Backed out changeset 0b7c8f6349b1 (bug 1667743) on request from kershaw for causing bug 1667801
authorSebastian Hengst <archaeopteryx@coole-files.de>
Wed, 30 Sep 2020 13:12:53 +0200
changeset 550903 b25155229d25cc476357485eddc202c2656566c9
parent 550902 0519a8f4a1fce47856e774bf84c5378004a3bd64
child 550904 4a30905f063e5979798f76a3541aa565f1e5d633
push id127541
push userarchaeopteryx@coole-files.de
push dateWed, 30 Sep 2020 11:14:36 +0000
treeherderautoland@4a30905f063e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1667743, 1667801
milestone83.0a1
backs out0b7c8f6349b1ad495bcd4ddc289f63cbf7bdeddf
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 0b7c8f6349b1 (bug 1667743) on request from kershaw for causing bug 1667801
dom/html/nsHTMLDNSPrefetch.cpp
modules/libpref/init/StaticPrefList.yaml
netwerk/base/Predictor.cpp
netwerk/base/nsDNSPrefetch.cpp
netwerk/base/nsDNSPrefetch.h
netwerk/base/nsSocketTransportService2.cpp
netwerk/base/nsSocketTransportService2.h
netwerk/protocol/http/HttpConnectionBase.cpp
netwerk/protocol/http/HttpConnectionUDP.cpp
netwerk/protocol/http/nsHttpConnection.cpp
netwerk/test/unit/test_dns_by_type_resolve.js
netwerk/test/unit/test_esni_dns_fetch.js
netwerk/test/unit/test_httpssvc_iphint.js
netwerk/test/unit/test_httpssvc_priority.js
netwerk/test/unit/test_trr_httpssvc.js
netwerk/test/unit/test_use_httpssvc.js
netwerk/test/unit/xpcshell.ini
netwerk/test/unit_ipc/child_dns_by_type_resolve.js
netwerk/test/unit_ipc/child_esni_dns_fetch1.js
netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
netwerk/test/unit_ipc/xpcshell.ini
testing/xpcshell/moz-http2/moz-http2.js
tools/lint/rejected-words.yml
--- a/dom/html/nsHTMLDNSPrefetch.cpp
+++ b/dom/html/nsHTMLDNSPrefetch.cpp
@@ -156,17 +156,27 @@ nsresult nsHTMLDNSPrefetch::Prefetch(
   nsresult rv = sDNSService->AsyncResolveNative(
       NS_ConvertUTF16toUTF8(hostname), nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener, nullptr,
       aPartitionedPrincipalOriginAttributes, getter_AddRefs(tmpOutstanding));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
-  // TODO: Fetch HTTPS RRs.
+  // Fetch ESNI keys if needed.
+  if (isHttps && StaticPrefs::network_security_esni_enabled()) {
+    nsAutoCString esniHost;
+    esniHost.Append("_esni.");
+    esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
+    Unused << sDNSService->AsyncResolveNative(
+        esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
+        flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
+        nullptr, aPartitionedPrincipalOriginAttributes,
+        getter_AddRefs(tmpOutstanding));
+  }
 
   return NS_OK;
 }
 
 nsresult nsHTMLDNSPrefetch::PrefetchLow(
     const nsAString& hostname, bool isHttps,
     const OriginAttributes& aPartitionedPrincipalOriginAttributes,
     nsIRequest::TRRMode aMode) {
@@ -241,16 +251,26 @@ nsresult nsHTMLDNSPrefetch::CancelPrefet
     return NS_ERROR_NOT_AVAILABLE;
 
