Search completed in 0.89 seconds.
102 results for "dns":
Your results are loading. Please wait...
Using dns-prefetch - Web Performance
dns-prefetch is an attempt to resolve domain names before resources get requested.
... why use dns-prefetch?
...this process is known as dns resolution.
...And 14 more matches
nsIDNSService
netwerk/dns/nsidnsservice.idlscriptable provides domain name resolution service.
... inherits from: nsisupports last changed in gecko 1.9.1 (firefox 3.5 / thunderbird 3.0 / seamonkey 2.0) implemented by: @mozilla.org/network/dns-service;1.
... to access the service, use: var dnsservice = components.classes["@mozilla.org/network/dns-service;1"] .createinstance(components.interfaces.nsidnsservice); note: starting in gecko 7.0, the "happy eyeballs" strategy is used to reduce lengthy timeouts when attempting backup connections during attempts to connect from clients that have broken ipv6 connectivity.
...And 11 more matches
X-DNS-Prefetch-Control - HTTP
the x-dns-prefetch-control http response header controls dns prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as urls for items referenced by the document, including images, css, javascript, and so forth.
... this prefetching is performed in the background, so that the dns is likely to have been resolved by the time the referenced items are needed.
... header type response header forbidden header name no syntax x-dns-prefetch-control: on x-dns-prefetch-control: off directives on enables dns prefetching.
...And 8 more matches
DNS - MDN Web Docs Glossary: Definitions of Web-related terms
dns (domain name system) is a hierarchical and decentralized naming system for internet connected resources.
... dns maintains a list of domain names along with the resources, such as ip addresses, that are associated with them.
... the most prominent function of dns is the translation of human-friendly domain names (such as mozilla.org) to a numeric ip address (such as 151.106.5.172); this process of mapping a domain name to the appropriate ip address is known as a dns lookup.
... by contrast, a reverse dns lookup (rdns) is used to determine the domain name associated with an ip address.
nsIDNSListener
netwerk/dns/nsidnslistener.idlscriptable please add a summary to this article.
... inherits from: nsisupports last changed in gecko 1.7 method overview void onlookupcomplete(in nsicancelable arequest, in nsidnsrecord arecord, in nsresult astatus); methods onlookupcomplete() called when an asynchronous host lookup completes.
... void onlookupcomplete( in nsicancelable arequest, in nsidnsrecord arecord, in nsresult astatus ); parameters arequest the value returned from asyncresolve.
... arecord the dns record corresponding to the hostname that was resolved.
Link types: dns-prefetch - HTML: Hypertext Markup Language
the dns-prefetch keyword for the rel attribute of the <link> element is a hint to browsers that the user is likely to need resources from the target resource's origin, and therefore the browser can likely improve the user experience by preemptively performing dns resolution for that origin.
... see using dns-prefetch for more details.
... specifications specification status comment html living standardthe definition of 'dns-prefetch' in that specification.
nsIDNSRecord
netwerk/dns/nsidnsrecord.idlscriptable this interface represents the result of a dns lookup.
... since a dns query may return more than one resolved ip address, the record acts like an enumerator, allowing the caller to easily step through the list of ip addresses.
nsIDNSRequest
netwerk/dns/nsidnsrequest.idlscriptable please add a summary to this article.
... inherits from: nsisupports last changed in gecko 1.7 method overview void cancel(); methods cancel() called to cancel a pending asynchronous dns request.
nsIIDNService
netwerk/dns/nsiidnservice.idlscriptable this interface provides support for internationalized domain names, including methods for manipulating idn hostnames according to ietf specification.
... inherits from: nsisupports last changed in gecko 1.9 (firefox 3) implemented by: @mozilla.org/network/idn-service;1 as a service: var idnservice = components.classes["@mozilla.org/network/idn-service;1"] .getservice(components.interfaces.nsiidnservice); method overview autf8string convertacetoutf8(in acstring input); autf8string converttodisplayidn(in autf8string input, out boolean isascii); acstring convertutf8toace(in autf8string input); boolean isace(in acstring input); autf8string normalize(in autf8string input); methods convertacetoutf8() converts an ace (ascii compatible encoding) hostname into unicode format, returning a utf-8 format string.
Index
defined options include an rfc822 name (electronic mail address), a dns name, an ip address, and a uri.
...for the most basic case, simply upload the library: modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] for example: modutil -dbdir sql:/home/my/sharednssdb -add "example pkcs #11 module" -libfile "/tmp/crypto.so" -mechanisms rsa:dsa:rc2:random using database directory ...
... modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb this installation jar file was signed by: ---------------------------------------------- **subject name** c=us, st=california, l=mountain view, cn=cryptorific inc., ou=digital id class 3 - netscape object signing, ou="www.verisign.com/repository/cps incorp.
...And 30 more matches
NSS tools : certutil
-8 dns-names add a comma-separated list of dns names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database.
... for example: $ certutil -r -k ec -q nistb409 -g 512 -s "cn=john smith,o=example corp, l=mountain view,st=california,c=us" -d sql:/home/my/sharednssdb -p 650-5 55-0123 -a -o cert.cer generating key.
... $ certutil -s -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t tr ustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offs et-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailaddress] [-8 dns-names] [--extaia] [--extsia] [--extcp] [--extpm] [ --extpc] [--extia] [--extskid] the series of numbers and --ext* options set certificate extensions that can be added to the certificate when it is generated by the ca.
...And 15 more matches
certutil
-8 dns-names add a comma-separated list of dns names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database.
... for example: $ certutil -r -k ec -q nistb409 -g 512 -s "cn=john smith,o=example corp,l=mountain view,st=california,c=us" -d sql:/home/my/sharednssdb -p 650-555-0123 -a -o cert.cer generating key.
... $ certutil -s -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailaddress] [-8 dns-names] [--extaia] [--extsia] [--extcp] [--extpm] [--extpc] [--extia] [--extskid] the series of numbers and --ext* options set certificate extensions that can be added to the certificate when it is generated by the ca.
