Bug 1667743 - Remove unused esni code r=necko-reviewers,dragana
authorKershaw Chang <kershaw@mozilla.com>
Thu, 03 Dec 2020 12:17:12 +0000
changeset 559303 86c457d100fdc09f60ca193666ac5ff86e538ba1
parent 559302 d4ef63a4209417db9d840a576cfa341e9a7adfd9
child 559304 4981e28cbd65b72dad30cb4a86431bdde2c4b555
push id38002
push userrmaries@mozilla.com
push dateFri, 04 Dec 2020 03:34:50 +0000
treeherdermozilla-central@ee7cd95a414c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnecko-reviewers, dragana
bugs1667743
milestone85.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1667743 - Remove unused esni code r=necko-reviewers,dragana Differential Revision: https://phabricator.services.mozilla.com/D98023
dom/html/nsHTMLDNSPrefetch.cpp
dom/media/webrtc/transport/test/webrtcproxychannel_unittest.cpp
modules/libpref/init/StaticPrefList.yaml
netwerk/base/Predictor.cpp
netwerk/base/nsDNSPrefetch.cpp
netwerk/base/nsDNSPrefetch.h
netwerk/base/nsISocketTransport.idl
netwerk/base/nsSocketTransport2.cpp
netwerk/base/nsSocketTransport2.h
netwerk/base/nsSocketTransportService2.cpp
netwerk/base/nsSocketTransportService2.h
netwerk/protocol/http/HalfOpenSocket.cpp
netwerk/protocol/http/HttpConnectionBase.cpp
netwerk/protocol/http/HttpConnectionUDP.cpp
netwerk/protocol/http/TunnelUtils.cpp
netwerk/protocol/http/nsHttpConnection.cpp
netwerk/test/unit/test_dns_by_type_resolve.js
netwerk/test/unit/test_esni_dns_fetch.js
netwerk/test/unit/test_httpssvc_iphint.js
netwerk/test/unit/test_httpssvc_priority.js
netwerk/test/unit/test_trr_httpssvc.js
netwerk/test/unit/test_use_httpssvc.js
netwerk/test/unit/xpcshell.ini
netwerk/test/unit_ipc/child_dns_by_type_resolve.js
netwerk/test/unit_ipc/child_esni_dns_fetch1.js
netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
netwerk/test/unit_ipc/xpcshell.ini
testing/xpcshell/moz-http2/moz-http2.js
toolkit/components/telemetry/Histograms.json
tools/lint/rejected-words.yml
--- a/dom/html/nsHTMLDNSPrefetch.cpp
+++ b/dom/html/nsHTMLDNSPrefetch.cpp
@@ -156,27 +156,17 @@ nsresult nsHTMLDNSPrefetch::Prefetch(
   nsresult rv = sDNSService->AsyncResolveNative(
       NS_ConvertUTF16toUTF8(hostname), nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener, nullptr,
       aPartitionedPrincipalOriginAttributes, getter_AddRefs(tmpOutstanding));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
-  // Fetch ESNI keys if needed.
-  if (isHttps && StaticPrefs::network_security_esni_enabled()) {
-    nsAutoCString esniHost;
-    esniHost.Append("_esni.");
-    esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
-    Unused << sDNSService->AsyncResolveNative(
-        esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-        flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
-        nullptr, aPartitionedPrincipalOriginAttributes,
-        getter_AddRefs(tmpOutstanding));
-  }
+  // TODO: Fetch HTTPS RRs in bug 1652723.
 
   return NS_OK;
 }
 
 nsresult nsHTMLDNSPrefetch::PrefetchLow(
     const nsAString& hostname, bool isHttps,
     const OriginAttributes& aPartitionedPrincipalOriginAttributes,
     nsIRequest::TRRMode aMode) {
@@ -251,26 +241,18 @@ nsresult nsHTMLDNSPrefetch::CancelPrefet
     return NS_ERROR_NOT_AVAILABLE;
 
   // Forward cancellation to DNS service
   nsresult rv = sDNSService->CancelAsyncResolveNative(
       NS_ConvertUTF16toUTF8(hostname), nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE,
       nullptr,  // resolverInfo
       sDNSListener, aReason, aPartitionedPrincipalOriginAttributes);
-  // Cancel fetching ESNI keys if needed.
-  if (StaticPrefs::network_security_esni_enabled() && isHttps) {
-    nsAutoCString esniHost;
-    esniHost.Append("_esni.");
-    esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
-    sDNSService->CancelAsyncResolveNative(
-        esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-        flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
-        aReason, aPartitionedPrincipalOriginAttributes);
-  }
+
+  // TODO: Fetch HTTPS RRs in bug 1652723.
   return rv;
 }
 
 nsresult nsHTMLDNSPrefetch::CancelPrefetchLow(Link* aElement,
                                               nsresult aReason) {
   return CancelPrefetch(
       aElement,
       GetDNSFlagsFromLink(aElement) | nsIDNSService::RESOLVE_PRIORITY_LOW,
@@ -405,28 +387,18 @@ void nsHTMLDNSPrefetch::nsDeferrals::Sub
           } else {
             nsCOMPtr<nsICancelable> tmpOutstanding;
 
             rv = sDNSService->AsyncResolveNative(
                 hostName, nsIDNSService::RESOLVE_TYPE_DEFAULT,
                 mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
                 nullptr, sDNSListener, nullptr, oa,
                 getter_AddRefs(tmpOutstanding));
-            // Fetch ESNI keys if needed.
-            if (NS_SUCCEEDED(rv) &&
-                StaticPrefs::network_security_esni_enabled() && isHttps) {
-              nsAutoCString esniHost;
-              esniHost.Append("_esni.");
-              esniHost.Append(hostName);
-              sDNSService->AsyncResolveNative(
-                  esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-                  mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
-                  nullptr, sDNSListener, nullptr, oa,
-                  getter_AddRefs(tmpOutstanding));
-            }
+            // TODO: Fetch HTTPS RRs in bug 1652723.
+
             // Tell link that deferred prefetch was requested
             if (NS_SUCCEEDED(rv)) link->OnDNSPrefetchRequested();
           }
         }
       }
     }
 
     mEntries[mTail].mElement = nullptr;
--- a/dom/media/webrtc/transport/test/webrtcproxychannel_unittest.cpp
+++ b/dom/media/webrtc/transport/test/webrtcproxychannel_unittest.cpp
@@ -173,17 +173,17 @@ class FakeSocketTransportProvider : publ
     MOZ_ASSERT(false);
     return NS_OK;
   }
   NS_IMETHOD GetResetIPFamilyPreference(
       bool* aResetIPFamilyPreference) override {
     MOZ_ASSERT(false);
     return NS_OK;
   }
-  NS_IMETHOD GetEsniUsed(bool* aEsniUsed) override {
+  NS_IMETHOD GetEchConfigUsed(bool* aEchConfigUsed) override {
     MOZ_ASSERT(false);
     return NS_OK;
   }
   NS_IMETHOD SetEchConfig(const nsACString& aEchConfig) override {
     MOZ_ASSERT(false);
     return NS_OK;
   }
   NS_IMETHOD ResolvedByTRR(bool* _retval) override {
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -8583,22 +8583,16 @@
   value: true
   mirror: always
 