   // Forward cancellation to DNS service
   nsresult rv = sDNSService->CancelAsyncResolveNative(
       NS_ConvertUTF16toUTF8(hostname), nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE,
       nullptr,  // resolverInfo
       sDNSListener, aReason, aPartitionedPrincipalOriginAttributes);
+  // Cancel fetching ESNI keys if needed.
+  if (StaticPrefs::network_security_esni_enabled() && isHttps) {
+    nsAutoCString esniHost;
+    esniHost.Append("_esni.");
+    esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
+    sDNSService->CancelAsyncResolveNative(
+        esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
+        flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
+        aReason, aPartitionedPrincipalOriginAttributes);
+  }
   return rv;
 }
 
 nsresult nsHTMLDNSPrefetch::CancelPrefetchLow(Link* aElement,
                                               nsresult aReason) {
   return CancelPrefetch(
       aElement,
       GetDNSFlagsFromLink(aElement) | nsIDNSService::RESOLVE_PRIORITY_LOW,
@@ -385,18 +405,28 @@ void nsHTMLDNSPrefetch::nsDeferrals::Sub
           } else {
             nsCOMPtr<nsICancelable> tmpOutstanding;
 
             rv = sDNSService->AsyncResolveNative(
                 hostName, nsIDNSService::RESOLVE_TYPE_DEFAULT,
                 mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
                 nullptr, sDNSListener, nullptr, oa,
                 getter_AddRefs(tmpOutstanding));
-            // TODO: Fetch HTTPS RRs.
-
+            // Fetch ESNI keys if needed.
+            if (NS_SUCCEEDED(rv) &&
+                StaticPrefs::network_security_esni_enabled() && isHttps) {
+              nsAutoCString esniHost;
+              esniHost.Append("_esni.");
+              esniHost.Append(hostName);
+              sDNSService->AsyncResolveNative(
+                  esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
+                  mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
+                  nullptr, sDNSListener, nullptr, oa,
+                  getter_AddRefs(tmpOutstanding));
+            }
             // Tell link that deferred prefetch was requested
             if (NS_SUCCEEDED(rv)) link->OnDNSPrefetchRequested();
           }
         }
       }
     }
 
     mEntries[mTail].mElement = nullptr;
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -8302,16 +8302,22 @@
   value: true
   mirror: always
 
 - name: network.http.stale_while_revalidate.enabled
   type: RelaxedAtomicBool
   value: true
   mirror: always
 
+# Whether to use sni encryption.
+- name: network.security.esni.enabled
+  type: bool
+  value: false
+  mirror: always
+
 # Whether to cache SSL resumption tokens in necko.
 - name: network.ssl_tokens_cache_enabled
   type: RelaxedAtomicBool
   value: @IS_NIGHTLY_BUILD@
   mirror: always
 
 # Capacity of the above cache, in kilobytes.
 - name: network.ssl_tokens_cache_capacity
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -1189,16 +1189,30 @@ bool Predictor::RunPredictions(nsIURI* r
     nsCOMPtr<nsICancelable> tmpCancelable;
     mDnsService->AsyncResolveNative(
         hostname, nsIDNSService::RESOLVE_TYPE_DEFAULT,
         (nsIDNSService::RESOLVE_PRIORITY_MEDIUM |
          nsIDNSService::RESOLVE_SPECULATE),
         nullptr, mDNSListener, nullptr, originAttributes,
         getter_AddRefs(tmpCancelable));
 
+    // Fetch esni keys if needed.
+    if (StaticPrefs::network_security_esni_enabled() &&
+        uri->SchemeIs("https")) {
+      nsAutoCString esniHost;
+      esniHost.Append("_esni.");
+      esniHost.Append(hostname);
+      mDnsService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
+                                      (nsIDNSService::RESOLVE_PRIORITY_MEDIUM |
+                                       nsIDNSService::RESOLVE_SPECULATE),
+                                      nullptr, mDNSListener, nullptr,
+                                      originAttributes,
+                                      getter_AddRefs(tmpCancelable));
+    }
+
     predicted = true;
     if (verifier) {
       PREDICTOR_LOG(("    sending preresolve verification"));
       verifier->OnPredictDNS(uri);
     }
   }
 
