Thread: Why does Firefox not respect the HOSTS file in Windows
View Single Post
  #20  
Old June 30th 16, 02:24 PM posted to alt.windows7.general
Mayayana
external usenet poster
  
Posts: 6,438
Default Why does Firefox not respect the HOSTS file in Windows
|
| BTW, with regard to the whole "DNS caching thing" I am not the expert, so
| I can only conjecture how I think it works.
|
| 1. You type www.somewhere.com along with http (i.e., port 80)
| 2. Firefox checks the Firefox DNS cache, but it's not there
| 3. Firefox checks the Windows DNS cache, but it's not there
| 4. So Windows first checks the HOSTS file, but it's not there
| 5. Then Windows checks the Windows DNS cache, but it's not there
| 6. So Windows checks what the DNS server is
| 7. For me, that's gonna be set to the router 192.168.1.1
| 8. So Windows asks 192.168.1.1 who the DNS Server is
| 9. The router returns the Google DNS Server 8.8.8.8
| 10. So Windows sends a port 53? DNS request to 8.8.8.8
| 11. (It actually follows a hierarchy so let's simplify here.)
| 12. 8.8.8.8 returns the IP address 1.2.3.4 to the DNS cache
| 13. 1.2.3.4 is handed back to to Windows from 8.8.8.8
| 14. Windows puts www.somewhere.com=1.2.3.4 into the Windows DNS cache
| 15. Windows hands Firefox that information
| 16. Firefox puts www.somewhere.com=1.2.3.4 into the Firefox DNS cache
| 17. Firefox sends the port 80 request to 1.2.3.4
| 18. And 1.2.3.4 returns the information to Firefox
|
| Upon the *next* invocation of the same URL...
| 1. You type www.somewhere.com along with http (i.e., port 80)
| 2. Firefox checks the Firefox DNS cache, and finds 1.2.3.4
| 17. Firefox sends the port 80 request to 1.2.3.4
| 18. And 1.2.3.4 returns the information to Firefox
|

I think that's generally true, but as far as I know
there's no Windows DNS cache. Nor does Windows
get involved, per se.

http://webcache.googleusercontent.co...&gbv=1&ct=clnk

(That's the MS info page as Google cache, bypassing their
blocking of anyone who disables javascript.)

From what I've been able to find,
the Firefox cache is set by default to expire in one hour.
Your setting of 60 would imply one minute. But I think
that must be wrong. As I described earlier, I went several
days awhile back, unable to reach several sites. It was
only when I set cache to 0 that I was able to reach
them again. (Someone had suggested that. Previously
I was unaware that Firefox/Pale moon was caching.)

I assume, also, that FF has a session cache. I don't think
it's making 15 DNS calls for all the different files at a
somewhere.com webpage. So that's another indicator that
60 may be something like 60 days rather than 60 seconds.
In any case, I have all the caching set to 0 and most
pages load almost instantly.

What I think happens
is that Firefox either uses a Windows sockets method
to get the IP address or gets the DNS IP directly with
a call to the GetNetworkParams function in iphlpapi.dll,
then makes its own port 53 DNS call. Either is feasible.

Firefox *should* be checking the HOSTS file
before it proceeds. Then it can either make the 53 call
itself or use a winsock method like gethostbyname or
getaddrinfo. I'm guessing those methods make the call
directly, so that Windows is not "making a decision"
in the matter. HOSTS may be checked as part of that
call. I don't know. getaddrinfo actually takes a port number
parameter, which would be 53, implying that it's just
a wrapper around the remote winsock call, but I don't
find any clear explanation in MSDN of how it actually
works.

This is mostly of only technical interest, but it does
reflect on Firefox. Firefox is/should be responsible for
respecting HOSTS and not just expecting Windows to
somehow handle that.

My tests showed that as well. When I go somewhere
with Pale Moon and run Filemon, only the Pale Moon
process reads HOSTS, and it reads it several times.
Is that palemoon.exe reading it, or is it the winsock
DLL running in the PM process? I'm not sure. Either
way, PM is responsible, in the end, for respecting HOSTS.

None of that actually answers why you have heavy
activity when you start FF. My guess would be that it's
software on your system calling home. The URLs --
cloudfront, amazonaws and akamai are all middleman
traffic and storage rental services. As I noted in the
other group, even Microsoft uses Akamai. It's sort of like
having a contract with an equipment company. If you
just need to shovel snow occasionally you buy a shovel.
In the same way, most smaller companies just host their
website, on their own computers or on a service. If you
own a mall and need to shovel the snow quickly, you
might contract with an eqipment company that can send
over 3 plows and 6 snowblowers at a moment's notice. In
that analogy, it allows MS to handle things like a DDoS
attack or a sudden run on 6 GB SDK downloads easily.
Akamai manages the traffic load transparently. Unfortunately,
that seems to get around HOSTS because there's no DNS
lookup involved.

So you need to research from your end to figure out
what's going out without asking. Maybe your AV software?
These days it could be almost anything. The typical amount
of "un-permissioned" online communication is extreme if
you don't control it.
Ads