 - name: network.http.stale_while_revalidate.enabled
   type: RelaxedAtomicBool
   value: true
   mirror: always
 
-# Whether to use sni encryption.
-- name: network.security.esni.enabled
-  type: bool
-  value: false
-  mirror: always
-
 # Whether to cache SSL resumption tokens in necko.
 - name: network.ssl_tokens_cache_enabled
   type: RelaxedAtomicBool
   value: @IS_NIGHTLY_BUILD@
   mirror: always
 
 # Capacity of the above cache, in kilobytes.
 - name: network.ssl_tokens_cache_capacity
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -1189,30 +1189,17 @@ bool Predictor::RunPredictions(nsIURI* r
     nsCOMPtr<nsICancelable> tmpCancelable;
     mDnsService->AsyncResolveNative(
         hostname, nsIDNSService::RESOLVE_TYPE_DEFAULT,
         (nsIDNSService::RESOLVE_PRIORITY_MEDIUM |
          nsIDNSService::RESOLVE_SPECULATE),
         nullptr, mDNSListener, nullptr, originAttributes,
         getter_AddRefs(tmpCancelable));
 
-    // Fetch esni keys if needed.
-    if (StaticPrefs::network_security_esni_enabled() &&
-        uri->SchemeIs("https")) {
-      nsAutoCString esniHost;
-      esniHost.Append("_esni.");
-      esniHost.Append(hostname);
-      mDnsService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-                                      (nsIDNSService::RESOLVE_PRIORITY_MEDIUM |
-                                       nsIDNSService::RESOLVE_SPECULATE),
-                                      nullptr, mDNSListener, nullptr,
-                                      originAttributes,
-                                      getter_AddRefs(tmpCancelable));
-    }
-
+    // TODO: Fetch HTTPS RRs in bug 1652723.
     predicted = true;
     if (verifier) {
       PREDICTOR_LOG(("    sending preresolve verification"));
       verifier->OnPredictDNS(uri);
     }
   }
 
   return predicted;
--- a/netwerk/base/nsDNSPrefetch.cpp
+++ b/netwerk/base/nsDNSPrefetch.cpp
@@ -12,47 +12,31 @@
 #include "nsIDNSService.h"
 #include "nsIDNSByTypeRecord.h"
 #include "nsICancelable.h"
 #include "nsIURI.h"
 #include "mozilla/Atomics.h"
 #include "mozilla/Preferences.h"
 
 static nsIDNSService* sDNSService = nullptr;
-static mozilla::Atomic<bool, mozilla::Relaxed> sESNIEnabled(false);
-const char kESNIPref[] = "network.security.esni.enabled";
 
 nsresult nsDNSPrefetch::Initialize(nsIDNSService* aDNSService) {
   MOZ_ASSERT(NS_IsMainThread());
 
   NS_IF_RELEASE(sDNSService);
   sDNSService = aDNSService;
   NS_IF_ADDREF(sDNSService);
-  mozilla::Preferences::RegisterCallback(nsDNSPrefetch::PrefChanged, kESNIPref);
-  PrefChanged(nullptr, nullptr);
   return NS_OK;
 }
 
 nsresult nsDNSPrefetch::Shutdown() {
   NS_IF_RELEASE(sDNSService);
-  mozilla::Preferences::UnregisterCallback(nsDNSPrefetch::PrefChanged,
-                                           kESNIPref);
   return NS_OK;
 }
 
-// static
-void nsDNSPrefetch::PrefChanged(const char* aPref, void* aClosure) {
-  if (!aPref || strcmp(aPref, kESNIPref) == 0) {
-    bool enabled = false;
-    if (NS_SUCCEEDED(mozilla::Preferences::GetBool(kESNIPref, &enabled))) {
-      sESNIEnabled = enabled;
-    }
-  }
-}
-
 nsDNSPrefetch::nsDNSPrefetch(nsIURI* aURI,
                              mozilla::OriginAttributes& aOriginAttributes,
                              nsIRequest::TRRMode aTRRMode,
                              nsIDNSListener* aListener, bool storeTiming)
     : mOriginAttributes(aOriginAttributes),
       mStoreTiming(storeTiming),
       mTRRMode(aTRRMode),
       mListener(do_GetWeakReference(aListener)) {
@@ -71,35 +55,20 @@ nsresult nsDNSPrefetch::Prefetch(uint32_
   // If AsyncResolve fails, for example because prefetching is disabled,
   // then our timing will be useless. However, in such a case,
   // mEndTimestamp will be a null timestamp and callers should check
   // TimingsValid() before using the timing.
   nsCOMPtr<nsIEventTarget> target = mozilla::GetCurrentEventTarget();
 
   flags |= nsIDNSService::GetFlagsFromTRRMode(mTRRMode);
 
-  nsresult rv = sDNSService->AsyncResolveNative(
+  return sDNSService->AsyncResolveNative(
       mHostname, nsIDNSService::RESOLVE_TYPE_DEFAULT,
       flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, this, target,
       mOriginAttributes, getter_AddRefs(tmpOutstanding));
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Fetch esni keys if needed.
-  if (sESNIEnabled && mIsHttps) {
-    nsAutoCString esniHost;
-    esniHost.Append("_esni.");
-    esniHost.Append(mHostname);
-    sDNSService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-                                    flags | nsIDNSService::RESOLVE_SPECULATE,
-                                    nullptr, this, target, mOriginAttributes,
-                                    getter_AddRefs(tmpOutstanding));
-  }
-  return NS_OK;
 }
 
 nsresult nsDNSPrefetch::PrefetchLow(bool refreshDNS) {
   return Prefetch(nsIDNSService::RESOLVE_PRIORITY_LOW |
                   (refreshDNS ? nsIDNSService::RESOLVE_BYPASS_CACHE : 0));
 }
 
 nsresult nsDNSPrefetch::PrefetchMedium(bool refreshDNS) {
--- a/netwerk/base/nsDNSPrefetch.h
+++ b/netwerk/base/nsDNSPrefetch.h
@@ -41,18 +41,16 @@ class nsDNSPrefetch final : public nsIDN
 
   // Call one of the following methods to start the Prefetch.
   nsresult PrefetchHigh(bool refreshDNS = false);
   nsresult PrefetchMedium(bool refreshDNS = false);
   nsresult PrefetchLow(bool refreshDNS = false);
 
   nsresult FetchHTTPSSVC(bool aRefreshDNS);
 
-  static void PrefChanged(const char* aPref, void* aClosure);
-
  private:
   nsCString mHostname;
   bool mIsHttps;
   mozilla::OriginAttributes mOriginAttributes;
   bool mStoreTiming;
   nsIRequest::TRRMode mTRRMode;
   mozilla::TimeStamp mStartTimestamp;
   mozilla::TimeStamp mEndTimestamp;
--- a/netwerk/base/nsISocketTransport.idl
+++ b/netwerk/base/nsISocketTransport.idl
@@ -250,19 +250,19 @@ interface nsISocketTransport : nsITransp
     /**
      * If this flag is set then it means that if connecting the preferred ip
      * family has failed, retry with the oppsite one once more.
      */
     const unsigned long RETRY_WITH_DIFFERENT_IP_FAMILY = (1 << 9);
 
