From c496b0461486aafb24895e0ba1baf948f21dd8cf Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Thu, 28 Feb 2019 19:42:07 +0200
Subject: [PATCH] browser-extensions: Firefox DoH/TRR & ESNI

---
 pages/browser-extensions.markdown | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pages/browser-extensions.markdown b/pages/browser-extensions.markdown
index bcd4bed..0ae78fb 100644
--- a/pages/browser-extensions.markdown
+++ b/pages/browser-extensions.markdown
@@ -40,6 +40,15 @@ redirect_from:
     * spoofs the user-agent as the latest Firefox ESR version.
 * `intl.accept_languages` to `en-US, en`
     * see above.
+* `network.security.esni.enabled` to `true` in order to enable encrypted SNI.
+    * Requires DoH, see the next section!
+
+#### DNS over HTTPS
+
+* `network.trr.bootstrapAddress` DNS server to use for resolving the DoH name, e.g. `84.200.70.40` (Resolver 2 of [DNS.watch](https://dns.watch/) in Germany)
+* `network.trr.mode` 3 to enforce DoH which is [required by Firefox ESNI](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289#c5)
+* `network.trr.early-AAAA` `true` to hopefully prefer IPv6
+* `network.trr.uri` for the actual resolver address, e.g. `https://mozilla.cloudflare-dns.com/dns-query` or [check curl wiki](https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers)
 
 ## Passwords