicious sites, trackers, and other unwanted requests.
The company plans to introduce a paid option after the beta period ends for $1.99 per month for unlimited DNS queries. Free customers are limited to 300,000 DNS queries per month. It is unclear what is going to happen when the limit is reached.
Mozilla plans to bring more partners into its program in the future.
Now You: Do you plan to use DNS-over-HTTPS when it becomes available?
Iâ€™m using them but this is a strange decision. their uptime is horrible and they are only in beta.
I don’t trust Cloudflare any further than I can spit. Never heard of NextDNS, but I’m sure they’re not to be trusted either. I’ll continue to disable DNS over HTTPS as long as I’m able. Eventually I’m going to find another browser and replace Firefox, which has grown to call out far too much at program startup.
Make your own browser then.
@Dude without a suit
big brain time
******Iâ€™m going to find another browser and replace Firefox******* good luck with that. btw you can disable all of that phone-home and telemetry settings in about:config page of firefox. also in firefox youre not stucked with cloudflare or nextdns. u can use any dns provider you want. plus firefox is the only browser that supports Encrypted SNI feature. guess you just dont know how to tweak firefox. (take a look at “ghacks user.js”)
I’ve been using Quad9 (https://dns11.quad9.net/dns-query) for about six months. No problems noted :-)
Also a paid DNS service? Seriously? Who the hell pays for that? Or more importantly, who the hell pays for the rpiviledge to have all their traffic associated to one single account? They’re not even trying anymore at this point, to top it all they’re charging you before selling you(r data).
And moz://a decided to ally themselves with these nobodies who adamantly want to be a part of this mass data gathering program. Bravo, bravo *claps*
Well, the full text sounds less alarming : “3. If not specifically requested by the user, no data is logged. Some features require some sort of data retention. In that case, our users are given the option, control, and full access on what is logged and for how long. For example, if a user chooses to use the analytics feature, he or she can control granularity of the logged information and its retention period; The analytics will gracefully adapt.”
Ahh, the power of full context!
Windows 10 also gives you control over telemetry. uh huh.. Good luck with that pr speak.
Here in Canada FF defaults to CloudFlare but includes a long list of alternatives – I’ve been going with CloudFlare for the few months it’s been available – performance is good and keeps our ISP in the dark. It’s mainly about “trusting” Mozilla for having a legally enforceable contractual relationship with a publicly traded corporation, restricting use and liability for abuse, which is much more than users of other services get. I’m not interested in a paid subscription, so will likely pass on NextDNS.
NextDNS was third choice on my router for a while; OK, I guess. Wasn’t the encrypted version.
I just don’t get a warm and fuzzy about relying on DoH in a browser nor many other privacy or security functions. Best applied systemwide.
Haven’t put much effort into DNS beyond changing from my IPS’s services. For more privacy, our VPN’s DNS servers don’t leak. Otherwise, encrypted DNS presently doesn’t do much for our needs. Definitely not considering paying for NextDNS.
“Do you plan to use DNS-over-HTTPS when it becomes available?”
No, I have no such plans at this time.
To hide my browsing DNS queries from my ISPs and roommates, I have no need for a new hybrid protocol like DoH. I just use the ssh daemon on my Linode server as a SOCKS5 proxy – that’s the -D option of ssh. Yes I trust Linode much more than any of the organizations mentioned in this thread so far.
And if I felt I needed to hide all my DNS traffic I’d go with openvpn, again with the server side on the Linode. I have done that in the past.
Fundamentally this is not about increasing privacy but about increasing the “browserization” of the Internet, something that is clearly to the advantage of Mozilla.
>Do you plan to use DNS-over-HTTPS when it becomes available?
No, because it bypasses the host file
“…No, because it bypasses the host file…”
You would think so… but apparently it doesn’t, at least on my Mac. I have Firefox set up to use DoH (Cloudflare). However, my web-development server setup, which is very custom and a little unusual, absolutely depends on ‘virtual server’ entries that I put into the Apache config file (httpd.conf) and corresponding entries in my hosts file.
The only explanations I can think of are either that Firefox really isn’t using DoH despite my settings… or maybe that somehow Firefox recognizes that my development TLD isn’t a “real” one (i.e. I made it up, it’s not in any registry) so it bypasses DoH just for that? I don’t know. I just know that it all works somehow.
Browser Hybris Galore.
DNS should stay in and under the control of the OS. Browers start to become big for their boots.
propagate DNScrypt etc, but stop cooking own soup parallel to the OS.
To early to tell. I will hope it will work for US ALL.
I won’t be using any of this (no matter who the provider) for two reasons:
1. I live in Hawaii and the nearest server is on the West Coast of the Mainland USA. Too SLOW. I use LOCAL, right in Hawaii, IPv6 DNS servers for the past twenty years.
2. The Hosts file is CRITICAL for my setup.
Also, after using Netscape over IE back in 1998, then Mozilla Suite and then Phoenix, Firebird, Firefox I parted ways with Fx when XUL extensions were killed and use two forks of it instead.
For how long will we be able to opt out? What about other browsers where DNS over HTTPS will be default? Seems to me this is a way to kill the use of the Hosts file (which Microsoft would like).
@Mele: “For how long will we be able to opt out? What about other browsers where DNS over HTTPS will be default? Seems to me this is a way to kill the use of the Hosts file (which Microsoft would like).”
While I don’t consider DoH to be a good thing for a few reasons, this is not one of them. Should it become impossible to opt out (which is unlikely, because it would break important use cases), it’s not terribly difficult to run your own DoH server that respects the host file itself, and tell your browser to use that. That way your DoH lookups will include the contents of the hosts file.
Excuse my intromission, John, but as good as that could be for techies, solutions have to be for the masses. But let us do not blame DoH for a moment and put the burden on the Firefox team. I mean, is it too much trouble to check the hosts file and if it is not there forward the request to DoH? For what reason Firefox cannot implement that? Performance?
DNS-over-HTTPS ignores my HOSTS file (carefully built for more than a decade), so never.
That’s my first line of defense without going into complicated and time-consuming solutions like Pihole etc.
Nope is garbage https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
I dont trust socialists so i wont be using cloudflare. Nextdns provides me resource filtering as a direct client. Being rational i dont expect things to be free and have ZERO tolerance for FAKEFREE that is adware.
Mozilla privacy claims are a sick joke. Never use a firefox profile without something akin to ghacks user.js privacy suite.