     /**
      * If we know that a server speaks only tls <1.3 there is no need to try
-     * to use esni/ech and query dns for esni/echconfig.
+     * to use ech.
      */
-    const unsigned long DONT_TRY_ESNI_OR_ECH = (1 << 10);
+    const unsigned long DONT_TRY_ECH = (1 << 10);
 
     /**
      * These two bits encode the TRR mode of the request.
      * Use the static helper methods convert between the TRR mode and flags.
      */
     const unsigned long TRR_MODE_FLAGS = (1 << 11) | (1 << 12);
 
 %{C++
@@ -321,25 +321,23 @@ interface nsISocketTransport : nsITransp
     /**
      * If true, this socket transport has found out the prefered family
      * according it's connection flags could not be used to establish
      * connections any more.  Hence, the preference should be reset.
      */
     readonly attribute boolean resetIPFamilyPreference;
 
     /**
-     * This attribute holds information whether esni has been used.
+     * This attribute holds information whether echConfig has been used.
      * The value is set after PR_Connect is called.
      */
-   readonly attribute boolean esniUsed;
+   readonly attribute boolean echConfigUsed;
 
     /**
      * Called to set the echConfig to the securityInfo object.
-     * Note that echConfig taks priority over esni, so when this function is
-     * called esni will not be used.
      */
     void setEchConfig(in ACString echConfig);
 
     /**
      * IP address resolved using TRR.
      */
     bool resolvedByTRR();
 };
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@@ -707,20 +707,17 @@ nsSocketTransport::nsSocketTransport()
       mResetFamilyPreference(false),
       mTlsFlags(0),
       mReuseAddrPort(false),
       mState(STATE_CLOSED),
       mAttached(false),
       mInputClosed(true),
       mOutputClosed(true),
       mResolving(false),
-      mDNSLookupStatus(NS_OK),
-      mDNSARequestFinished(0),
-      mEsniQueried(false),
-      mEsniUsed(false),
+      mEchConfigUsed(false),
       mResolvedByTRR(false),
       mNetAddrIsSet(false),
       mSelfAddrIsSet(false),
       mLock("nsSocketTransport.mLock"),
       mFD(this),
       mFDref(0),
       mFDconnected(false),
       mFDFastOpenInProgress(false),
@@ -1086,48 +1083,16 @@ nsresult nsSocketTransport::ResolveHost(
   if (!SocketHost().Equals(mOriginHost)) {
     SOCKET_LOG(("nsSocketTransport %p origin %s doing dns for %s\n", this,
                 mOriginHost.get(), SocketHost().get()));
   }
   rv =
       dns->AsyncResolveNative(SocketHost(), nsIDNSService::RESOLVE_TYPE_DEFAULT,
                               dnsFlags, nullptr, this, mSocketTransportService,
                               mOriginAttributes, getter_AddRefs(mDNSRequest));
-  mEsniQueried = false;
-  // NOTE: If we already have echConfig, we don't try ESNI.
-  if (mSocketTransportService->IsEsniEnabled() && NS_SUCCEEDED(rv) &&
-      !(mConnectionFlags & (DONT_TRY_ESNI_OR_ECH | BE_CONSERVATIVE)) &&
-      mEchConfig.IsEmpty()) {
-    bool isSSL = false;
-    for (unsigned int i = 0; i < mTypes.Length(); ++i) {
-      if (mTypes[i].EqualsLiteral("ssl")) {
-        isSSL = true;
-        break;
-      }
-    }
-    if (isSSL) {
-      SOCKET_LOG((" look for esni txt record"));
-      nsAutoCString esniHost;
-      esniHost.Append("_esni.");
-      // This might end up being the SocketHost
-      // see https://github.com/ekr/draft-rescorla-tls-esni/issues/61
-      esniHost.Append(SocketHost());
-      rv = dns->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
-                                   dnsFlags, nullptr, this,
-                                   mSocketTransportService, mOriginAttributes,
-                                   getter_AddRefs(mDNSTxtRequest));
-      if (NS_FAILED(rv)) {
-        SOCKET_LOG(("  dns request by type failed."));
-        mDNSTxtRequest = nullptr;
-        rv = NS_OK;
-      } else {
-        mEsniQueried = true;
-      }
-    }
-  }
 
   if (NS_SUCCEEDED(rv)) {
     SOCKET_LOG(("  advancing to STATE_RESOLVING\n"));
     mState = STATE_RESOLVING;
   }
   return rv;
 }
 
@@ -1578,29 +1543,23 @@ nsresult nsSocketTransport::InitiateSock
       return NS_ERROR_FAILURE;
     }
   }
 #endif
 
   nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
   if (secCtrl) {
     if (!mEchConfig.IsEmpty() &&
-        !(mConnectionFlags & (DONT_TRY_ESNI_OR_ECH | BE_CONSERVATIVE))) {
+        !(mConnectionFlags & (DONT_TRY_ECH | BE_CONSERVATIVE))) {
       SOCKET_LOG(("nsSocketTransport::InitiateSocket set echconfig."));
       rv = secCtrl->SetEchConfig(mEchConfig);
       if (NS_FAILED(rv)) {
         return rv;
       }
-    } else if (!mDNSRecordTxt.IsEmpty() && !mUsingQuic) {
-      SOCKET_LOG(("nsSocketTransport::InitiateSocket set esni keys."));
-      rv = secCtrl->SetEsniTxt(mDNSRecordTxt);
-      if (NS_FAILED(rv)) {
-        return rv;
-      }
-      mEsniUsed = true;
+      mEchConfigUsed = true;
     }
   }
 
   if (mUsingQuic) {
     //
     // we pretend that we are connected!
     //
     if (PR_Connect(fd, &prAddr, NS_SOCKET_CONNECT_TIMEOUT) == PR_SUCCESS) {
@@ -2215,24 +2174,23 @@ void nsSocketTransport::OnSocketEvent(ui
           mCondition = ResolveHost();
 
       } else {
         SOCKET_LOG(("  ignoring redundant event\n"));
       }
       break;
 
     case MSG_DNS_LOOKUP_COMPLETE:
-      if (mDNSRequest ||
-          mDNSTxtRequest) {  // only send this if we actually resolved anything
+      if (mDNSRequest) {  // only send this if we actually resolved anything
         SendStatus(NS_NET_STATUS_RESOLVED_HOST);
       }
 
