Hi,
following environment:
- IPFire 2.25 - Core Update 141 with webproxy/DoT activated, several DoT-server are listed and used (i.e. kaitain.restena.lu, sinodun.com, digitalcourage.de, switch.ch, unicast.censurfridns.dk etc.) and all checked as ok, responce-times of the dns-servers are from 15ms to 900ms (checked with uemegges dot-check-script; i guess ipfire is using the fastest?)
- Windows Domain Network with 2x Windows-DNS-Server, both forwarding to IPFire. Resolver-part of windows-dns-server is activated for dnssec-validating (is this necessary, when ipfire is also dnssec-validating? and i guess, with wpad/proxy activated, http-clients are using ipfire/webproxy for dns-resolving?).
- Clients are using IPFire-webproxy by wpad.dat-offering in dhcp and dns. Dns-servers used in clients are both mentioned windows-dns-servers (although they should be only used for non-proxy-traffic). In firefox doh is deactivated by enterprise-policy.
Problem: Since i installed core update 141 and switched on DoT, firefox is painfully slow with a lot of website, when loading first time (or after some time passing by, perhaps some dns-cache gets deleted?). With google chrome or firefox with deactivated proxy everything is fine. It looks like, if some initial dns-resolving takes really long. But i couldn’t figure out, why chrome doesn’t have that problem. Looks really strange. I don’t think, that the mentioned windows-dns-server-resolving is relevant for webbrowsers when using proxy/wpad. I only mention this here for completion.
Someone experiencing similar behavior with firefox+webproxy+dot? Thx 4 help.