When you type in a URL like ddg.gg it represents an IP address. Your browsers sends a query to a DNS server, that acts like an address book and it tells your browser that ddg.gg means...
When you type in a URL like ddg.gg it represents an IP address. Your browsers sends a query to a DNS server, that acts like an address book and it tells your browser that ddg.gg means 184.72.104.138. However, these requests are not encrypted, making it possible for ANY third party to intercept them, log them, etc. Basically with how it works today everyone in your supply chain of internet knows exactly what websites you visit and what are you doing on these websites. That's where DNS-over-HTTPS comes in, your browser uses HTTPS to access known servers and exchange DNS data with these servers. This way your browsing stays safe from espionage, censors and regulators.
I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data. This actually even prevents some attacks, such as DNS poisoning, where attacker falsify...
I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data.
This actually even prevents some attacks, such as DNS poisoning, where attacker falsify DNS response and force you to visit his website.
And it didn't take long for British ISPs to award Mozilla the title of Internet Villain because of this feature :-)
It more so prevents MITM attacks than prevents people from knowing what site you're connected to. Sure, for a shared/cloud hosting solution many sites may be hosted on one IP address. But for all...
It more so prevents MITM attacks than prevents people from knowing what site you're connected to. Sure, for a shared/cloud hosting solution many sites may be hosted on one IP address. But for all other situations there's a 1-to-1 mapping of domain name to IP address. You can perform the lookup in reverse:
Doesn't always work. Sometimes (usually only on tiny sites I think) multiple sites are hosted from a single IP address. And DNS servers don't have a query for things in reverse I don't think....
Doesn't always work. Sometimes (usually only on tiny sites I think) multiple sites are hosted from a single IP address. And DNS servers don't have a query for things in reverse I don't think. Although ISPs usually run their own DNS servers that are your first choice for asking so they automatically know what you're looking for anyway without any reverse shenanigans.
I presume you have to be using compatible DNS in order for this to work? How would we confirm HTTPS is functioning and not using the legacy DNS fallback?
I presume you have to be using compatible DNS in order for this to work? How would we confirm HTTPS is functioning and not using the legacy DNS fallback?
Well you can probably configure it to not fall back to plain ol' DNS if you're concerned about that happening. If you're worried about this getting botched at this OS level DOH is performed by...
How would we confirm HTTPS is functioning and not using the legacy DNS fallback?
Well you can probably configure it to not fall back to plain ol' DNS if you're concerned about that happening. If you're worried about this getting botched at this OS level DOH is performed by each application, not as a wrapper around your OS DNS.
To disable the recommended extensions in about:addons, set the flag extensions.htmlaboutaddons.recommendations.enabled to false in about:config. You may also want to do the same for...
To disable the recommended extensions in about:addons, set the flag extensions.htmlaboutaddons.recommendations.enabled to false in about:config.
You may also want to do the same for extensions.htmlaboutaddons.discover.enabled
I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and...
I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and old Firefox 12 (?). However I would like to know the impact on normal browsing.
Did anyone read something about this, or can someone recommend me a way how to track time to DOM draw finish so I can count it myself?
Probably the easiest way to do this is to use the Firefox Profiler. Install that add-on, then make these changes to the profiler configuration. Start the profiler, then when you want to examine...
Probably the easiest way to do this is to use the Firefox Profiler. Install that add-on, then make these changes to the profiler configuration. Start the profiler, then when you want to examine the state, capture a profile by pressing Ctrl + Shift + 2.
There are other tools, but many of them require custom builds.
Here's a post on the Mozilla Hacks blog as well, giving more detail about some of the developer-oriented updates: Firefox 68: BigInts, Contrast Checks, and the QuantumBar
It's time to go to your
about:configand setnetwork.trr.modeto 2. This would enable DNS-over-HTTPS with a regular DNS fallback....can you eli5 what that does versus what it had done before?
When you type in a URL like
ddg.ggit represents an IP address. Your browsers sends a query to a DNS server, that acts like an address book and it tells your browser thatddg.ggmeans184.72.104.138. However, these requests are not encrypted, making it possible for ANY third party to intercept them, log them, etc. Basically with how it works today everyone in your supply chain of internet knows exactly what websites you visit and what are you doing on these websites. That's where DNS-over-HTTPS comes in, your browser uses HTTPS to access known servers and exchange DNS data with these servers. This way your browsing stays safe from espionage, censors and regulators.I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data.
This actually even prevents some attacks, such as DNS poisoning, where attacker falsify DNS response and force you to visit his website.
And it didn't take long for British ISPs to award Mozilla the title of Internet Villain because of this feature :-)
cc @Douglas
It more so prevents MITM attacks than prevents people from knowing what site you're connected to. Sure, for a shared/cloud hosting solution many sites may be hosted on one IP address. But for all other situations there's a 1-to-1 mapping of domain name to IP address. You can perform the lookup in reverse:
184.72.104.138ddg.ggStill a massive security improvement, though.
Dang, you're right, I never even thought about using DNS in reverse. But it really makes no difference. Huh.
Doesn't always work. Sometimes (usually only on tiny sites I think) multiple sites are hosted from a single IP address. And DNS servers don't have a query for things in reverse I don't think. Although ISPs usually run their own DNS servers that are your first choice for asking so they automatically know what you're looking for anyway without any reverse shenanigans.
I presume you have to be using compatible DNS in order for this to work? How would we confirm HTTPS is functioning and not using the legacy DNS fallback?
Well you can probably configure it to not fall back to plain ol' DNS if you're concerned about that happening. If you're worried about this getting botched at this OS level DOH is performed by each application, not as a wrapper around your OS DNS.
To disable the recommended extensions in
about:addons, set the flagextensions.htmlaboutaddons.recommendations.enabledtofalseinabout:config.You may also want to do the same for
extensions.htmlaboutaddons.discover.enabledThere's a bug opened about this on Bugzilla. Maybe add your voice so they can give us a toggle in the regular options menu.
There is already a check box for that option added to the nightly channel, so it looks like they'll be adding that in a later release.
I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and old Firefox 12 (?). However I would like to know the impact on normal browsing.
Did anyone read something about this, or can someone recommend me a way how to track time to DOM draw finish so I can count it myself?
Probably the easiest way to do this is to use the Firefox Profiler. Install that add-on, then make these changes to the profiler configuration. Start the profiler, then when you want to examine the state, capture a profile by pressing
Ctrl+Shift+2.There are other tools, but many of them require custom builds.
Thanks! I’ll post thread with results on Tildes if I manage to get interesting data.
Here's a post on the Mozilla Hacks blog as well, giving more detail about some of the developer-oriented updates: Firefox 68: BigInts, Contrast Checks, and the QuantumBar