Enabling Encrypted SNI

I was trying to pass the Encrypted SNI test, but it wasn't smooth as silk.

My resolver NextDNS support the feature, but the test page finds otherwise. So skimmed over the document, found following requirements:

So on Firefox, it should be simple as:

1. Options –> Network Settings –> Enable DNS over HTTPS –> Use Provider, select or fill in your favorite one, mine is NextDNS btw. 2. about:config, accept risk and continue 3. toggle true for network.security.esni.enabled 4. change network.trr.mode to 3 (TRR Only)

Then go back to the test page, and DNSSEC, TLS1.3, and Encrypted SNI are passed, however I saw a orange question mark next to the “Secure DNS” part, looks like when the test was written, NextDNS wasn't well known.


dig TXT _esni.qzhou.dev