will UXP support DNS-over-HTTPS?

Discussions about the development and maturation of the Unified XUL Platform (UXP).
Warning: may contain highly-technical topics.

Moderators: trava90, satrow

Posts: 108
Joined: Wed, 11 Mar 2015, 07:01
Location: Hong Kong

will UXP support DNS-over-HTTPS?

Postby roytam1 » Thu, 22 Mar 2018, 03:27

upstream ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1434852

This will be good for people suffering DNS poisoning when browsing. And even better if current Pale Moon can support it.
Last edited by roytam1 on Thu, 22 Mar 2018, 09:05, edited 1 time in total.

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 4350
Joined: Tue, 09 Oct 2012, 19:37

Re: will UXP support DNS-over-HTTPS?

Postby New Tobin Paradigm » Thu, 22 Mar 2018, 03:38

Sounds more like whitelist/blacklisting to me.. Moonchild?
[ ニュー・トビン・パラダイム ]

User avatar
Pale Moon guru
Pale Moon guru
Posts: 20799
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E

Re: will UXP support DNS-over-HTTPS?

Postby Moonchild » Thu, 22 Mar 2018, 17:25

There is no such thing as DNS-over-https.
They are entirely different protocols.

EDIT: well, looking over the IETF draft of this new "perform a host name lookup on a remote server over an https connection" mechanism (DOH), I can see this having been born from paranoia and/or the desire for people to try and cover their tracks. I shall henceforth call it "D'oh!" 8-)

I don't understand how Mozilla in their commit message can state it's more efficient. There is nothing more efficient than performing a one-shot-one-response UDP request to a DNS server. Setting up an HTTPS connection is expensive, slow, and not efficient at all. What are they thinking?

This kind of tunneling over http of other protocols is further undermining the wide array of protocols in use on the internet. If you don't trust the local network, and you need a server anyway to tunnel through, you may as well use a VPN and cover everything in one go instead of coming up with all sorts of proprietary mechanisms to "work around using one protocol instead of multiple". If you suffer from DNS poisoning, then pick better resolvers to use.

I don't see a reason to implement this at this time. https is not meant to be used an an encapsulation protocol, despite people doing so.
Last edited by Moonchild on Thu, 22 Mar 2018, 17:54, edited 4 times in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

Return to “UXP development”

Who is online

Users browsing this forum: No registered users and 1 guest