...And 15 more matches
Proxy Auto-Configuration (PAC) file - HTTP
(of course, the javascripts must be edited to reflect your site's domain name and/or subnets.) predefined functions and environment these functions can be used in building the pac file: hostname based conditions isplainhostname() dnsdomainis() localhostordomainis() isresolvable() isinnet() related utility functions dnsresolve() convert_addr() myipaddress() dnsdomainlevels() url/hostname based conditions shexpmatch() time based conditions weekdayrange() daterange() timerange() logging utility alert() there was one associative array (object) already d...
... examples isplainhostname("www.mozilla.org") // false isplainhostname("www") // true dnsdomainis() syntax dnsdomainis(host, domain) parameters host is the hostname from the url.
... examples dnsdomainis("www.mozilla.org", ".mozilla.org") // true dnsdomainis("www", ".mozilla.org") // false localhostordomainis() syntax localhostordomainis(host, hostdom) parameters host the hostname from the url.
...And 15 more matches
XPCOM Interface Reference
rormozistoragefunctionmozistoragependingstatementmozistorageprogresshandlermozistorageresultsetmozistoragerowmozistorageservicemozistoragestatementmozistoragestatementcallbackmozistoragestatementparamsmozistoragestatementrowmozistoragestatementwrappermozistoragevacuumparticipantmozistoragevaluearraymozitxttohtmlconvmozithirdpartyutilmozivisitinfomozivisitinfocallbackmozivisitstatuscallbacknsiabcardnsiaboutmodulensiabstractworkernsiaccelerometerupdatensiaccessnodensiaccessibilityservicensiaccessiblensiaccessiblecaretmoveeventnsiaccessiblecoordinatetypensiaccessibledocumentnsiaccessibleeditabletextnsiaccessibleeventnsiaccessiblehyperlinknsiaccessiblehypertextnsiaccessibleimagensiaccessibleprovidernsiaccessiblerelationnsiaccessibleretrievalnsiaccessiblerolensiaccessiblescrolltypensiaccessiblesel...
...iasyncoutputstreamnsiasyncstreamcopiernsiasyncverifyredirectcallbacknsiauthinformationnsiauthmodulensiauthpromptnsiauthprompt2nsiauthpromptadapterfactorynsiauthpromptcallbacknsiauthpromptprovidernsiauthpromptwrappernsiautocompletecontrollernsiautocompleteinputnsiautocompleteitemnsiautocompletelistenernsiautocompleteobservernsiautocompleteresultnsiautocompletesearchnsibadcertlistener2nsibidikeyboardnsibinaryinputstreamnsibinaryoutputstreamnsiblocklistpromptnsiblocklistservicensiboxobjectnsibrowserboxobjectnsibrowserhistorynsibrowsersearchservicensicrlinfonsicrlmanagernsicachensicachedeviceinfonsicacheentrydescriptornsicacheentryinfonsicachelistenernsicachemetadatavisitornsicacheservicensicachesessionnsicachevisitornsicachingchannelnsicancelablensicategorymanagernsichannelnsichanneleventsinknsi...
...channelpolicynsicharsetresolvernsichromeframemessagemanagernsichromeregistrynsiclassinfonsiclipboardnsiclipboardcommandsnsiclipboarddragdrophooklistnsiclipboarddragdrophooksnsiclipboardhelpernsiclipboardownernsicollectionnsicommandcontrollernsicommandlinensicommandlinehandlernsicommandlinerunnernsicomponentmanagernsicomponentregistrarnsicompositionstringsynthesizernsiconsolelistenernsiconsolemessagensiconsoleservicensicontainerboxobjectnsicontentframemessagemanagernsicontentprefnsicontentprefcallback2nsicontentprefobservernsicontentprefservicensicontentprefservice2nsicontentsecuritypolicynsicontentsniffernsicontentviewnsicontentviewmanagernsicontentviewernsicontrollernsicontrollersnsiconverterinputstreamnsiconverteroutputstreamnsicookiensicookie2nsicookieacceptdialognsicookieconsentnsicookiem...
...And 10 more matches
What is a Domain Name? - Learn web development
(r37-lror) sponsoring registrar iana id: 292 whois server: referral url: domain status: clientdeleteprohibited domain status: clienttransferprohibited domain status: clientupdateprohibited registrant id:mmr-33684 registrant name:dns admin registrant organization:mozilla foundation registrant street: 650 castro st ste 300 registrant city:mountain view registrant state/province:ca registrant postal code:94041 registrant country:us registrant phone:+1.6509030800 as you can see, i can't register mozilla.org because the mozilla foundation has already registered it.
...within a few hours, all dns servers will have received your dns information.
... dns refreshing dns databases are stored on every dns server worldwide, and all these servers refer to a few special servers called “authoritative name servers” or “top-level dns servers.” — these are like the boss servers that manage the system.
...And 7 more matches
NSS tools : modutil
for the most basic case, simply upload the library: modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] for example: modutil -dbdir sql:/home/my/sharednssdb -add "example pkcs #11 module" -libfile "/tmp/crypto.so" -mechanisms rsa:dsa:rc2:random using database directory ...
... modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb this installation jar file was signed by: ---------------------------------------------- **subject name** c=us, st=california, l=mountain view, cn=cryptorific inc., ou=digital id class 3 - netscape object signing, ou="www.verisign.com/repository/cps incorp.
...for example: modutil -list -dbdir sql:/home/my/sharednssdb listing of pkcs #11 modules ----------------------------------------------------------- 1.
...And 6 more matches
NSS tools : modutil
MozillaProjectsNSStoolsmodutil
for the most basic case, simply upload the library: modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] for example: modutil -dbdir sql:/home/my/sharednssdb -add "example pkcs #11 module" -libfile "/tmp/crypto.so" -mechanisms rsa:dsa:rc2:random using database directory ...
... modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb this installation jar file was signed by: ---------------------------------------------- **subject name** c=us, st=california, l=mountain view, cn=cryptorific inc., ou=digital id class 3 - netscape object signing, ou="www.verisign.com/repository/cps incorp.
...for example: modutil -list -dbdir sql:/home/my/sharednssdb listing of pkcs #11 modules ----------------------------------------------------------- 1.