       SOCKET_LOG(("  MSG_DNS_LOOKUP_COMPLETE\n"));
       mDNSRequest = nullptr;
-      mDNSTxtRequest = nullptr;
+
       if (mDNSRecord) {
         mDNSRecord->GetNextAddr(SocketPort(), &mNetAddr);
         mDNSRecord->IsTRR(&mResolvedByTRR);
       }
       // status contains DNS lookup status
       if (NS_FAILED(status)) {
         // When using a HTTP proxy, NS_ERROR_UNKNOWN_HOST means the HTTP
         // proxy host is not found, so we fixup the error code.
@@ -2495,21 +2453,16 @@ void nsSocketTransport::OnSocketDetached
     mFastOpenCallback = nullptr;
 
     // make sure there isn't any pending DNS request
     if (mDNSRequest) {
       mDNSRequest->Cancel(NS_ERROR_ABORT);
       mDNSRequest = nullptr;
     }
 
-    if (mDNSTxtRequest) {
-      mDNSTxtRequest->Cancel(NS_ERROR_ABORT);
-      mDNSTxtRequest = nullptr;
-    }
-
     //
     // notify input/output streams
     //
     mInput.OnSocketReady(mCondition);
     mOutput.OnSocketReady(mCondition);
   }
 
   // If FastOpen has been used (mFDFastOpenInProgress==true),
@@ -3024,75 +2977,31 @@ nsSocketTransport::SetSendBufferSize(uin
 
 NS_IMETHODIMP
 nsSocketTransport::OnLookupComplete(nsICancelable* request, nsIDNSRecord* rec,
                                     nsresult status) {
   SOCKET_LOG(("nsSocketTransport::OnLookupComplete: this=%p status %" PRIx32
               ".",
               this, static_cast<uint32_t>(status)));
 
-  if (request == mDNSTxtRequest) {
-    if (NS_SUCCEEDED(status)) {
-      nsCOMPtr<nsIDNSTXTRecord> txtResponse = do_QueryInterface(rec);
-      txtResponse->GetRecordsAsOneString(mDNSRecordTxt);
-      mDNSRecordTxt.Trim(" ");
-    }
-    Telemetry::Accumulate(Telemetry::ESNI_KEYS_RECORDS_FOUND,
-                          NS_SUCCEEDED(status));
-    // flag host lookup complete for the benefit of the ResolveHost method.
-    if (!mDNSRequest) {
-      mResolving = false;
-      MOZ_ASSERT(mDNSARequestFinished);
-      Telemetry::Accumulate(
-          Telemetry::ESNI_KEYS_RECORD_FETCH_DELAYS,
-          PR_IntervalToMilliseconds(PR_IntervalNow() - mDNSARequestFinished));
-
-      nsresult rv =
-          PostEvent(MSG_DNS_LOOKUP_COMPLETE, mDNSLookupStatus, nullptr);
-
-      // if posting a message fails, then we should assume that the socket
-      // transport has been shutdown.  this should never happen!  if it does
-      // it means that the socket transport service was shutdown before the
-      // DNS service.
-      if (NS_FAILED(rv)) {
-        NS_WARNING("unable to post DNS lookup complete message");
-      }
-    } else {
-      mDNSTxtRequest = nullptr;
-    }
-    return NS_OK;
-  }
-
-  if (NS_FAILED(status) && mDNSTxtRequest) {
-    mDNSTxtRequest->Cancel(NS_ERROR_ABORT);
-  } else if (NS_SUCCEEDED(status)) {
+  if (NS_SUCCEEDED(status)) {
     mDNSRecord = do_QueryInterface(rec);
     MOZ_ASSERT(mDNSRecord);
   }
 
   // flag host lookup complete for the benefit of the ResolveHost method.
-  if (!mDNSTxtRequest) {
-    if (mEsniQueried) {
-      Telemetry::Accumulate(Telemetry::ESNI_KEYS_RECORD_FETCH_DELAYS, 0);
-    }
-    mResolving = false;
-    nsresult rv = PostEvent(MSG_DNS_LOOKUP_COMPLETE, status, nullptr);
-
-    // if posting a message fails, then we should assume that the socket
-    // transport has been shutdown.  this should never happen!  if it does
-    // it means that the socket transport service was shutdown before the
-    // DNS service.
-    if (NS_FAILED(rv)) {
-      NS_WARNING("unable to post DNS lookup complete message");
-    }
-  } else {
-    mDNSLookupStatus =
-        status;  // remember the status to send it when esni lookup is ready.
-    mDNSRequest = nullptr;
-    mDNSARequestFinished = PR_IntervalNow();
+  mResolving = false;
+  nsresult rv = PostEvent(MSG_DNS_LOOKUP_COMPLETE, status, nullptr);
+
+  // if posting a message fails, then we should assume that the socket
+  // transport has been shutdown.  this should never happen!  if it does
+  // it means that the socket transport service was shutdown before the
+  // DNS service.
+  if (NS_FAILED(rv)) {
+    NS_WARNING("unable to post DNS lookup complete message");
   }
 
   return NS_OK;
 }
 
 // nsIInterfaceRequestor
 NS_IMETHODIMP
 nsSocketTransport::GetInterface(const nsIID& iid, void** result) {
@@ -3657,18 +3566,18 @@ nsSocketTransport::GetFirstRetryError(ns
 
 NS_IMETHODIMP
 nsSocketTransport::GetResetIPFamilyPreference(bool* aReset) {
   *aReset = mResetFamilyPreference;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsSocketTransport::GetEsniUsed(bool* aEsniUsed) {
-  *aEsniUsed = mEsniUsed;
+nsSocketTransport::GetEchConfigUsed(bool* aEchConfigUsed) {
+  *aEchConfigUsed = mEchConfigUsed;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSocketTransport::SetEchConfig(const nsACString& aEchConfig) {
   mEchConfig = aEchConfig;
   return NS_OK;
 }
--- a/netwerk/base/nsSocketTransport2.h
+++ b/netwerk/base/nsSocketTransport2.h
@@ -322,23 +322,18 @@ class nsSocketTransport final : public n
 
   // this flag is used to determine if the results of a host lookup arrive
   // recursively or not.  this flag is not protected by any lock.
   bool mResolving;
 
   nsCOMPtr<nsICancelable> mDNSRequest;
   nsCOMPtr<nsIDNSAddrRecord> mDNSRecord;
 
-  nsresult mDNSLookupStatus;
-  PRIntervalTime mDNSARequestFinished;
-  nsCOMPtr<nsICancelable> mDNSTxtRequest;
-  nsCString mDNSRecordTxt;
   nsCString mEchConfig;
-  bool mEsniQueried;
-  bool mEsniUsed;
+  bool mEchConfigUsed = false;
   bool mResolvedByTRR;
 