   return predicted;
--- a/netwerk/base/nsDNSPrefetch.cpp
+++ b/netwerk/base/nsDNSPrefetch.cpp
@@ -12,31 +12,47 @@
 #include "nsIDNSService.h"
 #include "nsIDNSByTypeRecord.h"
 #include "nsICancelable.h"
 #include "nsIURI.h"
 #include "mozilla/Atomics.h"
 #include "mozilla/Preferences.h"
 
 static nsIDNSService* sDNSService = nullptr;
+static mozilla::Atomic<bool, mozilla::Relaxed> sESNIEnabled(false);
+const char kESNIPref[] = "network.security.esni.enabled";
 
 nsresult nsDNSPrefetch::Initialize(nsIDNSService* aDNSService) {
   MOZ_ASSERT(NS_IsMainThread());
 
   NS_IF_RELEASE(sDNSService);
   sDNSService = aDNSService;
   NS_IF_ADDREF(sDNSService);
+  mozilla::Preferences::RegisterCallback(nsDNSPrefetch::PrefChanged, kESNIPref);
+  PrefChanged(nullptr, nullptr);
   return NS_OK;
 }
 
 nsresult nsDNSPrefetch::Shutdown() {
   NS_IF_RELEASE(sDNSService);
+  mozilla::Preferences::UnregisterCallback(nsDNSPrefetch::PrefChanged,
+                                           kESNIPref);
   return NS_OK;
 }
 
+// static
+void nsDNSPrefetch::PrefChanged(const char* aPref, void* aClosure) {
+  if (!aPref || strcmp(aPref, kESNIPref) == 0) {
+    bool enabled = false;
+    if (NS_SUCCEEDED(mozilla::Preferences::GetBool(kESNIPref, &enabled))) {
+      sESNIEnabled = enabled;
+    }
+  }
+}
+
 nsDNSPrefetch::nsDNSPrefetch(nsIURI* aURI,
                              mozilla::OriginAttributes& aOriginAttributes,
                              nsIRequest::TRRMode aTRRMode,
                              nsIDNSListener* aListener, bool storeTiming)
     : mOriginAttributes(aOriginAttributes),
       mStoreTiming(storeTiming),
       mTRRMode(aTRRMode),
       mListener(do_GetWeakReference(aListener)) {
@@ -55,20 +71,35 @@ nsresult nsDNSPrefetch::Prefetch(uint32_
   // If AsyncResolve fails, for example because prefetching is disabled,
   // then our timing will be useless. However, in such a case,
   // mEndTimestamp will be a null timestamp and callers should check
   // TimingsValid() before using the timing.
   nsCOMPtr<nsIEventTarget> target = mozilla::GetCurrentEventTarget();
 
   flags |= nsIDNSService::GetFlagsFromTRRMode(mTRRMode);
 
-  return sDNSService->AsyncResolveNative(
+  nsresult rv = sDNSService->AsyncResolveNative(
       mHostname, nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, this, target,
       mOriginAttributes, getter_AddRefs(tmpOutstanding));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Fetch esni keys if needed.
+  if (sESNIEnabled && mIsHttps) {
+    nsAutoCString esniHost;
+    esniHost.Append("_esni.");
+    esniHost.Append(mHostname);
+    sDNSService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
+                                    flags | nsIDNSService::RESOLVE_SPECULATE,
+                                    nullptr, this, target, mOriginAttributes,
+                                    getter_AddRefs(tmpOutstanding));
+  }
+  return NS_OK;
 }
 
 nsresult nsDNSPrefetch::PrefetchLow(bool refreshDNS) {
   return Prefetch(nsIDNSService::RESOLVE_PRIORITY_LOW |
                   (refreshDNS ? nsIDNSService::RESOLVE_BYPASS_CACHE : 0));
 }
 
 nsresult nsDNSPrefetch::PrefetchMedium(bool refreshDNS) {
--- a/netwerk/base/nsDNSPrefetch.h
+++ b/netwerk/base/nsDNSPrefetch.h
@@ -41,16 +41,18 @@ class nsDNSPrefetch final : public nsIDN
 
