Not every request will use HTTPS. Mozilla is relying on a “fallback” method that will revert to your operating system’s default DNS if there’s either a specific need for them (such as some parental controls and enterprise configurations) or an outright lookup failure. This should respect the choices of users and IT managers who need the feature turned off, Mozilla said. The team is watching out for potential abuses, though, and will “revisit” its approach if attackers use a canary domain to disable the technology.
It could take some time before DNS over HTTPS is widely available. Mozilla will be watching for hiccups before expanding availability. If all goes smoothly, Firefox may become a go-to option for anyone who insists on securing as much of their web traffic as possible.