   // mNetAddr/mSelfAddr is valid from GetPeerAddr()/GetSelfAddr() once we have
   // reached STATE_TRANSFERRING. It must not change after that.
   void SetSocketName(PRFileDesc* fd);
   NetAddr mNetAddr;
   NetAddr mSelfAddr;  // getsockname()
   Atomic<bool, Relaxed> mNetAddrIsSet;
--- a/netwerk/base/nsSocketTransportService2.cpp
+++ b/netwerk/base/nsSocketTransportService2.cpp
@@ -52,18 +52,16 @@ static Atomic<PRThread*, Relaxed> gSocke
 #define MAX_TIME_BETWEEN_TWO_POLLS \
   "network.sts.max_time_for_events_between_two_polls"
 #define POLL_BUSY_WAIT_PERIOD "network.sts.poll_busy_wait_period"
 #define POLL_BUSY_WAIT_PERIOD_TIMEOUT \
   "network.sts.poll_busy_wait_period_timeout"
 #define MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN \
   "network.sts.max_time_for_pr_close_during_shutdown"
 #define POLLABLE_EVENT_TIMEOUT "network.sts.pollable_event_timeout"
-#define ESNI_ENABLED "network.security.esni.enabled"
-#define ESNI_DISABLED_MITM "security.pki.mitm_detected"
 
 #define REPAIR_POLLABLE_EVENT_TIME 10
 
 uint32_t nsSocketTransportService::gMaxCount;
 PRCallOnceType nsSocketTransportService::gMaxCountInitOnce;
 
 // Utility functions
 bool OnSocketThread() { return PR_GetCurrentThread() == gSocketThread; }
@@ -146,18 +144,16 @@ nsSocketTransportService::nsSocketTransp
       mNetworkLinkChangeBusyWaitTimeout(PR_SecondsToInterval(7)),
       mSleepPhase(false),
       mProbedMaxCount(false)
 #if defined(XP_WIN)
       ,
       mPolling(false)
 #endif
       ,
-      mEsniEnabled(false),
-      mTrustedMitmDetected(false),
       mNotTrustedMitmDetected(false) {
   NS_ASSERTION(NS_IsMainThread(), "wrong thread");
 
   PR_CallOnce(&gMaxCountInitOnce, DiscoverMaxCount);
   mActiveList =
       (SocketContext*)moz_xmalloc(sizeof(SocketContext) * mActiveListSize);
   mIdleList =
       (SocketContext*)moz_xmalloc(sizeof(SocketContext) * mIdleListSize);
@@ -738,18 +734,16 @@ static const char* gCallbackPrefs[] = {
     SEND_BUFFER_PREF,
     KEEPALIVE_ENABLED_PREF,
     KEEPALIVE_IDLE_TIME_PREF,
     KEEPALIVE_RETRY_INTERVAL_PREF,
     KEEPALIVE_PROBE_COUNT_PREF,
     MAX_TIME_BETWEEN_TWO_POLLS,
     MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN,
     POLLABLE_EVENT_TIMEOUT,
-    ESNI_ENABLED,
-    ESNI_DISABLED_MITM,
     "network.socket.forcePort",
     nullptr,
 };
 
 /* static */
 void nsSocketTransportService::UpdatePrefs(const char* aPref, void* aSelf) {
   static_cast<nsSocketTransportService*>(aSelf)->UpdatePrefs();
 }
@@ -1512,28 +1506,16 @@ nsresult nsSocketTransportService::Updat
 
   int32_t pollableEventTimeout;
   rv = Preferences::GetInt(POLLABLE_EVENT_TIMEOUT, &pollableEventTimeout);
   if (NS_SUCCEEDED(rv) && pollableEventTimeout >= 0) {
     MutexAutoLock lock(mLock);
     mPollableEventTimeout = TimeDuration::FromSeconds(pollableEventTimeout);
   }
 
-  bool esniPref = false;
-  rv = Preferences::GetBool(ESNI_ENABLED, &esniPref);
-  if (NS_SUCCEEDED(rv)) {
-    mEsniEnabled = esniPref;
-  }
-
-  bool esniMitmPref = false;
-  rv = Preferences::GetBool(ESNI_DISABLED_MITM, &esniMitmPref);
-  if (NS_SUCCEEDED(rv)) {
-    mTrustedMitmDetected = esniMitmPref;
-  }
-
   nsAutoCString portMappingPref;
   rv = Preferences::GetCString("network.socket.forcePort", portMappingPref);
   if (NS_SUCCEEDED(rv)) {
     bool rv = UpdatePortRemapPreference(portMappingPref);
     if (!rv) {
       NS_ERROR(
           "network.socket.forcePort preference is ill-formed, this will likely "
           "make everything unexpectedly fail!");
--- a/netwerk/base/nsSocketTransportService2.h
+++ b/netwerk/base/nsSocketTransportService2.h
@@ -117,20 +117,16 @@ class nsSocketTransportService final : p
   uint64_t GetReceivedBytes() { return mReceivedBytesCount; }
 
   // Returns true if keepalives are enabled in prefs.
   bool IsKeepaliveEnabled() { return mKeepaliveEnabledPref; }
 
   bool IsTelemetryEnabledAndNotSleepPhase();
   PRIntervalTime MaxTimeForPrClosePref() { return mMaxTimeForPrClosePref; }
 
-  bool IsEsniEnabled() {
-    return mEsniEnabled && !mTrustedMitmDetected && !mNotTrustedMitmDetected;
-  }
-
   void SetNotTrustedMitmDetected() { mNotTrustedMitmDetected = true; }
 
   // According the preference value of `network.socket.forcePort` this method
   // possibly remaps the port number passed as the arg.
   void ApplyPortRemap(uint16_t* aPort);
 
   // Reads the preference string and updates (rewrites) the mPortRemapping
   // array on the socket thread.  Returns true if the whole pref string was
@@ -338,18 +334,16 @@ class nsSocketTransportService final : p
   void StartPollWatchdog();
   void DoPollRepair();
   void StartPolling();
   void EndPolling();
 #endif
 
   void TryRepairPollableEvent();
 
-  bool mEsniEnabled;
-  bool mTrustedMitmDetected;
   bool mNotTrustedMitmDetected;
 
   CopyableTArray<nsCOMPtr<nsISTSShutdownObserver>> mShutdownObservers;
 };
 
 extern nsSocketTransportService* gSocketTransportService;
 bool OnSocketThread();
 
--- a/netwerk/protocol/http/HalfOpenSocket.cpp
+++ b/netwerk/protocol/http/HalfOpenSocket.cpp
@@ -163,17 +163,17 @@ nsresult HalfOpenSocket::SetupStreams(ns
     tmpFlags |= nsISocketTransport::ANONYMOUS_CONNECT;
   }
 
   if (ci->GetPrivate() || ci->GetIsolated()) {
     tmpFlags |= nsISocketTransport::NO_PERMANENT_STORAGE;
   }
 
   if (ci->GetLessThanTls13()) {
-    tmpFlags |= nsISocketTransport::DONT_TRY_ESNI_OR_ECH;
+    tmpFlags |= nsISocketTransport::DONT_TRY_ECH;
   }
 
   if (((mCaps & NS_HTTP_BE_CONSERVATIVE) || ci->GetBeConservative()) &&
       gHttpHandler->ConnMgr()->BeConservativeIfProxied(ci->ProxyInfo())) {
     LOG(("Setting Socket to BE_CONSERVATIVE"));
     tmpFlags |= nsISocketTransport::BE_CONSERVATIVE;
   }
 
