2019-06-24 - News - Tony Finch
Recent versions of Firefox make it easier to set up encrypted
DNS-over-HTTPS. If you use Firefox on a fixed
desktop, go to Preferences -> General -> scroll to Network Settings at
the bottom -> Enable DNS over HTTPS, Custom:
https://rec.dns.cam.ac.uk/. (Our DNS servers are only available on
the CUDN so this setting isn't suitable for mobile devices.)
Very recent versions of Firefox also support encrypted server name indication. When connecting to a web server the browser needs to tell the web server which site it is looking for. HTTPS does this using Server Name Indication, which is normally not encrypted unlike the rest of the connection. ESNI fixes this privacy leak.
To enable ESNI, go to about:config and verify that
network.security.esni.enabled is true.