With its next patch Mozilla will introduce two new features to its Firefox browser it calls "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). Mozilla says this is an additional feature which enables security, however some security experts think it will make you less secure.

The new Firefox feature called "Trusted Recursive Resolver" (TRR) will be turned on by default. It means that the DNS changes you configured in your network won't have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone's DNS requests.

But according ot security experts at ungleich while it is true that with TRR you may not expose the websites you call to a random DNS server in an untrustworthy network you don't know, it is not true that this increases security in general.

"It is true when you are somewhere in a network you don't know, i. e. a public WiFi network, you could automatically use the DNS server configured by the network. This could cause a security issue, because that unknown DNS server might have been compromised. In the worst case it could lead you to a phishing site pretending to be the website of your bank: as soon as you enter your personal banking information, it will be sent straight to the attackers."

The outfit said that Mozilla denies that using its Trusted Recursive Resolver would cause a security issue for users who are in a trustworthy network where they know their resolvers, or use the ISP's default. However it does not seem to understand that sharing data or information with any third party, which is Cloudflare in this case, is a security issue.