   // Call one of the following methods to start the Prefetch.
   nsresult PrefetchHigh(bool refreshDNS = false);
   nsresult PrefetchMedium(bool refreshDNS = false);
   nsresult PrefetchLow(bool refreshDNS = false);
 
   nsresult FetchHTTPSSVC(bool aRefreshDNS);
 
+  static void PrefChanged(const char* aPref, void* aClosure);
+
  private:
   nsCString mHostname;
   bool mIsHttps;
   mozilla::OriginAttributes mOriginAttributes;
   bool mStoreTiming;
   nsIRequest::TRRMode mTRRMode;
   mozilla::TimeStamp mStartTimestamp;
   mozilla::TimeStamp mEndTimestamp;
--- a/netwerk/base/nsSocketTransportService2.cpp
+++ b/netwerk/base/nsSocketTransportService2.cpp
@@ -52,17 +52,18 @@ static Atomic<PRThread*, Relaxed> gSocke
 #define MAX_TIME_BETWEEN_TWO_POLLS \
   "network.sts.max_time_for_events_between_two_polls"
 #define POLL_BUSY_WAIT_PERIOD "network.sts.poll_busy_wait_period"
 #define POLL_BUSY_WAIT_PERIOD_TIMEOUT \
   "network.sts.poll_busy_wait_period_timeout"
 #define MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN \
   "network.sts.max_time_for_pr_close_during_shutdown"
 #define POLLABLE_EVENT_TIMEOUT "network.sts.pollable_event_timeout"
-#define MITM_DETECTED "security.pki.mitm_detected"
+#define ESNI_ENABLED "network.security.esni.enabled"
+#define ESNI_DISABLED_MITM "security.pki.mitm_detected"
 
 #define REPAIR_POLLABLE_EVENT_TIME 10
 
 uint32_t nsSocketTransportService::gMaxCount;
 PRCallOnceType nsSocketTransportService::gMaxCountInitOnce;
 
 // Utility functions
 bool OnSocketThread() { return PR_GetCurrentThread() == gSocketThread; }
@@ -145,16 +146,17 @@ nsSocketTransportService::nsSocketTransp
       mNetworkLinkChangeBusyWaitTimeout(PR_SecondsToInterval(7)),
       mSleepPhase(false),
       mProbedMaxCount(false)
 #if defined(XP_WIN)
       ,
       mPolling(false)
 #endif
       ,
+      mEsniEnabled(false),
       mTrustedMitmDetected(false),
       mNotTrustedMitmDetected(false) {
   NS_ASSERTION(NS_IsMainThread(), "wrong thread");
 
   PR_CallOnce(&gMaxCountInitOnce, DiscoverMaxCount);
   mActiveList =
       (SocketContext*)moz_xmalloc(sizeof(SocketContext) * mActiveListSize);
   mIdleList =
@@ -736,17 +738,18 @@ static const char* gCallbackPrefs[] = {
     SEND_BUFFER_PREF,
     KEEPALIVE_ENABLED_PREF,
     KEEPALIVE_IDLE_TIME_PREF,
     KEEPALIVE_RETRY_INTERVAL_PREF,
     KEEPALIVE_PROBE_COUNT_PREF,
     MAX_TIME_BETWEEN_TWO_POLLS,
     MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN,
     POLLABLE_EVENT_TIMEOUT,
-    MITM_DETECTED,
+    ESNI_ENABLED,
+    ESNI_DISABLED_MITM,
     "network.socket.forcePort",
     nullptr,
 };
 
 /* static */
 void nsSocketTransportService::UpdatePrefs(const char* aPref, void* aSelf) {
   static_cast<nsSocketTransportService*>(aSelf)->UpdatePrefs();
 }
@@ -1502,20 +1505,26 @@ nsresult nsSocketTransportService::Updat
 
   int32_t pollableEventTimeout;
   rv = Preferences::GetInt(POLLABLE_EVENT_TIMEOUT, &pollableEventTimeout);
   if (NS_SUCCEEDED(rv) && pollableEventTimeout >= 0) {
     MutexAutoLock lock(mLock);
     mPollableEventTimeout = TimeDuration::FromSeconds(pollableEventTimeout);
   }
 
