Closed
Bug 1077847
Opened 11 years ago
Closed 11 years ago
Missing DNSSEC for firefox.com & mozilla.org
Categories
(Infrastructure & Operations :: DNS and Domain Registration, task)
Infrastructure & Operations
DNS and Domain Registration
x86_64
Windows 7
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: nitingoplani88, Unassigned)
References
Details
Attachments
(1 file)
|
32.82 KB,
image/png
|
Details |
Missing DNSSEC - Firefox.com.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Build ID: 20130910160258
Steps to reproduce:
Your domain is not configured to support DNSSEC. This opens up a man-in-the-middle scenario where remote attackers will be able to tamper with your DNS records by the use of cache poisoning techniques.
Access the below URL to verify:
http://viewdns.info/dnssec/?domain=firefox.com
http://viewdns.info/dnssec/?domain=mozilla.org
Unable to attach screenshot for mozilla.org
Actual results:
DNSSEC is not supported by firefox.com & mozilla.org
Expected results:
DNSSEC must be supported to ensure the end user is connecting to the actual web site or other service corresponding to a particular domain name.
|
||
Updated•11 years ago
|
Group: core-security
Component: Untriaged → General
Product: Firefox → www.mozilla.org
Version: 24 Branch → Production
|
Reporter | |
Comment 1•11 years ago
|
||
Do you mean this is rejected?
|
||
Comment 2•11 years ago
|
||
(In reply to nitingoplani88 from comment #1)
> Do you mean this is rejected?
No, it was just moved to the actual product that needs to care about this. It's not an issue in the Firefox browser, but a request for our websites, so it was moved to the area for website bugs.
|
|
Reporter | |
Comment 3•11 years ago
|
||
Thanks for the update
|
|
||
Updated•11 years ago
|
Assignee: nobody → infra
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Component: General → Infrastructure: DNS
Product: www.mozilla.org → Infrastructure & Operations
QA Contact: jdow
Resolution: --- → DUPLICATE
Version: Production → other
|
|
Reporter | |
Comment 5•11 years ago
|
||
Hi,
The bug id 602424 is for mozilla.com
but the bug which I reported is for firefox.com & mozilla.org. Could you please check and change the status from Duplicate.
Changing status from duplicate. There are separate SPF bugs for firefox.com, mozilla.com, and mozilla.org.
:curtisk, the DNS team can do nothing useful about this bug. We are not authoritative for how the mozilla.org domain is used to send mail, nor are we able to provide a list of the servers that the mozilla.org uses to send mail. This domain is managed and it uses defined by other teams.
Due to the impossibility of identifying all possible uses of mozilla.org for outbound email, and the lack of interest in doing so, I'm marking this SPF, too, as RESOLVED INCOMPLETE.
Resolution: DUPLICATE → INCOMPLETE
|
|
Reporter | |
Comment 7•11 years ago
|
||
What about firefox.com?
This isn't an SPF bug, this is a DNSSEC bug, and it's in the correct queue.
We are aware of the ongoing issues with DNSSEC, and this bug is not eligible for a bounty.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INCOMPLETE → ---
sorry about that, was juggling multiple bugs in my morning triage and marked the wrong bug. :atoll has however, handled this correctly since that bungle
|
|
||
Comment 10•11 years ago
|
||
There are no plans to enable dnssec on firefox.com, and as :atoll mentioned in #c6 it is not practical to enable SPF records.
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•