--- a/netwerk/protocol/http/HttpConnectionBase.cpp
+++ b/netwerk/protocol/http/HttpConnectionBase.cpp
@@ -12,21 +12,16 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
-#define ESNI_SUCCESSFUL 0
-#define ESNI_FAILED 1
-#define NO_ESNI_SUCCESSFUL 2
-#define NO_ESNI_FAILED 3
-
 #include "mozilla/Telemetry.h"
 #include "HttpConnectionBase.h"
 #include "nsHttpHandler.h"
 #include "nsIClassOfService.h"
 #include "nsIOService.h"
 #include "nsISocketTransport.h"
 
 namespace mozilla {
--- a/netwerk/protocol/http/HttpConnectionUDP.cpp
+++ b/netwerk/protocol/http/HttpConnectionUDP.cpp
@@ -12,21 +12,16 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
-#define ESNI_SUCCESSFUL 0
-#define ESNI_FAILED 1
-#define NO_ESNI_SUCCESSFUL 2
-#define NO_ESNI_FAILED 3
-
 #include "ASpdySession.h"
 #include "mozilla/ChaosMode.h"
 #include "mozilla/Telemetry.h"
 #include "HttpConnectionUDP.h"
 #include "nsHttpHandler.h"
 #include "nsHttpRequestHead.h"
 #include "nsHttpResponseHead.h"
 #include "nsIClassOfService.h"
--- a/netwerk/protocol/http/TunnelUtils.cpp
+++ b/netwerk/protocol/http/TunnelUtils.cpp
@@ -2054,19 +2054,19 @@ NS_IMETHODIMP
 SocketTransportShim::GetFirstRetryError(nsresult* aFirstRetryError) {
   if (mIsWebsocket) {
     LOG3(("WARNING: SocketTransportShim::GetFirstRetryError %p", this));
   }
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
-SocketTransportShim::GetEsniUsed(bool* aEsniUsed) {
+SocketTransportShim::GetEchConfigUsed(bool* aEchConfigUsed) {
   if (mIsWebsocket) {
-    LOG3(("WARNING: SocketTransportShim::GetEsniUsed %p", this));
+    LOG3(("WARNING: SocketTransportShim::GetEchConfigUsed %p", this));
   }
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
 SocketTransportShim::SetEchConfig(const nsACString& aEchConfig) {
   if (mIsWebsocket) {
     LOG3(("WARNING: SocketTransportShim::SetEchConfig %p", this));
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@@ -12,21 +12,16 @@
 #define LOG(args) LOG5(args)
 #undef LOG_ENABLED
 #define LOG_ENABLED() LOG5_ENABLED()
 
 #define TLS_EARLY_DATA_NOT_AVAILABLE 0
 #define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
 #define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
 
-#define ESNI_SUCCESSFUL 0
-#define ESNI_FAILED 1
-#define NO_ESNI_SUCCESSFUL 2
-#define NO_ESNI_FAILED 3
-
 #include "ASpdySession.h"
 #include "mozilla/ChaosMode.h"
 #include "mozilla/Telemetry.h"
 #include "nsHttpConnection.h"
 #include "nsHttpHandler.h"
 #include "nsHttpRequestHead.h"
 #include "nsHttpResponseHead.h"
 #include "nsIClassOfService.h"
@@ -438,18 +433,16 @@ bool nsHttpConnection::EnsureNPNComplete
     return true;
   }
 
   nsresult rv = NS_OK;
   nsCOMPtr<nsISupports> securityInfo;
   nsCOMPtr<nsITransportSecurityInfo> info;
   nsCOMPtr<nsISSLSocketControl> ssl;
   nsAutoCString negotiatedNPN;
-  // This is neede for telemetry
-  bool handshakeSucceeded = false;
 
   GetSecurityInfo(getter_AddRefs(securityInfo));
   if (!securityInfo) {
     goto npnComplete;
   }
 
   ssl = do_QueryInterface(securityInfo, &rv);
   if (NS_FAILED(rv)) goto npnComplete;
@@ -556,18 +549,16 @@ bool nsHttpConnection::EnsureNPNComplete
     return false;
   }
 
   if (NS_SUCCEEDED(rv)) {
     LOG1(("nsHttpConnection::EnsureNPNComplete %p [%s] negotiated to '%s'%s\n",
           this, mConnInfo->HashKey().get(), negotiatedNPN.get(),
           mTLSFilter ? " [Double Tunnel]" : ""));
 
-    handshakeSucceeded = true;
-
     int16_t tlsVersion;
     ssl->GetSSLVersionUsed(&tlsVersion);
     mConnInfo->SetLessThanTls13(
         (tlsVersion < nsISSLSocketControl::TLS_VERSION_1_3) &&
         (tlsVersion != nsISSLSocketControl::SSL_VERSION_UNKNOWN));
 
     bool earlyDataAccepted = false;
     if (mWaitingFor0RTTResponse) {
@@ -696,28 +687,16 @@ npnComplete:
     mUsingSpdyVersion = SpdyVersion::NONE;
     mTransaction = nullptr;
     mSpdySession = nullptr;
     // We have to reset this here, just in case we end up starting spdy again,
     // so it can actually do everything it needs to do.
     mDid0RTTSpdy = false;
   }
 
-  if (ssl) {
-    // Telemetry for tls failure rate with and without esni;
-    bool esni = false;
-    if (NS_SUCCEEDED(mSocketTransport->GetEsniUsed(&esni))) {
-      Telemetry::Accumulate(
-          Telemetry::ESNI_NOESNI_TLS_SUCCESS_RATE,
-          (esni)
-              ? ((handshakeSucceeded) ? ESNI_SUCCESSFUL : ESNI_FAILED)
-              : ((handshakeSucceeded) ? NO_ESNI_SUCCESSFUL : NO_ESNI_FAILED));
-    }
-  }
-
   if (rv == psm::GetXPCOMFromNSSError(
                 mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED)) {
     gSocketTransportService->SetNotTrustedMitmDetected();
   }
   return true;
 }
 
 nsresult nsHttpConnection::OnTunnelNudged(TLSFilterTransaction* trans) {
rename from netwerk/test/unit/test_esni_dns_fetch.js
rename to netwerk/test/unit/test_dns_by_type_resolve.js
--- a/netwerk/test/unit/test_esni_dns_fetch.js
+++ b/netwerk/test/unit/test_dns_by_type_resolve.js
@@ -27,17 +27,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -56,17 +55,16 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
-  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
@@ -96,17 +94,17 @@ class DNSListener {
     return this.promise.then.apply(this.promise, arguments);
   }
 }
 
 DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
   "nsIDNSListener",
 ]);
 
-add_task(async function testEsniRequest() {
+add_task(async function testTXTResolve() {
   // use the h2 server as DOH provider
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
 