-  bool mitmPref = false;
-  rv = Preferences::GetBool(MITM_DETECTED, &mitmPref);
+  bool esniPref = false;
+  rv = Preferences::GetBool(ESNI_ENABLED, &esniPref);
   if (NS_SUCCEEDED(rv)) {
-    mTrustedMitmDetected = mitmPref;
+    mEsniEnabled = esniPref;
+  }
+
+  bool esniMitmPref = false;
+  rv = Preferences::GetBool(ESNI_DISABLED_MITM, &esniMitmPref);
+  if (NS_SUCCEEDED(rv)) {
+    mTrustedMitmDetected = esniMitmPref;
   }
 
   nsAutoCString portMappingPref;
   rv = Preferences::GetCString("network.socket.forcePort", portMappingPref);
   if (NS_SUCCEEDED(rv)) {
     bool rv = UpdatePortRemapPreference(portMappingPref);
     if (!rv) {
       NS_ERROR(
--- a/netwerk/base/nsSocketTransportService2.h
+++ b/netwerk/base/nsSocketTransportService2.h
@@ -117,16 +117,20 @@ class nsSocketTransportService final : p
   uint64_t GetReceivedBytes() { return mReceivedBytesCount; }
 
   // Returns true if keepalives are enabled in prefs.
   bool IsKeepaliveEnabled() { return mKeepaliveEnabledPref; }
 
   bool IsTelemetryEnabledAndNotSleepPhase();
   PRIntervalTime MaxTimeForPrClosePref() { return mMaxTimeForPrClosePref; }
 
+  bool IsEsniEnabled() {
+    return mEsniEnabled && !mTrustedMitmDetected && !mNotTrustedMitmDetected;
+  }
+
   void SetNotTrustedMitmDetected() { mNotTrustedMitmDetected = true; }
 
   // According the preference value of `network.socket.forcePort` this method
   // possibly remaps the port number passed as the arg.
   void ApplyPortRemap(uint16_t* aPort);
 
   // Reads the preference string and updates (rewrites) the mPortRemapping
   // array on the socket thread.  Returns true if the whole pref string was
@@ -334,16 +338,17 @@ class nsSocketTransportService final : p
   void StartPollWatchdog();
   void DoPollRepair();
   void StartPolling();
   void EndPolling();
 #endif
 
   void TryRepairPollableEvent();
 
+  bool mEsniEnabled;
   bool mTrustedMitmDetected;
   bool mNotTrustedMitmDetected;
 };
 
 extern nsSocketTransportService* gSocketTransportService;
 bool OnSocketThread();
 
 }  // namespace net
--- a/netwerk/protocol/http/HttpConnectionBase.cpp
+++ b/netwerk/protocol/http/HttpConnectionBase.cpp
@@ -12,16 +12,21 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
+#define ESNI_SUCCESSFUL 0
+#define ESNI_FAILED 1
+#define NO_ESNI_SUCCESSFUL 2
+#define NO_ESNI_FAILED 3
+
 #include "mozilla/Telemetry.h"
 #include "HttpConnectionBase.h"
 #include "nsHttpHandler.h"
 #include "nsIClassOfService.h"
 #include "nsIOService.h"
 #include "nsISocketTransport.h"
 
