User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0

Steps to reproduce:

Visit some websites blocked by ISP. Visiting the network debugging tab shows the DNS resolution as system rather than DNS over HTTPS

Actual results:

Rather than loading, PR_CONNECT_RESET_ERROR error is shown.

Expected results:

Website should load.

The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Thank you for filing the report.

Can you please provide http logs when you get this error.
You can email the logs to necko@mozilla.com if you are concerned about saving sensitive personal information in the tool.
Could you also please paste the DNS over HTTPS configuration that you are using?

I'm using a private DNS from https://dns.nextdns.io/

Hi Ved,

It seems that your ISP is also blocking the connection to ign.com (probably just the IP)
Not sure why devtools is showing it used System DNS (possibly because the request failed, could be a bug).
Looking at the logs, it seems we fail to connect to the IP, so we add it to the blocklist, then proceed to retry at different times.
In this case I don't think there's an easy fix - I suggest trying a proxy or VPN to bypass the blocking.
I'll look into the devtools issue (you can also verify if DNS over HTTPS was used by going to about:networking#dns and checking the TRR column for ign.com).

2023-08-28 07:18:55.158000 UTC - [Parent 7900: Socket Thread]: D/nsSocketTransport nsSocketTransport::RecoverFromError [this=26612dddc00 state=4 cond=804b0014]
2023-08-28 07:18:55.158000 UTC - [Parent 7900: Socket Thread]: D/nsSocketTransport nsSocketTransport::RecoverFromError do not retry because mDoNotRetryToConnect is set [this=26612dddc00]
2023-08-28 07:18:55.158000 UTC - [Parent 7900: Socket Thread]: D/nsHostResolver Adding address to blocklist for host [www.ign.com], host record [266202a9860].used trr=1
2023-08-28 07:18:55.158000 UTC - [Parent 7900: Socket Thread]: D/nsHostResolver Successfully adding address [151.101.153.135] to blocklist for host [www.ign.com].

Yeah, the ISP blocks a few domains and that was one of the main reason, along with privacy, I started using DoH. What I find surprising is that, although torrent websites are also blocked by the ISP, Firefox is able to connect to it through DoH but ign.com is getting blocked.
And yeah, on checking the DNS tab on networking, it displays TRR as true for all ign.com and 1337x.com, yet only see an error with ign.com

(In reply to Valentin Gosu [:valentin] (he/him) from comment #6)

Hi Ved,

It seems that your ISP is also blocking the connection to ign.com (probably just the IP)
Not sure why devtools is showing it used System DNS (possibly because the request failed, could be a bug).

I think devtools is using ResolvedByTRR to determine if DoH is used or not. However, ResolvedByTRR is set in nsHttpChannel::OnTransportStatus. However, nsHttpChannel::OnTransportStatus won't be called when the HTTP request is severed from cache or the HTTP request is failed.
I think that's the reason why devtools shows System DNS is used.

(In reply to Kershaw Chang [:kershaw] from comment #8)

I think that's the reason why devtools shows System DNS is used.
If it's just an issue with the display and DNS from DoH is being used, then why are only some of the websites showing an error when trying to connect?