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
@@ -123,21 +121,21 @@ add_task(async function testEsniRequest(
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-// verify esni record pushed on a A record request
-add_task(async function testEsniPushPart1() {
+// verify TXT record pushed on a A record request
+add_task(async function testTXTRecordPushPart1() {
   prefs.setCharPref(
     "network.trr.uri",
-    "https://foo.example.com:" + h2Port + "/esni-dns-push"
+    "https://foo.example.com:" + h2Port + "/txt-dns-push"
   );
   let listenerAddr = new DNSListener();
   let request = dns.asyncResolve(
     "_esni_push.example.com",
     dns.RESOLVE_TYPE_DEFAULT,
     0,
     null, // resolverInfo
     listenerAddr,
@@ -148,18 +146,18 @@ add_task(async function testEsniPushPart
   let [inRequest, inRecord, inStatus] = await listenerAddr;
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
   let answer = inRecord.getNextAddrAsString();
   Assert.equal(answer, test_answer_addr, "got correct answer");
 });
 
-// verify the esni pushed record
-add_task(async function testEsniPushPart2() {
+// verify the TXT pushed record
+add_task(async function testTXTRecordPushPart2() {
   // At this point the second host name should've been pushed and we can resolve it using
   // cache only. Set back the URI to a path that fails.
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/404"
   );
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
@@ -176,17 +174,17 @@ add_task(async function testEsniPushPart
   Assert.equal(inRequest, request, "correct request was used");
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-add_task(async function testEsniHTTPSSVC() {
+add_task(async function testHTTPSSVCResolve() {
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "httpssvc_esni.example.com",
     dns.RESOLVE_TYPE_HTTPSSVC,
--- a/netwerk/test/unit/test_httpssvc_iphint.js
+++ b/netwerk/test/unit/test_httpssvc_iphint.js
@@ -30,17 +30,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -62,17 +61,16 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
-  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_httpssvc_priority.js
+++ b/netwerk/test/unit/test_httpssvc_priority.js
@@ -29,17 +29,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -58,17 +57,16 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
-  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_trr_httpssvc.js
+++ b/netwerk/test/unit/test_trr_httpssvc.js
@@ -34,17 +34,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -64,17 +63,16 @@ function setup() {
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 if (!inChildProcess()) {
   setup();
   registerCleanupFunction(() => {
-    prefs.clearUserPref("network.security.esni.enabled");
     prefs.clearUserPref("network.http.spdy.enabled");
     prefs.clearUserPref("network.http.spdy.enabled.http2");
     prefs.clearUserPref("network.dns.localDomains");
     prefs.clearUserPref("network.dns.native-is-localhost");
     prefs.clearUserPref("network.trr.mode");
     prefs.clearUserPref("network.trr.uri");
     prefs.clearUserPref("network.trr.credentials");
     prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/test_use_httpssvc.js
+++ b/netwerk/test/unit/test_use_httpssvc.js
@@ -30,17 +30,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -62,17 +61,16 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
-  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@@ -403,17 +403,17 @@ run-sequentially = node server exception
 skip-if = appname == "thunderbird"
 [test_ioservice.js]
 [test_substituting_protocol_handler.js]
 [test_proxyconnect.js]
 skip-if = tsan || socketprocess_networking # Bug 1614708
 [test_captive_portal_service.js]
 run-sequentially = node server exceptions dont replay well
 skip-if = socketprocess_networking
-[test_esni_dns_fetch.js]
+[test_dns_by_type_resolve.js]
 [test_network_connectivity_service.js]
 [test_suspend_channel_on_authRetry.js]
 [test_suspend_channel_on_examine_merged_response.js]
 [test_bug1527293.js]
 [test_stale-while-revalidate_negative.js]
 [test_stale-while-revalidate_positive.js]
 [test_stale-while-revalidate_loop.js]
 [test_stale-while-revalidate_max-age-0.js]
rename from netwerk/test/unit_ipc/child_esni_dns_fetch1.js
rename to netwerk/test/unit_ipc/child_dns_by_type_resolve.js
--- a/netwerk/test/unit_ipc/child_esni_dns_fetch1.js
+++ b/netwerk/test/unit_ipc/child_dns_by_type_resolve.js
@@ -27,17 +27,17 @@ class DNSListener {
     return this.promise.then.apply(this.promise, arguments);
   }
 }
 
 DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
   "nsIDNSListener",
 ]);
 
-add_task(async function testEsniRequest() {
+add_task(async function testTXTResolve() {
   // use the h2 server as DOH provider
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "_esni.example.com",
     dns.RESOLVE_TYPE_TXT,
     0,
     null, // resolverInfo
     listenerEsni,
@@ -49,17 +49,17 @@ add_task(async function testEsniRequest(
   Assert.equal(inStatus, Cr.NS_OK, "status OK");
   Assert.equal(inRequest, request, "correct request was used");
   let answer = inRecord
     .QueryInterface(Ci.nsIDNSTXTRecord)
     .getRecordsAsOneString();
   Assert.equal(answer, test_answer, "got correct answer");
 });
 
-add_task(async function testEsniHTTPSSVC() {
+add_task(async function testHTTPSSVCResolve() {
   // use the h2 server as DOH provider
   let listenerEsni = new DNSListener();
   let request = dns.asyncResolve(
     "httpssvc_esni.example.com",
     dns.RESOLVE_TYPE_HTTPSSVC,
     0,
     null, // resolverInfo
     listenerEsni,
rename from netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
rename to netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
--- a/netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
+++ b/netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
@@ -10,17 +10,16 @@ function setup() {
   h2Port = env.get("MOZHTTP2_PORT");
   Assert.notEqual(h2Port, null);
   Assert.notEqual(h2Port, "");
 
   // Set to allow the cert presented by our H2 server
   do_get_profile();
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
-  prefs.setBoolPref("network.security.esni.enabled", false);
   prefs.setBoolPref("network.http.spdy.enabled", true);
   prefs.setBoolPref("network.http.spdy.enabled.http2", true);
   // the TRR server is on 127.0.0.1
   prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
 
   // make all native resolve calls "secretly" resolve localhost instead
   prefs.setBoolPref("network.dns.native-is-localhost", true);
 
@@ -39,17 +38,16 @@ function setup() {
   const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
   );
   addCertFromFile(certdb, "../unit/http2-ca.pem", "CTu,u,u");
 }
 
 setup();
 registerCleanupFunction(() => {
-  prefs.clearUserPref("network.security.esni.enabled");
   prefs.clearUserPref("network.http.spdy.enabled");
   prefs.clearUserPref("network.http.spdy.enabled.http2");
   prefs.clearUserPref("network.dns.localDomains");
   prefs.clearUserPref("network.dns.native-is-localhost");
   prefs.clearUserPref("network.trr.mode");
   prefs.clearUserPref("network.trr.uri");
   prefs.clearUserPref("network.trr.credentials");
   prefs.clearUserPref("network.trr.wait-for-portal");
@@ -62,10 +60,10 @@ registerCleanupFunction(() => {
   prefs.clearUserPref("network.trr.clear-cache-on-pref-change");
 });
 
 function run_test() {
   prefs.setCharPref(
     "network.trr.uri",
     "https://foo.example.com:" + h2Port + "/doh"
   );
-  run_test_in_child("child_esni_dns_fetch1.js");
+  run_test_in_child("child_dns_by_type_resolve.js");
 }
--- a/netwerk/test/unit_ipc/xpcshell.ini
+++ b/netwerk/test/unit_ipc/xpcshell.ini
@@ -56,17 +56,17 @@ support-files =
   !/netwerk/test/unit/test_alt-data_closeWithStatus.js
   !/netwerk/test/unit/test_channel_priority.js
   !/netwerk/test/unit/test_multipart_streamconv.js
   !/netwerk/test/unit/test_original_sent_received_head.js
   !/netwerk/test/unit/test_alt-data_cross_process.js
   !/netwerk/test/unit/test_httpcancel.js
   !/netwerk/test/unit/test_trr_httpssvc.js
   child_cookie_header.js
-  child_esni_dns_fetch1.js
+  child_dns_by_type_resolve.js
 