...And 6 more matches
Populating the page: how browsers work - Web Performance
dns lookup the first step of navigating to a web page is finding where the assets for that page are located.
...if you’ve never visited this site, a dns lookup must happen.
... your browser requests a dns lookup, which is eventually fielded by a name server, which in turn responds with an ip address.
...And 6 more matches
Subdomain takeovers - Web security
typically, this happens when the subdomain has a canonical name (cname) in the domain name system (dns), but no host is providing content for it.
...you must cut power at the breaker or fuse box (dns) to prevent the outlet from being used by someone else.
... you set up dns records to direct browsers that want to access blog.example.com so that they go to the virtual host.
...And 6 more matches
Index - MDN Web Docs Glossary: Definitions of Web-related terms
7 arpa glossary, infrastructure .arpa (address and routing parameter area) is a top-level domain used for internet infrastructure purposes, especially reverse dns lookup (i.e., find the domain name for a given ip address).
...cdns make for fast service less affected by high traffic.
... 101 dns dns, domain name system, glossary, infrastructure dns (domain name system) is a hierarchical and decentralized naming system for internet connected resources.
...And 4 more matches
nsIEffectiveTLDService
netwerk/dns/nsieffectivetldservice.idlscriptable this is an interface that examines a hostname and determines the longest portion that should be treated as though it were a top-level domain (tld).
...that question is unanswerable with 100% accuracy using the psl, because what is a domain name is a property of the dns, which is different for different people.
... ns_error_unexpected or other error returned by nsiidnservice.normalize() when the hostname contains characters disallowed in uris.
...And 3 more matches
Navigation and resource timings - Web Performance
with the metrics above, and a little bit of math, we can calculate many important metrics like time to first byte, page load time, dns lookup, and whether the connection is secure.
... calculating timings we can use these values to measure specific timings of interest: let dns = time.domainlookupend - time.domainlookupstart, tcp = time.connectend - time.connectstart, ssl != time.secureconnectionstart, time to first byte time to first byte is the time between the navigationstart (start of the navigation) and responsestart, (when the first byte of response data is received) available in the performancetiming api: let ttfb = time.responsestart - time.navigati...
... let pageloadtime = time.loadeventstart - time.navigationstart; dns lookup time the dns lookup time is the time between domainlookupstart and domainlookupend.
...And 3 more matches
Index
MozillaTechXPCOMIndex
to create an instance, use: 465 nsidnslistener interfaces, interfaces:scriptable, xpcom, xpcom interface reference called when an asynchronous host lookup completes.
... 466 nsidnsrecord interfaces, interfaces:scriptable, xpcom, xpcom interface reference this function copies the value of the next ip address into the given prnetaddr struct and increments the internal address iterator.
... 467 nsidnsrequest interfaces, interfaces:scriptable, xpcom, xpcom interface reference called to cancel a pending asynchronous dns request.
...And 2 more matches
Autoconfiguration in Thunderbird
for example, for the email address fred@example.com , the lookup is performed as (in this order): tb-install-dir/isp/example.com.xml on the harddisk check for autoconfig.example.com look up of "example.com" in the ispdb look up "mx example.com" in dns, and for mx1.mail.hoster.com, look up "hoster.com" in the ispdb try to guess (imap.example.com, smtp.example.com etc.) we may add dns srv records as supported mechanism in the future, but we currently do not.
...you are "hoster.com", but your customers have "fred@flintstone.com" and "louis@kent.com" as domains, with only a few users per domain, you need to set up a configuration server (or rely on dns mx).
... dns for each customer domain, you add a dns record (in addition to the existing mx, a www etc.
...And 2 more matches
Using the Resource Timing API - Web APIs
the interface's properties create a resource loading timeline with high-resolution timestamps for network events such as redirect start and end times, fetch start, dns lookup start and end times, response start and end times, etc.
... resource loading phases an application can get timestamps for the various phases of resource loading such as redirection, dns lookup, and tcp connection setup.
... timing resource loading phases the following example illustrates using the resource timing properties to calculate the amount of time the following phases take: redirection (redirectstart and redirectend ), dns lookup (domainlookupstart and domainlookupend), tcp handshake (connectstart and connectend), and response (responsestart and responseend).
...And 2 more matches
CDN - MDN Web Docs Glossary: Definitions of Web-related terms
cdns make for fast service less affected by high traffic.
... cdns are used widely for delivering stylesheets and javascript files (static assets) of libraries like bootstrap, jquery etc.
... most cdns have servers all over the globe, so cdn servers may be geographically nearer to your users than your own servers.
... cdns are already configured with proper cache settings.
Prefetch - MDN Web Docs Glossary: Definitions of Web-related terms
dns prefetching domain lookups can be slow, especially with network latency on mobile phones.
... they are most relevant when there are a plethora of links to external websites that may be clicked on, like search engine results, dns prefetching resolves domain names in advance thereby speeding up load times by reducing the time associated with domain lookup at request time.
... <link rel="dns-prefetch" href="https://example.com/"> link prefetching link prefetching is a performance optimization technique that works by assuming which links the user is likely to click, then downloading the content of those links.
... the prefetch hints are sent in http headers: link: ; rel=dns-prefetch, ; as=script; rel=preload, ; rel=prerender, ; as=style; rel=preload prefetch attribute value browsers will prefetch content when the prefetch <link> tag directs it to, giving the developer control over what resources should be prefetched.
How the Web works - Learn web development
dns: domain name servers are like an address book for websites.
... when you type a web address in your browser, the browser looks at the dns to find the website's real address before it can retrieve the website.
... when you type a web address into your browser (for our analogy that's like walking to the shop): the browser goes to the dns server, and finds the real address of the server that the website lives on (you find the address of the shop).
... dns explained real web addresses aren't the nice, memorable strings you type into your address bar to find your favorite websites.
A Web PKI x509 certificate primer
subject alternate name this extension defines what other names (such as dns names) are valid for this certificate.
...write extensions file by creating a new file with name openssl.ss.cnf with the following contents: basicconstraints = ca:false subjectaltname =dns:www.example.com extendedkeyusage =serverauth 4.
