[meta] Handle split horizon DNS with TRR
Categories
(Core :: Networking: DNS, enhancement, P2)
Tracking
()
People
(Reporter: valentin, Unassigned)
References
Details
(Keywords: meta, Whiteboard: [necko-triaged][trr])
Reporter | ||
Comment 1•6 years ago
|
||
Comment 2•6 years ago
|
||
Reporter | ||
Comment 3•6 years ago
|
||
Comment 4•6 years ago
|
||
Reporter | ||
Comment 5•6 years ago
|
||
Hello!
Was there any plan to try to get the already configured/known DNS server (usually configured/provisioned via DHCP) and "ping" it via DoH? Or any effort underway (at IETF for example) to get OS providers and DHCP server maintainers to support DoH server selection?
Reporter | ||
Comment 7•6 years ago
|
||
(In reply to Pas from comment #6)
Hello!
Was there any plan to try to get the already configured/known DNS server (usually configured/provisioned via DHCP) and "ping" it via DoH? Or any effort underway (at IETF for example) to get OS providers and DHCP server maintainers to support DoH server selection?
There is work under way to do this:
https://datatracker.ietf.org/doc/draft-ietf-doh-resolver-associated-doh/
The problem with just trying to use DoH with the configured DNS server is that the server is usually an IP address - maybe 10.0.0.1 ? And DoH works over HTTPS so you need a certificate for that IP/hostname. So we need a slightly more complicated solution.
Updated•5 years ago
|
Comment 8•5 years ago
•
|
||
Here's some code that would check for policies and DNSOverHTTPS
if (Services.policies.status == Services.policies.ACTIVE) {
let policies = Services.policies.getActivePolicies()
if (!("DNSOverHTTPS" in policies) {
// Don't enable DNSOverHTTPS
} else {
// If they have configured DNSOverHTTPS, make sure policy wins
}
}
Not all split horizon DNS is by enterprises (though I admit they're typically the ones with expertise). Any reason not to use the DHCP search list instead (bug #1582472)?
Reporter | ||
Comment 10•5 years ago
|
||
(In reply to saschmit from comment #9)
Not all split horizon DNS is by enterprises (though I admit they're typically the ones with expertise). Any reason not to use the DHCP search list instead (bug #1582472)?
That's next on our list of priorities. Should be implemented in the next month.
Updated•5 years ago
|
Comment 11•5 years ago
|
||
Should this be included in the 72 release notes? If yes please nominate by setting the relnote-firefox flag to "?" and fill in the form. Thanks.
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Description
•