 [test_cookie_header_stripped.js]
 [test_cacheflags_wrap.js]
 [test_cache-entry-id_wrap.js]
 [test_cache_jar_wrap.js]
 [test_channel_close_wrap.js]
 [test_cookiejars_wrap.js]
 [test_dns_cancel_wrap.js]
@@ -103,11 +103,11 @@ skip-if = true
 [test_original_sent_received_head_wrap.js]
 [test_channel_id.js]
 [test_trackingProtection_annotateChannels_wrap1.js]
 [test_trackingProtection_annotateChannels_wrap2.js]
 [test_channel_priority_wrap.js]
 [test_multipart_streamconv_wrap.js]
 [test_alt-data_cross_process_wrap.js]
 [test_httpcancel_wrap.js]
-[test_esni_dns_fetch_wrap.js]
+[test_dns_by_type_resolve_wrap.js]
 [test_trr_httpssvc_wrap.js]
 skip-if = os == "android"
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -717,17 +717,17 @@ function handleRequest(req, res) {
           name: u.query.hostname ? u.query.hostname : packet.questions[0].name,
           ttl: 55,
           type: responseType(),
           flush: false,
           data: responseData(),
         });
       }
 
-      // for use with test_esni_dns_fetch.js
+      // for use with test_dns_by_type_resolve.js
       if (packet.questions[0].type == "TXT") {
         answers.push({
           name: packet.questions[0].name,
           type: packet.questions[0].type,
           ttl: 55,
           class: "IN",
           flush: false,
           data: Buffer.from(
@@ -1031,18 +1031,18 @@ function handleRequest(req, res) {
     res.writeHead(200);
     res.write(rContent);
     res.end("");
     return;
   } else if (u.pathname === "/dns-750ms") {
     // it's just meant to be this slow - the test doesn't care about the actual response
     return;
   }
-  // for use with test_esni_dns_fetch.js
-  else if (u.pathname === "/esni-dns-push") {
+  // for use with test_dns_by_type_resolve.js
+  else if (u.pathname === "/txt-dns-push") {
     // _esni_push.example.com has A entry 127.0.0.1
     let rContent = Buffer.from(
       "0000010000010001000000000A5F65736E695F70757368076578616D706C6503636F6D0000010001C00C000100010000003700047F000001",
       "hex"
     );
 
     // _esni_push.example.com has TXT entry 2062586B67646D39705932556761584D6762586B676347467A63336476636D513D
     var pcontent = Buffer.from(
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -2632,49 +2632,16 @@
     "kind": "exponential",
     "high": 60000,
     "n_buckets": 100,
     "description": "Amount of bytes sent using TLS early data at the start of a TLS connection for a given channel.",
     "alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
     "bug_numbers": [1296288, 1654309],
     "releaseChannelCollection": "opt-out"
   },
-  "ESNI_KEYS_RECORD_FETCH_DELAYS": {
-    "record_in_processes": ["main"],
-    "products": ["firefox", "fennec"],
-    "expires_in_version": "70",
-    "kind": "exponential",
-    "high": 60000,
-    "n_buckets": 100,
-    "description": "Added delays caused the esni keys fetching.(ms)",
-    "alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
-    "bug_numbers": [1473736],
-    "releaseChannelCollection": "opt-out"
-  },
-  "ESNI_KEYS_RECORDS_FOUND": {
-    "record_in_processes": ["main"],
-    "products": ["firefox", "fennec"],
-    "expires_in_version": "70",
-    "kind": "boolean",
-    "description": "ESNI Keys found rate.",
-    "alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
-    "bug_numbers": [1473736],
-    "releaseChannelCollection": "opt-out"
-  },
-  "ESNI_NOESNI_TLS_SUCCESS_RATE": {
-    "record_in_processes": ["main"],
-    "products": ["firefox", "fennec"],
-    "expires_in_version": "70",
-    "kind": "categorical",
-    "labels": ["EsniTLSSucceeded", "EsniTLSFailed", "NoEsniTLSSucceeded", "NoEsniTLSFailed"],
-    "description": "TLS handshake with and without esni success rate.",
-    "alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
-    "bug_numbers": [1473736],
-    "releaseChannelCollection": "opt-out"
-  },
   "SSL_HANDSHAKE_VERSION": {
     "record_in_processes": ["main", "content"],
     "products": ["firefox", "fennec"],
     "alert_emails": ["seceng-telemetry@mozilla.com"],
     "bug_numbers": [1250568,1340021],
     "releaseChannelCollection": "opt-out",
     "expires_in_version": "never",
     "kind": "enumerated",
--- a/tools/lint/rejected-words.yml
+++ b/tools/lint/rejected-words.yml
@@ -237,24 +237,24 @@ avoid-blacklist-and-whitelist:
         - netwerk/protocol/http/nsHttpHandler.h
         - netwerk/protocol/http/TRRServiceChannel.cpp
         - netwerk/protocol/res/ExtensionProtocolHandler.cpp
         - netwerk/protocol/viewsource/nsViewSourceChannel.cpp
         - netwerk/protocol/websocket/BaseWebSocketChannel.cpp
         - netwerk/socket/nsSOCKSSocketProvider.cpp
         - netwerk/test/gtest/TestCookie.cpp
         - netwerk/test/unit/head_trr.js
-        - netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
+        - netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
         - netwerk/test/unit_ipc/test_trr_httpssvc_wrap.js
         - netwerk/test/unit/test_bug396389.js
         - netwerk/test/unit/test_bug427957.js
         - netwerk/test/unit/test_bug464591.js
         - netwerk/test/unit/test_bug479413.js
         - netwerk/test/unit/test_cookie_blacklist.js
-        - netwerk/test/unit/test_esni_dns_fetch.js
+        - netwerk/test/unit/test_dns_by_type_resolve.js
         - netwerk/test/unit/test_idn_blacklist.js
         - netwerk/test/unit/test_idn_urls.js
         - netwerk/test/unit/test_trr_httpssvc.js
         - netwerk/test/unit/test_trr.js
         - netwerk/test/unit/test_use_httpssvc.js
         - netwerk/url-classifier/AsyncUrlChannelClassifier.cpp
         - netwerk/url-classifier/nsChannelClassifier.cpp
         - netwerk/url-classifier/nsChannelClassifier.h