Earlier this month Mozilla announced the launch of DNS over HTTPS (DoH), Firefox will by default use DoH rather than traditional DNS. But OpenBSD has decided in its distribution system by default disabled on Firefox DoH .
Compared to the traditional DNS, and cloud service providers to make a DNS request through HTTPS, on a non-cached DNS queries minimal performance impact, most of the queries only about 6 milliseconds slower, but weigh the security and privacy of data perspective, Mozilla think it is acceptable costs. And in some cases, even faster than a conventional DNS hundreds of milliseconds.
This might be a good improvement for ordinary users, but all users need to resolve traffic through a third-party cloud vendors, this is indeed there may be privacy and data security issues. The OpenBSD project and think it is wrong, then change the default Firefox enabled DoH approach:
DoH disabled by default. While encryption DNS may be a good thing, but by default, sends all DNS traffic to Cloudflare not a good idea. Applications should respect the OS configuration. If necessary, you can still cover the DoH set.
In addition, the package is not currently supported by OpenBSD also run their own DoH server, OpenBSD 6.6 includes support DoT is expected in the package (DNS over TLS) PowerDNS the DoH's dnsdist 1.4.0. DoH currently run their own server, you need to make some configuration changes for Firefox, view the details: