Why are DNS prefetch requests sent in clear text with DNS over HTTPS enabled?

I am trying to understand how DNS-over-HTTPS (DoH) works in both Chrome and Firefox browsers.

To do so, I have enabled DoH on each browser and set the DNS provider to Cloudflare DNS servers (1.1.1.1 and 1.0.0.1), at both browser and operating system level (Windows 10 in my case).

However, the traffic captured by Wireshark shows that there are still multiple DNS request that are made in clear text:

clear text DNS requests

While some of those requests are probably issued by other desktop applications that do not implement DoH, there is one request pattern which seems strange to me:

DNS Prefetch request

Everytime I search some text (say foo for example) in the URL search bar and press Enter, a DNS request is made to the Cloudflare resolver with the domain name foo.lan. Unsurprisingly, the server answers with a No such name DNS response.

After doing some research, this behaviour actually appears to be linked with DNS prefetching.

To make sure of that, I disabled the DNS prefetch flags in both Firefox (network.dns.disablePrefetch) and Chrome (Use a prediction service to load pages more quickly option toggled off), but the prefetch requests are still being sent as before.

This raises three questions to me:

  • Why DNS prefetch requests still occur when the feature is disabled ?
  • Why are those requests made with the .lan suffix ?
  • Why DNS prefetch requests are sent in clear text even though DoH is enabled ?

Please note that I have also tried to change the default search engine from Google to Bing, but the results are unchanged.

Any help would be very appreciated.