... write extensions file (openssl.root.cnf) basicconstraints = critical, ca:true keyusage = keycertsign, crlsign subjectkeyidentifier = hash nameconstraints = permitted;dns:example.com,permitted;dns:example.net self-sign csr (using sha256) and append the extensions described in the file "openssl x509 -req -sha256 -days 3650 -in root.csr -signkey rootkey.pem -set_serial $any_small_integer -extfile openssl.root.cnf -out root.pem" now you have ca pem file with its associated key.
... write extensions file (make a new file with name openssl.ss.cnf with the following contents) basicconstraints = ca:false subjectaltname =dns:www.example.com extendedkeyusage =serverauth authorityinfoaccess = ocsp;uri:http://ocsp.example.com:80/ intermediate signs the csr (using sha256) and appends the extensions described in the file "openssl x509 -req -sha256 -days 1096 -in example.csr -cakey intkey.pem -ca int.pem -set_serial $some_large_integer -out www.example.com.pem -extfile openssl.int.cnf" security not...
HTML attribute: rel - HTML: Hypertext Markup Language
WebHTMLAttributesrel
link not allowed not allowed dns-prefetch tells the browser to preemptively perform dns resolution for the target resource's origin external resource not allowed not allowed external referenced document is not part of the same site as the current document.
... dns-prefetch relevant for the <link> element both in the <body> and <head>, it tells the browser to preemptively perform dns resolution for the target resource's origin.
... useful for resources the user will likely need, it helps reduce latency and thereby improves performance when the user does access the resources as the browser preemptively performed dns resolution for the origin of the specified resource.
... see dns-prefetch described in resource hints.
Network Error Logging - HTTP
e": "network-error", "url": "https://example.com/previous-page", "body": { "elapsed_time": 338, "method": "post", "phase": "application", "protocol": "http/1.1", "referrer": "https://example.com/previous-page", "sampling_fraction": 1, "server_ip": "137.205.28.66", "status_code": 400, "type": "http.error", "url": "https://example.com/bad-request" } } dns name not resolved note that the phase is set to dns in this report and no server_ip is available to include.
... { "age": 20, "type": "network-error", "url": "https://example.com/previous-page", "body": { "elapsed_time": 18, "method": "post", "phase": "dns", "protocol": "http/1.1", "referrer": "https://example.com/previous-page", "sampling_fraction": 1, "server_ip": "", "status_code": 0, "type": "dns.name_not_resolved", "url": "https://example-host.com/" } } the type of the network error may be one of the following pre-defined values from the specification, but browsers can add and send their own error types: dns.unreachable the user's dns server is unreachable dns.name_not_resolved the user's dns server responded but was unable to resolve an ip address for the requested uri.
... dns.failed request to the dns server failed due to reasons not covered by previous errors (e.g.
... servfail) dns.address_changed for security reasons, if the server ip address that delivered the original report is different to the current server ip address at time of error generation, the report data will be downgraded to only include information about this problem and the type set to dns.address_changed.
Understanding latency - Web Performance
on a first request, for the first 14kb bytes, latency is longer because it includes a dns lookup, a tcp handshake, the secure tls negotiation.
... dns resolution is the time it took to do the dns lookup.
... the greater the number of hostnames, the more dns lookups need to be done.
...like dns, the greater the number of server connections needed, the more time is spend creating server connections.
Introduction to Public-Key Cryptography - Archive of obsolete content
for example, this might be a typical dn for an employee of example corp: uid=doe,e=doe@example.net,cn=john doe,o=example corp.,c=us the abbreviations before each equal sign in this example have these meanings: uid: user id e: email address cn: the user's common name o: organization c: country dns may include a variety of other name-value pairs.
... the rules governing the construction of dns can be quite complex and are beyond the scope of this document.
... for comprehensive information about dns, see a string representation of distinguished names] at the following url: https://www.ietf.org/rfc/rfc1485.txt a typical certificate every x.509 certificate consists of two sections: the data section includes the following information: the version number of the x.509 standard supported by the certificate.
Domain sharding - MDN Web Docs Glossary: Definitions of Web-related terms
the problem with domain sharding, in terms of performance, is the cost of extra dns lookups for each domain and the overhead of establishing each tcp connection.
...multiple domains, however, is an anti-pattern, as dns lookups slow initial load times.
... see also transport layer security (tls) dns http/2 ...
NSS_3.12_release_notes.html
e cert.h) cert_findcrlentryreasonexten (see cert.h) cert_findcrlnumberexten (see cert.h) cert_findnameconstraintsexten (see cert.h) cert_getclassicocspdisabledpolicy (see cert.h) cert_getclassicocspenabledhardfailurepolicy (see cert.h) cert_getclassicocspenabledsoftfailurepolicy (see cert.h) cert_getpkixverifynistrevocationpolicy (see cert.h) cert_getusepkixforvalidation (see cert.h) cert_getvaliddnspatternsfromcert (see cert.h) cert_newtempcertificate (see cert.h) cert_setocsptimeout (see certhigh/ocsp.h) cert_setusepkixforvalidation (see cert.h) cert_pkixverifycert (see cert.h) hash_gettype (see sechash.h) nss_initwithmerge (see nss.h) pk11_createmergelog (see pk11pub.h) pk11_creategenericobject (see pk11pub.h) pk11_createpbev2algorithmid (see pk11pub.h) pk11_destroymergelog (see pk11pub.h)...
... klocwork null ptr deref in secasn1d.c bug 366390: correct misleading function names in fipstest bug 370536: memory leaks in pointer tracker code in debug builds only bug 372242: cert_comparerdn uses incorrect algorithm bug 379753: s/mime should support aes bug 381375: ocspclnt doesn't work on windows bug 398693: der_asciitotime produces incorrect output for dates 1950-1970 bug 420212: empty cert dns handled badly, display as !invalid ava!