 namespace mozilla {
--- a/netwerk/protocol/http/HttpConnectionUDP.cpp
+++ b/netwerk/protocol/http/HttpConnectionUDP.cpp
@@ -12,16 +12,21 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
+#define ESNI_SUCCESSFUL 0
+#define ESNI_FAILED 1
+#define NO_ESNI_SUCCESSFUL 2
+#define NO_ESNI_FAILED 3
+
 #include "ASpdySession.h"
 #include "mozilla/ChaosMode.h"
 #include "mozilla/Telemetry.h"
 #include "HttpConnectionUDP.h"
 #include "nsHttpHandler.h"
 #include "nsHttpRequestHead.h"
 #include "nsHttpResponseHead.h"
 #include "nsIClassOfService.h"
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@@ -12,16 +12,21 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
+#define ESNI_SUCCESSFUL 0
+#define ESNI_FAILED 1
+#define NO_ESNI_SUCCESSFUL 2
+#define NO_ESNI_FAILED 3
+
 #include "ASpdySession.h"
 #include "mozilla/ChaosMode.h"
 #include "mozilla/Telemetry.h"
 #include "nsHttpConnection.h"
 #include "nsHttpHandler.h"
 #include "nsHttpRequestHead.h"
 #include "nsHttpResponseHead.h"
 #include "nsIClassOfService.h"
rename from netwerk/test/unit/test_dns_by_type_resolve.js
rename to netwerk/test/unit/test_esni_dns_fetch.js
--- a/netwerk/test/unit/test_dns_by_type_resolve.js
+++ b/netwerk/test/unit/test_esni_dns_fetch.js
@@ -27,16 +27,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -55,16 +56,17 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
+  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
@@ -94,17 +96,17 @@ class DNSListener {
     return this.promise.then.apply(this.promise, arguments);
   }
 }
 
 DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
   "nsIDNSListener",
 ]);
 
-add_task(async function testTXTResolve() {
+add_task(async function testEsniRequest() {
   // use the h2 server as DOH provider
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
 
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
@@ -121,18 +123,18 @@ add_task(async function testTXTResolve()
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-// verify TXT record pushed on a A record request
-add_task(async function testTXTRecordPushPart1() {
+// verify esni record pushed on a A record request
+add_task(async function testEsniPushPart1() {
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/esni-dns-push"
   );
   let listenerAddr = new DNSListener();
   let request = dns.asyncResolve(
     "_esni_push.example.com",
     dns.RESOLVE_TYPE_DEFAULT,
@@ -146,18 +148,18 @@ add_task(async function testTXTRecordPus
   let [inRequest, inRecord, inStatus] = await listenerAddr;
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
   let answer = inRecord.getNextAddrAsString();
   Assert.equal(answer, test_answer_addr, "got correct answer");
 });
 
