1890999 - Let network.dns.native_https_query ride the trains

Status: RESOLVED WONTFIX

(Core :: Networking: DNS, enhancement, P2)

Comment 1

[Valentin Gosu [:valentin] (he/him)]

Attachment: Bug 1890999 - Let network.dns.native_https_query ride the trains r=#necko

Comment 2

[Valentin Gosu [:valentin] (he/him)]

Attachment: Bug 1890999 - Add network.dns.native_https_query to the feature manifest to allow experimentation r=#necko

Comment 3

[Pulsebot]

Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/788b0a5b3a05
Let network.dns.native_https_query ride the trains r=necko-reviewers,kershaw
https://hg.mozilla.org/integration/autoland/rev/7da92e7c4827
Add network.dns.native_https_query to the feature manifest to allow experimentation

Comment 4

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/788b0a5b3a05
https://hg.mozilla.org/mozilla-central/rev/7da92e7c4827

Comment 5

[Pascal Chevrel:pascalc]

(Feature activations are enhancements in Bugzilla).

Should that be part of 126 release notes?

Comment 6

[Valentin Gosu [:valentin] (he/him)]

This got backed out in bug 1893970.
I'll land it again along with bug 1895226.

It should have a release note for 127.

Comment 7

[Dennis Jackson]

This is really great to see! As a consequence of Valentin's work, we'll now support Encrypted Client Hello in a lot more situations.
It would be great to flag this in the release note. E.g. like "This change allows Firefox to use Encrypted Client Hello in a wider variety of situations."

Because this change impacts how we communicate about disabling ECH to our users, I've added an Enterprise Policy & Parental Controls support (previously relied on DoH's controls), as well as filed a request to update our EncryptedClientHello SUMO articles. (See bug 1892240 / this doc).

Comment 8

[Valentin Gosu [:valentin] (he/him)]

Attachment: Bug 1890999 - Let network.dns.native_https_query ride the trains again r=#necko

Comment 9

[Andrew Creskey [:acreskey]]

Agreed on the release notes -- connecting via HTTP/3 on first load as in Bug 1891963 is measurably faster.

Comment 10

[Pulsebot]

Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/451171532dbd
Let network.dns.native_https_query ride the trains again r=necko-reviewers,kershaw

Comment 11

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/451171532dbd

Comment 12

[Ryan VanderMeulen [:RyanVM]]

Nominating for the Fx127 relnotes as this was previously a Nightly-only note in bug 1874464.

Comment 13

[Valentin Gosu [:valentin] (he/him)]

(In reply to Valentin Gosu [:valentin] (he/him) from bug 1874464 comment #28)

Release Note Request (optional, but appreciated)
[Why is this notable]: HTTPS DNS records enable the use of HTTP/3 and ECH. Some platforms can now use it without having DNS over HTTPS enabled.
[Affects Firefox for Android]: Yes, but only Android 10+
[Suggested wording]: HTTPS DNS records can now be resolved with the operating system's DNS resolver on specific platforms (Windows 11, Linux, Android 10+). Previously this required DNS over HTTPS to be enabled. This capability allows allows the use of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to HTTPS when the DNS record is present and enables to use of ECH.
[Links (documentation, blog post, etc)]:

More info in the intent-to-ship email: https://groups.google.com/a/mozilla.org/g/dev-platform/c/oh_Tk0iLT9A

Comment 14

[Mathew Hodson]

This was backed out by bug 1897462
https://hg.mozilla.org/mozilla-central/rev/21a468e2ecc8

New bug 1906239 enabled network.dns.native_https_query in Firefox 129