Hi All, FYI: Soon we'll be launching a nightly based pref-flip shield study to confirm the feasibility of doing DNS over HTTPs (DoH). If all goes well the study will launch Monday (and if not, probably the following Monday). It will run <= 1 week. If you're running nightly and you want to see if you're in the study check about:studies
Access to global DNS data is commonly manipulated and can easily be blocked and/or collected. DNS services are also sometimes poorly provisioned creating performance problems. We posit that integrity and confidentiality protected access to well provisioned larger caches will help our users. In a nutshell, that's what DoH does. This work relies on a IETF specification that I hope will go into Last Call this coming week: https://datatracker.ietf.org/doc/draft-ietf-doh- dns-over-https/ This initial test is focused on performance feasibility assessment and we won't actually be using the DNS data returned from the DoH server (i.e. the traditional DNS service is used in parallel and only those answers are used - the code calls this shadow mode.) This is obviously not the optimal arrangement of things - the anticipated end state will involve running in "first mode" where DoH is normally used and soft fails (either based on DNS or TCP errors) to traditional DNS. There are also modes where DoH is used and hard fails (known as "only mode" - it requires some bootstrap info), and a mode where DoH and traditional race against each other using whichever is faster. Their are acomodations in place to deal with split-horizon DNS issues. DoH is an open standard and for this test we'll be using the DoH server implementation at Cloudflare. As is typical for Mozilla, when we default-interact with a third party service we have a legal agreement in place to look out for the data retention/use/redistribution/etc interests of both our users and Mozilla itself. The study launch bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1446404 Daniel Stenberg has written much of the code for this - he, I, and Valentin Gosu are the team that will chase down any issues. Feel free to reach out to us (or #necko on slack). There is currently one open issue related to captive portals and "only mode" but that should not be triggered by the study as "only mode" is not used. -Patrick _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
