Most web traffic has moved to encrypted communication over the past decade or so, but DNS requests still use plain-text. By moving DNS to an encrypted channel, Internet service providers and governments will have a more difficult time to spy on your browsing history.
The downside of DoH is that it means a centralization of DNS. To make DoH possible, Firefox is currently working with two "trusted resolvers:" Cloudflare and NextDNS.
At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.If you don't live in the US, you can switch on DoH manually in Firefox:
We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.The Register says there's some controversy here as Mozilla is basically saying "we decided it is best that you send all your DNS queries to Cloudflare". You gain some privacy and security on one hand, but there are some compromises. Google has no plan to follow Mozilla's approach. Instead, the search giant plans to implement DoH only if the configured DNS server supports it.