Open Bug 1394756 Opened 7 years ago Updated 2 years ago

Cannot load onion domains

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Version:
55 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: unix196, Unassigned)

Details

(Whiteboard: [necko-backlog]) 

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160921204512

Steps to reproduce:

Install Ubuntu:

Description:	Ubuntu 16.04.3 LTS
Codename:	xenial

Install soft:
firefox                 55.0.2+build1-0ubuntu0.16.04.1
firefox-locale-en   55.0.2+build1-0ubuntu0.16.04.1
firefox-locale-ru    55.0.2+build1-0ubuntu0.16.04.1

tor                                        0.3.0.10-1~xenial+1
tor-geoipdb                                0.3.0.10-1~xenial+1
torsocks                                   2.1.0-2

Configure /etc/tor/torrc:
Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

cat /etc/resolv.conf 
nameserver 127.0.0.1

rules for iptables:
cat /etc/iptables.rules 
# Generated by iptables-save v1.6.0 on Tue Aug 29 14:13:56 2017
*filter
:INPUT ACCEPT [22352:4343821]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 -j ACCEPT
-A OUTPUT -m owner --uid-owner 122 -j ACCEPT
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Aug 29 14:13:56 2017
# Generated by iptables-save v1.6.0 on Tue Aug 29 14:13:56 2017
*nat
:PREROUTING ACCEPT [152:16358]
:INPUT ACCEPT [152:16358]
:OUTPUT ACCEPT [15533:1304804]
:POSTROUTING ACCEPT [28:1722]
-A PREROUTING -d 10.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040
-A OUTPUT -m owner --uid-owner 122 -j RETURN
-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -d 127.0.0.0/9 -j RETURN
-A OUTPUT -d 127.128.0.0/10 -j RETURN
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A OUTPUT -d 10.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040

Go to web browser and open url:
https://3g2upl4pq6kufc4m.onion


Actual results:

browser  write :
"Server not found. Check address or internet connection"

1) If open https://3g2upl4pq6kufc4m.onion. (dot at the end) - site open normal
2) If install chromium and go url https://3g2upl4pq6kufc4m.onion - site open normal


Expected results:

open DuckDuckGo search site
I'm having a similar problem on OS X with Firefox 55.0.3.  Additionally, I've set network.dns.blockDotOnion to false in about:config.  tcpdump shows that Firefox is not even trying to resolve the DNS, despite the block being disabled.  Chrome resolves them fine on the same machine.
Component: Untriaged → Networking
Product: Firefox → Core
Summary: onion domains → Cannot load onion domains
(In reply to robs from comment #1)
> I'm having a similar problem on OS X with Firefox 55.0.3.  Additionally,
> I've set network.dns.blockDotOnion to false in about:config.  tcpdump shows
> that Firefox is not even trying to resolve the DNS, despite the block being
> disabled.  Chrome resolves them fine on the same machine.

Please ignore my above comment.  I diagnosed and resolved my problem and its likely not related.  OS X simply refuses to resolve .onion addresses and produces no packets that can be redirected.  Presumably this is a (annoying) security feature.  For completeness, I overcame this by creating an /etc/resolver/onion file with the following contents to force it perform a lookup.

nameserver 10.50.0.1
Whiteboard: [necko-backlog]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.