... bug 420979: vfychain ignores -b time option when -p option is present bug 403563: implement the tls session ticket extension (ste) bug 400917: want exported function that outputs all host names for dns name matching bug 315643: test_buildchain_resourcelimits won't build bug 353745: klocwork null ptr dereference in pkcs12 decoder bug 338367: the gf2m_populate and gfp_populate should check the eccurve_map array index bounds before use bug 201139: ssltap should display plain text for null cipher suites bug 233806: support nist crl policy bug 279085: nss tools display public exponent as negative number bug 363480: ocspclnt needs option to take cert from specified file bug 265715: remove unused hsearch.c dbm code bug 337361: leaks in jar_parse_any (security/nss/lib/jar/jarver.c) bug 338453: leaks...
NSS tools : pk12util
pk12util -i p12file [-h tokenname] [-v] [-d [sql:]directory] [-p dbprefix] [-k slotpasswordfile|-k slotpassword] [-w p12filepasswordfile|-w p12filepassword] for example: # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb enter a password which will be used to encrypt your keys.
... pk12util -o p12file -n certname [-c keycipher] [-c certcipher] [-m|--key_len keylen] [-n|--cert_key_len certkeylen] [-d [sql:]directory] [-p dbprefix] [-k slotpasswordfile|-k slotpassword] [-w p12filepasswordfile|-w p12filepassword] for example: # pk12util -o certs.p12 -n server-cert -d sql:/home/my/sharednssdb enter password for pkcs12 file: re-enter password: listing keys and certificates the information in a .p12 file are not human-readable.
...for example: # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb to set the shared database type as the default type for the tools, set the nss_default_db_type environment variable to sql: export nss_default_db_type="sql" this line can be set added to the ~/.bashrc file to make the change permanent.
NSS tools : pk12util
pk12util -i p12file [-h tokenname] [-v] [-d [sql:]directory] [-p dbprefix] [-k slotpasswordfile|-k slotpassword] [-w p12filepasswordfile|-w p12filepassword] for example: # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb enter a password which will be used to encrypt your keys.
... pk12util -o p12file -n certname [-c keycipher] [-c certcipher] [-m|--key_len keylen] [-n|--cert_key_len certkeylen] [-d [sql:]directory] [-p dbprefix] [-k slotpasswordfile|-k slotpassword] [-w p12filepasswordfile|-w p12filepassword] for example: # pk12util -o certs.p12 -n server-cert -d sql:/home/my/sharednssdb enter password for pkcs12 file: re-enter password: listing keys and certificates the information in a .p12 file are not human-readable.
...for example: # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb to set the shared database type as the default type for the tools, set the nss_default_db_type environment variable to sql: export nss_default_db_type="sql" this line can be set added to the ~/.bashrc file to make the change permanent.
Multithreading in Necko
dns thread (0-1) on most platforms dns requests a processed on a background thread.
...for example, on xp_win an invisible window is created with a message pump on a background thread for processing wsa asynchronous dns events.
... in this way, necko takes advantage of the platforms specific routines for dns lookups.
Resource Timing API - Web APIs
the interface's properties create a resource loading timeline with high-resolution timestamps for network events such as redirect start and end times, dns lookup start and end times, request start, response start and end times, etc.
...the fetchstart timestamps follows and redirect processing (if applicable) and preceeds dns lookup.
...likewise, the the domainlookupstart and domainlookupend properties return timestamps for dns lookup start and end times, respectively.
No Proxy For configuration - Archive of obsolete content
localhost proxy 127.0.0.1 local host direct confirm the filter uses only suffix matches (hostname unit tests) hostname hostname direct name hostname direct host hostname proxy domains with numbers 3com.com .3com.com direct fqdns hostname.domain.com hostname.domain.com domain.com proxy hostname.domain.com hostname.domain.com direct hostname.domain.com host.hostname.domain.com direct .domain.com .domain.com domain.com hostname.domain.com host.hostname.domain.com proxy direct direct *.domain.com *.domain.co...
...filter comparison notable bugs bug 172083 - [meta] proxy: "no proxy for" items bug 80917 - proxy: "no proxy" w/ form based ui bug 91587 - proxy: "no proxy for" default domain filtering fails w/ non-fqdn (e.g., http://web/) bug 201685 - no proxy for: support ipv6 address literals bug 136789 - proxy: no proxy ip entries do not block dns resolved ips bug 314712 - no proxy for: "hostname.domain.com" should block only "hostname.domain.com" bug 72444 - proxy: "bypass proxy server for local addresses" (ie pref) bug 260883 - "no proxy for" does not use fqdn wildcards "*" like ie bugzilla sources bug 17158 comment 21: the correct separator are spaces or commas.
Tips for authoring fast-loading HTML pages - Learn web development
cdns store cached versions of your website and serve them to visitors via the network node closest to the user, thereby reducing latency.
... further reading: understanding cdns reduce domain lookups since each separate domain costs time in a dns lookup, the page load time will grow along with the number of separate domains appearing in css link(s) and javascript and image src(es).
Internationalized Domain Names (IDN) Support in Mozilla Browsers
how idn works when a browser sees a host name such as http://developer.mozilla.org, it passes a request to the dns resolver service (usually built into an os), which in turn sends a request to a nearest domain name server to return an ip address that corresponds to the host name.
... as an example, an output string to be sent to a dns server for a japanese domain name, "http://ジェーピーニック.jp", will look like the following in ace form: http://xn--hckqz9bzb1cyrb.jp domain name registration after the technical standards were established by ietf, the last remaining issue was for domain name registrars to agree on an international guideline on the use of idn characters.
NSS tools : signver
MozillaProjectsNSStoolssignver
signver -v -s signature_file -i signed_file -d sql:/home/my/sharednssdb signaturevalid=yes printing signature data the -a option prints all of the information contained in a signature file.