-// verify the TXT pushed record
-add_task(async function testTXTRecordPushPart2() {
+// verify the esni pushed record
+add_task(async function testEsniPushPart2() {
   // At this point the second host name should've been pushed and we can resolve it using
   // cache only. Set back the URI to a path that fails.
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/404"
   );
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
@@ -174,17 +176,17 @@ add_task(async function testTXTRecordPus
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-add_task(async function testHTTPSSVCResolve() {
+add_task(async function testEsniHTTPSSVC() {
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "httpssvc_esni.example.com",
     dns.RESOLVE_TYPE_HTTPSSVC,
--- a/netwerk/test/unit/test_httpssvc_iphint.js
+++ b/netwerk/test/unit/test_httpssvc_iphint.js
@@ -30,16 +30,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -61,16 +62,17 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
+  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_httpssvc_priority.js
+++ b/netwerk/test/unit/test_httpssvc_priority.js
@@ -29,16 +29,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -57,16 +58,17 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
+  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_trr_httpssvc.js
+++ b/netwerk/test/unit/test_trr_httpssvc.js
@@ -34,16 +34,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -63,16 +64,17 @@ function setup() {
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 if (!inChildProcess()) {
   setup();
   registerCleanupFunction(() => {
+    prefs.clearUserPref("network.security.esni.enabled");
     prefs.clearUserPref("network.http.spdy.enabled");
     prefs.clearUserPref("network.http.spdy.enabled.http2");
     prefs.clearUserPref("network.dns.localDomains");
     prefs.clearUserPref("network.dns.native-is-localhost");
     prefs.clearUserPref("network.trr.mode");
     prefs.clearUserPref("network.trr.uri");
     prefs.clearUserPref("network.trr.credentials");
     prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_use_httpssvc.js
+++ b/netwerk/test/unit/test_use_httpssvc.js
@@ -30,16 +30,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -61,16 +62,17 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
+  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@@ -401,17 +401,17 @@ run-sequentially = node server exception
 skip-if = appname == "thunderbird"
 [test_ioservice.js]
 [test_substituting_protocol_handler.js]
 [test_proxyconnect.js]
 skip-if = tsan || socketprocess_networking # Bug 1614708
 [test_captive_portal_service.js]
 run-sequentially = node server exceptions dont replay well
 skip-if = socketprocess_networking
-[test_dns_by_type_resolve.js]
+[test_esni_dns_fetch.js]
 [test_network_connectivity_service.js]
 [test_suspend_channel_on_authRetry.js]
 [test_suspend_channel_on_examine_merged_response.js]
 [test_bug1527293.js]
 [test_stale-while-revalidate_negative.js]
 [test_stale-while-revalidate_positive.js]
 [test_stale-while-revalidate_loop.js]
 [test_stale-while-revalidate_max-age-0.js]
rename from netwerk/test/unit_ipc/child_dns_by_type_resolve.js
rename to netwerk/test/unit_ipc/child_esni_dns_fetch1.js
--- a/netwerk/test/unit_ipc/child_dns_by_type_resolve.js
+++ b/netwerk/test/unit_ipc/child_esni_dns_fetch1.js
@@ -27,17 +27,17 @@ class DNSListener {
     return this.promise.then.apply(this.promise, arguments);
   }
 }
 
 DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
   "nsIDNSListener",
 ]);
 
-add_task(async function testTXTResolve() {
+add_task(async function testEsniRequest() {
   // use the h2 server as DOH provider
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "_esni.example.com",
     dns.RESOLVE_TYPE_TXT,
     0,
     null, // resolverInfo
     listenerEsni,
@@ -49,17 +49,17 @@ add_task(async function testTXTResolve()
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   Assert.equal(inRequest, request, "correct request was used");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-add_task(async function testHTTPSSVCResolve() {
+add_task(async function testEsniHTTPSSVC() {
   // use the h2 server as DOH provider
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "httpssvc_esni.example.com",
     dns.RESOLVE_TYPE_HTTPSSVC,
     0,
     null, // resolverInfo
     listenerEsni,
rename from netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
rename to netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
--- a/netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
+++ b/netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
@@ -10,16 +10,17 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
+  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -38,16 +39,17 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "../unit/http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
+  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
@@ -60,10 +62,10 @@ registerCleanupFunction(() => {
   prefs.clearUserPref("network.trr.clear-cache-on-pref-change");
 });
 
 function run_test() {
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
-  run_test_in_child("child_dns_by_type_resolve.js");
+  run_test_in_child("child_esni_dns_fetch1.js");
 }
--- a/netwerk/test/unit_ipc/xpcshell.ini
+++ b/netwerk/test/unit_ipc/xpcshell.ini
@@ -56,17 +56,17 @@ support-files =
   !/netwerk/test/unit/test_alt-data_closeWithStatus.js
   !/netwerk/test/unit/test_channel_priority.js
   !/netwerk/test/unit/test_multipart_streamconv.js
   !/netwerk/test/unit/test_original_sent_received_head.js
   !/netwerk/test/unit/test_alt-data_cross_process.js
   !/netwerk/test/unit/test_httpcancel.js
   !/netwerk/test/unit/test_trr_httpssvc.js
   child_cookie_header.js
-  child_dns_by_type_resolve.js
+  child_esni_dns_fetch1.js
 
