DNS over HTTPS MaxProtection slows down authenticating Firefox account for 30+seconds
Under about:preferences#privacy choosing "Max Protection", choosing Max Protection, be it NextDNS or Cloudflare means my synced profile takes 30+ seconds to load/authenticate.
Windows 10 22H2 Pro on a domain.
On MacOS, near-zero delay.
Both go through same router.
All Replies (13)
Yes, same in TS mode
Also, both use different antivirus products, so scratch that.
Modified by Alex
Clarification to Troubleshoot mode - scratch that doesn't mean it worked in TS, means that no difference, still long delay loading profile - i.e. no connection in FF to internet.
Thanks but while this is a tiny network, it's a corporate one and so no to create a new profile. Fine for home users who I suppose are fine with creating cr*p on their PCs -- and FWIW really? What a nightmare on Windows to for an OOB new profile anywhere.
Refreshing a profile is also fine if you've got shopping sites and the usual stuff. But when you have a massively curated one for business work-flow, no go.
Tthis is neither of the suggestion's fault IMO. FF seems to have a problem with "Max Protection" either with Windows altogether (since works fine on Mac), or if there's a domain - and if so, more why corporate does not use FF.
Either max protection works without killing FF every time it is started, or the feature is worthless from a practical standpoint.
If there a dev channel to communicate on this, love to know it.
Modified by Alex
Go to about:policies in the address bar and report what enterprise polices are active.
I am the enterprise here, so no policies set.
Simple, thing - as said "about:preferences#privacy choosing "Max Protection", works on Mac - profile and sync load in a couple of seconds. Windows - sit and stew for an age for it to happen and both are via same wireless, same router, same everything including antivirus. One is Mac (good!) the other is Windows (must endure an use).
And FWIW, my first tech experience was in 1975 - never stopped since seen it done it all 10x, so maybe this should be a bump to devs there - how can that be done?
You can boot the computer in Windows Safe Mode with network support to see if that has effect.
I am concluding here that nobody thus far has a clue, and throwing stuff at the wall. Perhaps if someone from Mozilla that actually knows how this stuff works might chime in would help. No way to get that for ages now that financed by Google.
Shame, there is 0% I use Chrome or Edge, but this make FF a PIA unless you never close it.
Does it still happen if you go to about:config in the address bar and change network.dns.disableIPv6 to true then restart the browser?
Setting network.dns.disableIPv6 to True no effect. Swapping out router to an OOB spare (i.e. no customized anything), no difference.
Both Mac and Windows are on Bitdefender AV (which are of course different Mac vs Windows) so basically safe to assume they're not an a-ha! cause.
Switching from using Cloudflare (Default) to NextDNS, no difference.
You can capture a network log:
1. Visit about:logging and click "Start logging". 2. Visit about:networking#dnslookuptool and resolve a new domain. 3. Go back to about:logging and click "Stop logging". 4. In the Profiler tab that opens, click "Upload Local Profile" and share the link.