...for example: # signver -a -s signature -d sql:/home/my/sharednssdb to set the shared database type as the default type for the tools, set the nss_default_db_type environment variable to sql: export nss_default_db_type="sql" this line can be set added to the ~/.bashrc file to make the change permanent.
nsIMsgDatabase
r, in boolean bread, in nsidbchangelistener instigator); void markhdrreplied(in nsimsgdbhdr msghdr, in boolean breplied, in nsidbchangelistener instigator); void markhdrmarked(in nsimsgdbhdr msghdr, in boolean mark,in nsidbchangelistener instigator); void markmdnneeded(in nsmsgkey key, in boolean bneeded,in nsidbchangelistener instigator); boolean ismdnneeded(in nsmsgkey key); void markmdnsent(in nsmsgkey key, in boolean bneeded, in nsidbchangelistener instigator); boolean ismdnsent(in nsmsgkey key); void markread(in nsmsgkey key, in boolean bread, in nsidbchangelistener instigator); void markreplied(in nsmsgkey key, in boolean breplied, in nsidbchangelistener instigator); void markforwarded(in nsmsgkey key, in boolean bforwarded, in nsidbchangelistener instigator); void m...
... boolean ismdnneeded(in nsmsgkey key); markmdnsent() void markmdnsent(in nsmsgkey key, in boolean bneeded, in nsidbchangelistener instigator); ismdnsent() boolean ismdnsent(in nsmsgkey key); markread() methods to get and set docsets for ids.
nsIProtocolProxyService
proxy auto config (pac) may perform a synchronous dns query, which may not return immediately.
...unlike resolve, this method is guaranteed not to block the calling thread waiting for dns queries to complete.
nsISocketTransport
usually a dns lookup.
... status_sending_to 0x804b0005 status_waiting_for 0x804b000a status_receiving_from 0x804b0006 connection flags values for the connectionflags attribute constant value description bypass_cache 0 when making a new connection bypass_cache will force the necko dns cache entry to be refreshed with a new call to nspr if it is set before opening the new stream.
Link types - HTML: Hypertext Markup Language
<link> <a>, <area>, <form> dns-prefetch hints to the browser that a resource is needed, allowing the browser to do a dns lookup and protocol handshaking before a user clicks the link.
... working draft added dns-prefetch, preconnect, and prerender values.
Proxy servers and tunneling - HTTP
they store and forward internet services (like the dns, or web pages) to reduce and control the bandwidth used by the group.
...the example below will work in an environment where the internal dns server is set up so that it can only resolve internal host names, and the goal is to use a proxy only for hosts that aren't resolvable: function findproxyforurl(url, host) { if (isresolvable(host)) return "direct"; else return "proxy proxy.mydomain.com:8080"; } see proxy auto-configuration (pac) for more examples.
Web Performance
this article explains what latency is, how it impacts performance, how to measure latency, and how to reduce it.using dns-prefetchdns-prefetch is an attempt to resolve domain names before resources get requested.
...in this article, we cover native browser features like rel=preconnect, rel=dns-prefetch, rel=prefetch, and rel=preload, and how to use them to your advantage.
Subresource Integrity - Web security
how subresource integrity helps using content delivery networks (cdns) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth.
... however, using cdns also comes with a risk, in that if an attacker gains control of a cdn, the attacker can inject arbitrary malicious content into files on the cdn (or replace the files completely) and thus can also potentially attack all sites that fetch files from that cdn.
Autodial for Windows NT - Archive of obsolete content
whenever an internet address cannot be reached, because of a dns lookup failure for example, the system will try to dial.
Mozilla Application Framework in Detail - Archive of obsolete content
necko features include support for asynchronous i/o, a generic disk and memory cache service, asynchronous caching dns resolution, web proxies, and https.
URIs and URLs - Archive of obsolete content
gateways, proxies, caches, and name resolution services might be used to access some resources, independent of the protocol of their origin, and the resolution of some url may require the use of more than one protocol (e.g., both dns and http are typically used to access an "http" url's resource when it can't be found in a local cache).
TCP/IP Security - Archive of obsolete content
this layer sends and receives data for particular applications, such as domain name system (dns), hypertext transfer protocol (http), and simple mail transfer protocol (smtp).
ARPA - MDN Web Docs Glossary: Definitions of Web-related terms
.arpa (address and routing parameter area) is a top-level domain used for internet infrastructure purposes, especially reverse dns lookup (i.e., find the domain name for a given ip address).
Domain - MDN Web Docs Glossary: Definitions of Web-related terms
a fully qualified domain name (fqdn) contains all necessary parts to look up this authority by name unambigously using the dns system of the internet.
TCP handshake - MDN Web Docs Glossary: Definitions of Web-related terms
this handshake step happens after a dns lookup and before the tls handshake, when creating a secure connection.
TLD - MDN Web Docs Glossary: Definitions of Web-related terms
a tld (top-level domain) is the most generic domain in the internet's hierarchical dns (domain name system).
TTL - MDN Web Docs Glossary: Definitions of Web-related terms
caching in the context of caching, ttl (as an unsigned 32-bit integer) being a part of the http response header or the dns query, indicates the amount of time in seconds during which the ressource can be cached by the requester.
Time to first byte - MDN Web Docs Glossary: Definitions of Web-related terms
this time includes dns lookup and establishing the connection using a tcp handshake and ssl handshake if the request is made over https.
MDN Web Docs Glossary: Definitions of Web-related terms
csrf css css object model (cssom) css pixel css preprocessor d data structure decryption delta denial of service descriptor (css) deserialization developer tools dhtml digest digital certificate distributed denial of service dmz dns doctype document directive document environment dom (document object model) domain domain name domain sharding dominator dos attack dtls (datagram transport layer security) dtmf (dual-tone multi-frequency signaling) dynamic programming language dynamic typing e ...
Creating hyperlinks - Learn web development
when you use an absolute url, the browser starts by looking up the real location of the server on the domain name system (dns), see how the web works for more information).
Images in HTML - Learn web development
you could embed the image using its absolute url, for example: <img src="https://www.example.com/images/dinosaur.jpg"> but this is pointless, as it just makes the browser do more work, looking up the ip address from the dns server all over again, etc.
Index - Learn web development
for example, take the following line of content: 40 how the web works beginner, client, dns, http, ip, infrastructure, learn, server, tcp, l10n:priority this theory is not essential to writing web code in the short term, but before long you'll really start to benefit from understanding what's happening in the background.
