--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5285,17 +5285,17 @@ pref("memory_info_dumper.watch_fifo.enab
 // when the service has a strong suspicion we are in a captive portal
 pref("network.captive-portal-service.minInterval", 60000); // 60 seconds
 pref("network.captive-portal-service.maxInterval", 1500000); // 25 minutes
 // Every 10 checks, the delay is increased by a factor of 5
 pref("network.captive-portal-service.backoffFactor", "5.0");
 pref("network.captive-portal-service.enabled", false);
 
 // DNS Trusted Recursive Resolver
-// 0 - off, 1 - race, 2 TRR first, 3 TRR only, 4 shadow
+// 0 - default off, 1 - race, 2 TRR first, 3 TRR only, 4 shadow, 5 off by choice
 pref("network.trr.mode", 0);
 // DNS-over-HTTP service to use, must be HTTPS://
 pref("network.trr.uri", "");
 // credentials to pass to DOH end-point
 pref("network.trr.credentials", "");
 // Wait for captive portal confirmation before enabling TRR
 pref("network.trr.wait-for-portal", true);
 // Allow RFC1918 address in responses?

--- a/netwerk/dns/TRRService.cpp
+++ b/netwerk/dns/TRRService.cpp
@@ -319,17 +319,17 @@ TRRService::Observe(nsISupports *aSubjec
     }
   }
   return NS_OK;
 }
 
 void
 TRRService::MaybeConfirm()
 {
-  if ((mMode == MODE_NATIVEONLY) || mConfirmer ||
+  if (TRR_DISABLED(mMode) || mConfirmer ||
       mConfirmationState != CONFIRM_TRYING) {
     LOG(("TRRService:MaybeConfirm mode=%d, mConfirmer=%p mConfirmationState=%d\n",
          (int)mMode, (void *)mConfirmer, (int)mConfirmationState));
     return;
   }
   nsAutoCString host;
   {
     MutexAutoLock lock(mLock);
@@ -346,17 +346,17 @@ TRRService::MaybeConfirm()
     NS_DispatchToMainThread(mConfirmer);
   }
 }
 
 bool
 TRRService::MaybeBootstrap(const nsACString &aPossible, nsACString &aResult)
 {
   MutexAutoLock lock(mLock);
-  if ((mMode == MODE_NATIVEONLY) || mBootstrapAddr.IsEmpty()) {
+  if (TRR_DISABLED(mMode) || mBootstrapAddr.IsEmpty()) {
     return false;
   }
 
   nsCOMPtr<nsIURI> url;
   nsresult rv = NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID)
     .Apply(NS_MutatorMethod(&nsIStandardURLMutator::Init,
                             nsIStandardURL::URLTYPE_STANDARD, 443,
                             mPrivateURI, nullptr, nullptr, nullptr))

--- a/netwerk/dns/nsHostResolver.cpp
+++ b/netwerk/dns/nsHostResolver.cpp
@@ -309,16 +309,19 @@ nsHostRecord::ResolveComplete()
         AccumulateCategorical(Telemetry::LABELS_DNS_LOOKUP_ALGORITHM::trrFirst);
         break;
     case MODE_TRRONLY:
         AccumulateCategorical(Telemetry::LABELS_DNS_LOOKUP_ALGORITHM::trrOnly);
         break;
     case MODE_SHADOW:
         AccumulateCategorical(Telemetry::LABELS_DNS_LOOKUP_ALGORITHM::trrShadow);
         break;
+    case MODE_TRROFF:
+        AccumulateCategorical(Telemetry::LABELS_DNS_LOOKUP_ALGORITHM::trrOff);
+        break;
     }
 
     if (mTRRUsed && !mTRRSuccess && mNativeSuccess && gTRRService) {
         gTRRService->TRRBlacklist(nsCString(host), pb, true);
     }
 }
 
 nsHostRecord::~nsHostRecord()
@@ -1262,22 +1265,22 @@ nsHostResolver::NameLookup(nsHostRecord 
 
     if (rec->flags & RES_DISABLE_TRR) {
         if (mode == MODE_TRRONLY) {
             return rv;
         }
         mode = MODE_NATIVEONLY;
     }
 
-    if (mode != MODE_NATIVEONLY) {
+    if (!TRR_DISABLED(mode)) {
         rv = TrrLookup(rec);
     }
 
     if ((mode == MODE_PARALLEL) ||
-        (mode == MODE_NATIVEONLY) ||
+        TRR_DISABLED(mode) ||
         (mode == MODE_SHADOW) ||
         ((mode == MODE_TRRFIRST) && NS_FAILED(rv))) {
         rv = NativeLookup(rec);
     }
 
     return rv;
 }
 

--- a/netwerk/dns/nsHostResolver.h
+++ b/netwerk/dns/nsHostResolver.h
@@ -24,24 +24,27 @@
 #include "mozilla/UniquePtr.h"
 #include "nsRefPtrHashtable.h"
 
 class nsHostResolver;
 class nsResolveHostCallback;
 namespace mozilla { namespace net {
 class TRR;
 enum ResolverMode {
-  MODE_NATIVEONLY, // TRR OFF
-  MODE_PARALLEL,   // race and use the first response
-  MODE_TRRFIRST,   // fallback to native on TRR failure
-  MODE_TRRONLY,    // don't even fallback
-  MODE_SHADOW      // race for stats, but always use native result
+  MODE_NATIVEONLY, // 0 - TRR OFF (by default)
+  MODE_PARALLEL,   // 1 - race and use the first response
+  MODE_TRRFIRST,   // 2 - fallback to native on TRR failure
+  MODE_TRRONLY,    // 3 - don't even fallback
+  MODE_SHADOW,     // 4 - race for stats, but always use native result
+  MODE_TRROFF      // 5 - identical to MODE_NATIVEONLY but explicitly selected
 };
 } }
 
+#define TRR_DISABLED(x) (((x) == MODE_NATIVEONLY) || ((x) == MODE_TRROFF))
+
 extern mozilla::Atomic<bool, mozilla::Relaxed> gNativeIsLocalhost;
 
 #define MAX_RESOLVER_THREADS_FOR_ANY_PRIORITY  3
 #define MAX_RESOLVER_THREADS_FOR_HIGH_PRIORITY 5
 #define MAX_NON_PRIORITY_REQUESTS 150
 
 #define MAX_RESOLVER_THREADS (MAX_RESOLVER_THREADS_FOR_ANY_PRIORITY + \
                               MAX_RESOLVER_THREADS_FOR_HIGH_PRIORITY)

--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -3289,17 +3289,17 @@
     "bug_numbers": [1434852],
     "alert_emails": ["necko@mozilla.com", "dstenberg@mozilla.com"]
   },
   "DNS_LOOKUP_ALGORITHM": {
     "record_in_processes": ["main"],
     "alert_emails": ["necko@mozilla.com", "dstenberg@mozilla.com"],
     "expires_in_version": "never",
     "kind": "categorical",
-    "labels": ["nativeOnly", "trrRace", "trrFirst", "trrOnly", "trrShadow"],
+    "labels": ["nativeOnly", "trrRace", "trrFirst", "trrOnly", "trrShadow", "trrOff"],
     "bug_numbers": [1434852],
     "description": "DNS: lookup algorithm"
   },
   "DNS_LOOKUP_DISPOSITION": {
     "record_in_processes": ["main"],
     "alert_emails": ["necko@mozilla.com", "dstenberg@mozilla.com"],
     "expires_in_version": "never",
     "kind": "categorical",