 [test_cookie_header_stripped.js]
 [test_cacheflags_wrap.js]
 [test_cache-entry-id_wrap.js]
 [test_cache_jar_wrap.js]
 [test_channel_close_wrap.js]
 [test_cookiejars_wrap.js]
 [test_dns_cancel_wrap.js]
@@ -103,11 +103,11 @@ skip-if = true
 [test_original_sent_received_head_wrap.js]
 [test_channel_id.js]
 [test_trackingProtection_annotateChannels_wrap1.js]
 [test_trackingProtection_annotateChannels_wrap2.js]
 [test_channel_priority_wrap.js]
 [test_multipart_streamconv_wrap.js]
 [test_alt-data_cross_process_wrap.js]
 [test_httpcancel_wrap.js]
-[test_dns_by_type_resolve_wrap.js]
+[test_esni_dns_fetch_wrap.js]
 [test_trr_httpssvc_wrap.js]
 skip-if = os == "android"
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -717,17 +717,17 @@ function handleRequest(req, res) {
           name: u.query.hostname ? u.query.hostname : packet.questions[0].name,
           ttl: 55,
           type: responseType(),
           flush: false,
           data: responseData(),
         });
       }
 
-      // for use with test_dns_by_type_resolve.js
+      // for use with test_esni_dns_fetch.js
       if (packet.questions[0].type == "TXT") {
         answers.push({
           name: packet.questions[0].name,
           type: packet.questions[0].type,
           ttl: 55,
           class: "IN",
           flush: false,
           data: Buffer.from(
@@ -1031,17 +1031,17 @@ function handleRequest(req, res) {
     res.writeHead(200);
     res.write(rContent);
     res.end("");
     return;
   } else if (u.pathname === "/dns-750ms") {
     // it's just meant to be this slow - the test doesn't care about the actual response
     return;
   }
-  // for use with test_dns_by_type_resolve.js
+  // for use with test_esni_dns_fetch.js
   else if (u.pathname === "/esni-dns-push") {
     // _esni_push.example.com has A entry 127.0.0.1
     let rContent = Buffer.from(
       "0000010000010001000000000A5F65736E695F70757368076578616D706C6503636F6D0000010001C00C000100010000003700047F000001",
       "hex"
     );
 
     // _esni_push.example.com has TXT entry 2062586B67646D39705932556761584D6762586B676347467A63336476636D513D
--- a/tools/lint/rejected-words.yml
+++ b/tools/lint/rejected-words.yml
@@ -238,24 +238,24 @@ avoid-blacklist-and-whitelist:
         - netwerk/protocol/http/nsHttpHandler.h
         - netwerk/protocol/http/TRRServiceChannel.cpp
         - netwerk/protocol/res/ExtensionProtocolHandler.cpp
         - netwerk/protocol/viewsource/nsViewSourceChannel.cpp
         - netwerk/protocol/websocket/BaseWebSocketChannel.cpp
         - netwerk/socket/nsSOCKSSocketProvider.cpp
         - netwerk/test/gtest/TestCookie.cpp
         - netwerk/test/unit/head_trr.js
-        - netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
+        - netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
         - netwerk/test/unit_ipc/test_trr_httpssvc_wrap.js
         - netwerk/test/unit/test_bug396389.js
         - netwerk/test/unit/test_bug427957.js
         - netwerk/test/unit/test_bug464591.js
         - netwerk/test/unit/test_bug479413.js
         - netwerk/test/unit/test_cookie_blacklist.js
-        - netwerk/test/unit/test_dns_by_type_resolve.js
+        - netwerk/test/unit/test_esni_dns_fetch.js
         - netwerk/test/unit/test_idn_blacklist.js
         - netwerk/test/unit/test_idn_urls.js
         - netwerk/test/unit/test_trr_httpssvc.js
         - netwerk/test/unit/test_trr.js
         - netwerk/test/unit/test_use_httpssvc.js
         - netwerk/url-classifier/AsyncUrlChannelClassifier.cpp
         - netwerk/url-classifier/nsChannelClassifier.cpp
         - netwerk/url-classifier/nsChannelClassifier.h