Multimedia: Images - Learn web development
if all of this sounds a bit complicated or feels like too much work for your team then there is also online services that you can use as image cdns that will automate the serving of the correct image format on-the-fly, according to the type of device or browser requesting the image.
Web performance resources - Learn web development
using resource hints such as rel=preconnect, rel=dns-prefetch, rel=prefetch, and rel=preload keep the size of javascript to a minimum.
HTTP logging
turning off dns query logging you can turn off logging of host resolving (that is, dns queries) by removing the text nshostresolver:5 from the commands above.
mozbrowsererror
possible values are: fatal(crash) unknownprotocolfound filenotfound dnsnotfound connectionfailure netinterrupt nettimeout cspblocked phishingblocked malwareblocked unwantedblocked offline malformeduri redirectloop unknownsockettype netreset notcached isprinting deniedportaccess proxyresolvefailure proxyconnectfailure contentencodingfailure remotexul unsafecontenttype corruptedcontenterror certerror other example va...
Integrated Authentication
this is to protect the user from the possibility of dns-spoofing being used to stage a man-in-the-middle exploit (see bug 17578 for more info).
About NSPR
to that end it is possible to perform translations of ascii strings (dns names) into nspr's network address structures, with no regard to whether the addressing technology is ipv4 or ipv6.
Certificate functions
trevocationpolicy mxr 3.12 and later cert_getprevgeneralname mxr 3.10 and later cert_getprevnameconstraint mxr 3.10 and later cert_getsloptime mxr 3.2 and later cert_getsslcacerts mxr 3.2 and later cert_getstatename mxr 3.2 and later cert_getusepkixforvalidation mxr 3.12 and later cert_getvaliddnspatternsfromcert mxr 3.12 and later cert_gentime2formattedascii mxr 3.2 and later cert_hexify mxr 3.2 and later cert_importcachain mxr 3.2 and later cert_importcerts mxr 3.2 and later cert_isrootdercert mxr 3.8 and later cert_isusercert mxr 3.6 and later cert_keyfromdercrl mxr 3.4 and lat...
NSS_3.12.1_release_notes.html
ails pairwise consistency test bug 330622: certutil's usage messages incorrectly document certain options bug 330628: coreconf/linux.mk should _not_ default to x86 but result in an error if host is not recognized bug 359302: remove the sslsample code from nss source tree bug 372241: need more versatile form of cert_nametoascii bug 390296: nss ignores subject cn even when san contains no dnsname bug 401928: support generalized pkcs#5 v2 pbes bug 403543: pkix: need a way to enable/disable aia cert fetching bug 408847: pkix_ocspchecker_check does not support specified responder (and given signercert) bug 414003: crash [[@ cert_decodecertpackage] sometimes with this testcase bug 415167: memory leak in certutil bug 417399: arena allocation results are not checked in pkix_pl_i...
NSS 3.16 release notes
bug 962760: libpkix should not include the common name of ca as dns names when evaluating name constraints.
NSS 3.39 release notes
utilpars.h nssutil_addnssflagtomodulespec - a helper function for modifying the pkcs#11 module configuration.
NSS 3.44 release notes
each attribute 1531236 - provide accessor for certcertificate.dercert 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine 1532384 - in nss test certificates, use @example.com (not @bogus.com) 1538479 - post-handshake messages after async server authentication break when using record layer separation 1521578 - x25519 support in pk11pars.c 1540205 - freebl build fails with -dnss_disable_chachapoly 1532312 - post-handshake auth doesn't interoperate with openssl 1542741 - certutil -f crashes with segmentation fault 1546925 - allow preceding text in try comment 1534468 - expose chacha20 primitive 1418944 - quote cc/cxx variables passed to nspr 1543545 - allow to build nss as a static library 1487597 - early data that arrives before the handshake completes can be rea...
NSS 3.52 release notes
bug 1630925 - guard all instances of nsscmssigneddata.signerinfo to avoid a cms crash bug 1571677 - name constraints validation: cn treated as dns name even when syntactically invalid as dns name this bugzilla query returns all the bugs fixed in nss 3.52: https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&product=nss&target_milestone=3.52 compatibility nss 3.52 shared libraries are backward compatible with all older nss 3.x shared libraries.
Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
atic secstatus createcert( certcertdbhandle *handle, pk11slotinfo *slot, char * issuernickname, char *infilename, char *outfilename, seckeyprivatekey **selfsignprivkey, void *pwarg, secoidtag hashalgtag, unsigned int serialnumber, int warpmonths, int validitymonths, const char *dnsnames, prbool ascii, prbool selfsign) { void *exthandle; secitem reqder; certcertextension **crexts; secstatus rv = secsuccess; certcertificate *subjectcert = null; certcertificaterequest *certreq = null; prfiledesc *outfile = null; se...
sample2
(trust) { port_free(trust); } if (certder.data) { port_free(certder.data); } return rv; } /* * create a certificate */ static secstatus createcert( certcertdbhandle *handle, pk11slotinfo *slot, char * issuernickname, char *infilename, char *outfilename, seckeyprivatekey **selfsignprivkey, void *pwarg, secoidtag hashalgtag, unsigned int serialnumber, int warpmonths, int validitymonths, const char *dnsnames, prbool ascii, prbool selfsign) { void *exthandle; secitem reqder; certcertextension **crexts; secstatus rv = secsuccess; certcertificate *subjectcert = null; certcertificaterequest *certreq = null; prfiledesc *outfile = null; secitem *certder = null; reqder.data = null; outfile = pr_open(outfilename, pr_rdwr | pr_create_file | pr_truncate, 00660); /* create a cert request object from the in...
NSS sources building testing
on machines that are configured with a hostname that has been registered in your network's dns, this should work automatically.
Python binding for NSS
plus the implementation depdended on being able to perform a reverse dns lookup which is not always possible.
