Back to Knowledge Base

Quick Reference

Configuration Endpoints

Use this address across all methods below.

🔒 DNS over HTTPS

https://dns.unrulycitizen.com/dns-query

⚙ Bootstrap Address

140.82.41.243

§ I

Firefox Settings

The simplest approach — works in Firefox 62 and later, no configuration files needed.

Method 1 — Built-in Network Settings

1
Open Firefox Settings

Click the menu button (☰) → "Settings".

2
Open Network Settings

Scroll to the bottom of the General tab → click "Settings…" under Network Settings.

3
Enable DNS over HTTPS

Check the box labelled "Enable DNS over HTTPS".

4
Set Custom Provider

Select "Custom" from the provider dropdown and enter:

https://dns.unrulycitizen.com/dns-query
5
Save and Verify

Click "OK", then visit about:networking#dns to confirm DoH is active.

§ II

about:config

Fine-grained control over TRR behaviour — navigate to about:config and set each preference.

Method 2 — Advanced Preferences

Type about:config in the address bar, accept the warning, then search for and set each value below.

network.trr.mode = 3 network.trr.uri = https://dns.unrulycitizen.com/dns-query network.trr.bootstrapAddress = 140.82.41.243 network.trr.wait-for-port-timeout = 3000 network.trr.request-timeout = 5000 network.trr.early-https = true network.trr.use-get = true

Set network.trr.mode to 3 for TRR-first (recommended) or 4 for TRR-only with no fallback.

§ III

user.js

Drop a user.js file into your Firefox profile folder for automatic configuration on every launch.

Method 3 — user.js Profile File

Locate your profile folder via about:profiles → "Open Folder", then create or edit user.js:

// ── Unruly Citizen DoH ── user_pref("network.trr.mode", 3); user_pref("network.trr.uri", "https://dns.unrulycitizen.com/dns-query"); user_pref("network.trr.bootstrapAddress", "140.82.41.243"); user_pref("network.trr.wait-for-port-timeout", 3000); user_pref("network.trr.request-timeout", 5000); user_pref("network.trr.early-https", true); user_pref("doh-rollout.disable-heuristics", true); user_pref("doh-rollout.mode", 2); // ── Optional: Enhanced Privacy ── user_pref("privacy.resistFingerprinting", true); user_pref("privacy.trackingprotection.enabled", true); user_pref("privacy.trackingprotection.socialtracking.enabled", true); user_pref("dom.security.https_only_mode", true); user_pref("network.dns.disablePrefetch", true); user_pref("network.predictor.enabled", false);

Firefox reads user.js on every startup, overriding stored preferences.

§ IV

Enterprise Policies

Lock DoH settings across a fleet via policies.json or command-line flags.

Method 4 — policies.json

Place policies.json in the Firefox distribution/ folder to enforce settings for all users on the machine.

{ "policies": { "DNSOverHTTPS": { "Enabled": true, "ProviderURL": "https://dns.unrulycitizen.com/dns-query", "Locked": true } } }

Command-Line Launch Flags

Useful for testing or kiosk setups without touching profile files.

# Linux / macOS firefox --setpref="network.trr.mode=3" \ --setpref="network.trr.uri=https://dns.unrulycitizen.com/dns-query" \ --setpref="network.trr.bootstrapAddress=140.82.41.243" # Windows "C:\Program Files\Mozilla Firefox\firefox.exe" ^ --setpref="network.trr.mode=3" ^ --setpref="network.trr.uri=https://dns.unrulycitizen.com/dns-query"

Reference

TRR Mode Values

The network.trr.mode preference controls how aggressively Firefox uses DoH.

0
Off

DoH disabled. Uses system DNS resolver entirely.

2
Shadow

Runs DoH in parallel for testing — system DNS still used.

3
TRR-First ✦

Recommended. DoH first, falls back to system DNS if needed.

4
TRR-Only

DoH only — no fallback. Queries fail if DoH is unreachable.

Confirm It's Working

Verification

Use these built-in Firefox pages to confirm DoH is active.

Firefox Internal Pages

# Check DoH and TRR status about:networking#dns about:networking#trr # Full network connections about:networking

Under about:networking#dns you should see DNS queries resolved via TRR with your DoH endpoint listed.

External Leak Tests

# DNS leak test — confirm only your DoH resolver appears https://dnsleaktest.com # Cloudflare trace — check h= field shows expected resolver https://cloudflare.com/cdn-cgi/trace

Common Issues

Troubleshooting

If DoH isn't working, check these first.

DoH Not Working?

  • Firefox 62 or later required
  • Check for enterprise policies overriding settings
  • Verify the DoH endpoint URL is exactly correct
  • Disable VPN or proxy temporarily and retest
  • Check for parental controls or content filters
  • Restart Firefox after any configuration change

Common Firefox Issues

  • Enterprise policies: may lock or block custom providers
  • Extensions: some privacy add-ons conflict with TRR
  • Corporate networks: port 443 for DNS may be filtered
  • Clock skew: certificate errors if system time is wrong
  • Mode 4: switch to mode 3 if sites become unreachable

Need More Help?

Reach out or explore other platform guides in the Knowledge Base.

Contact Us → ← Back to Knowledge Base