NSS functions
trevocationpolicy mxr 3.12 and later cert_getprevgeneralname mxr 3.10 and later cert_getprevnameconstraint mxr 3.10 and later cert_getsloptime mxr 3.2 and later cert_getsslcacerts mxr 3.2 and later cert_getstatename mxr 3.2 and later cert_getusepkixforvalidation mxr 3.12 and later cert_getvaliddnspatternsfromcert mxr 3.12 and later cert_gentime2formattedascii mxr 3.2 and later cert_hexify mxr 3.2 and later cert_importcachain mxr 3.2 and later cert_importcerts mxr 3.2 and later cert_isrootdercert mxr 3.8 and later cert_isusercert mxr 3.6 and later cert_keyfromdercrl mxr 3.4 and lat...
NSS tools : crlutil
defined options include an rfc822 name (electronic mail address), a dns name, an ip address, and a uri.
sslcrt.html
canames a pointer to a structure that contains a list of distinguished names (dns) against which to check the dns for the signers in the certificate chain.
sslerr.html
mit renegotiation of ssl security parameters." ssl_error_unsupported_extension_alert -12184 "ssl peer does not support requested tls hello extension." ssl_error_certificate_unobtainable_alert -12183 "ssl peer could not obtain your certificate from the supplied url." ssl_error_unrecognized_name_alert -12182 "ssl peer has no certificate for the requested dns name." ssl_error_bad_cert_status_response_alert -12181 "ssl peer was unable to get an ocsp response for its certificate." ssl_error_bad_cert_hash_value_alert -12180 "ssl peer reported bad certificate hash value." unspecified errors that occurred while attempting some operation: all the error codes in the following block describe the operation that ...
NSS Tools certutil
-8 dns-names add a comma-separated list of dns names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database.
NSS Tools crlutil
defined options include an rfc822 name (electronic mail address), a dns name, an ip address, and a uri.
NSS tools : crlutil
MozillaProjectsNSStoolscrlutil
defined options include an rfc822 name (electronic mail address), a dns name, an ip address, and a uri.
Necko walkthrough
then in necko http code (still on the main thread for now): nshttpchannel::asyncopen nshttpchannel::beginconnect() creates nshttpconnectioninfo object for the channel checks if we're proxying or not fires off the dns prefetch request (dispatched to dns thread pool) some other things nshttpchannel::connect might to a speculativeconnect (pre open tcp socket) nshttpchannel::continueconnect some cache stuff nshttpchannel::setuptransaction creates new nshttptransaction, and inits it with mrequesthead (the request headers) and muploadstream (which was created from the request ...
Installing Pork
hg clone http://hg.mozilla.org/rewriting-and-analysis/pork/ cd pork hg clone http://hg.mozilla.org/rewriting-and-analysis/elsa ./configure make building mozilla with mcpp to build mozilla with mcpp to generate annotated .ii files, use the following configure command: ac_cv_visibility_hidden=no cc="gcc34 -save-temps -wp,-w0,-k" cxx="g++ -save-temps -wp,-w0,-k" cppflags=-dns_disable_literal_template $srcdir/configure --enable-debug --disable-optimize --disable-accessibility --enable-application=browser --disable-crashreporter building will probably require disabling warnings_as_errors: make warnings_as_errors= "-wp,-w0,-k" are options that get passed to mcpp.
nsIDocShell
allowdnsprefetch boolean attribute that determines whether dns prefetch is allowed for this subtree of the docshell tree.
nsIProxyInfo
if this is the case, the hostname is used in some fashion, and we shouldn't do any form of dns lookup ourselves.
nsIServerSocket
see nsidnsservice.myhostname() if this is what you need.
XPCOM Interface Reference by grouping
nsifilespec nsifilestreams nsifileutilities nsifileview memory nsimemory network channel nsichannel nsichanneleventsink nsirequest nsirequestobserver nsiresumablechannel nsidnsservice nsiftpchannel nsiftpeventsink nsihttpchannel nsihttpchannelinternal nsihttpheadervisitor nsiidnservice nsiprotocolhandler nsiprotocolproxycallback nsiprotocolproxyfilter nsiprotocolproxyservice nsiproxyinfo preferences nsiiniparser nsiiniparserfactory nsiprefb...
Network request details - Firefox Developer Tools
dns resolution time taken to resolve a host name.
Web Console remoting - Firefox Developer Tools
the geteventtimings packet: { "to": "conn0.netevent15", "type": "geteventtimings" } { "from": "conn0.netevent15", "timings": { "blocked": 0, "dns": 0, "connect": 0, "send": 0, "wait": 16, "receive": 0 }, "totaltime": 16 } the fileactivity packet when a file load is observed the following fileactivity packet is sent to the client: { "from": "conn0.console9", "type": "fileactivity", "uri": "file:///home/mihai/public_html/mozilla/test2.css" } history protocol changes by firefox version: firefox 18: initial ...
Media Source API - Web APIs
indeed, one can support dash with a simple static file server, which is also great for cdns.
PerformanceResourceTiming - Web APIs
the interface's properties create a resource loading timeline with high-resolution timestamps for network events such as redirect start and end times, fetch start, dns lookup start and end times, response start and end times, etc..
HTML documentation index - HTML: Hypertext Markup Language
WebHTMLIndex
224 link types: dns-prefetch attribute, html, link, link types, reference the dns-prefetch keyword for the rel attribute of the <link> element is a hint to browsers that the user is likely to need resources from the target resource's origin, and therefore the browser can likely improve the user experience by preemptively performing dns resolution for that origin.
Index - HTTP
WebHTTPHeadersIndex
117 x-dns-prefetch-control dns, http, header the x-dns-prefetch-control http response header controls dns prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as urls for items referenced by the document, including images, css, javascript, and so forth.
X-Forwarded-Host - HTTP
host names and ports of reverse proxies (load balancers, cdns) may differ from the origin server handling the request, in that case the x-forwarded-host header is useful to determine which host was originally used.
HTTP headers - HTTP
WebHTTPHeaders
x-dns-prefetch-control controls dns prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as urls for items referenced by the document, including images, css, javascript, and so forth.
HTTP Index - HTTP
WebHTTPIndex
199 x-dns-prefetch-control dns, http, x-dns-prefetch-control, header the x-dns-prefetch-control http response header controls dns prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as urls for items referenced by the document, including images, css, javascript, and so forth.