Closed Bug 1531342 Opened 6 years ago Closed 6 years ago

DNS-over-HTTPS return NS_ERROR_UNKNOWN_HOST for A record 10.8.0.1

Categories

(Core :: Networking: DNS, defect)

Product:
Core
Component:
Networking: DNS
Version:
67 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: ms, Unassigned)

Details

(Whiteboard: [necko-triaged][trr])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

I have several domains name that is accessible only through VPN. To accommodate this, I setup a local DNS cache [1] on my machine using the following master file,

++++
$ORIGIN domain.tld
$TTL 3600

sub A 10.8.0.1
++++

The local DNS cache capable of serving DNS query using UDP (12.0.0.1:53) or DoH (https://localhost/dns-query). When using DNS through UDP, Firefox can open the website at sub.domain.tld, but when using DoH, Firefox return an error NS_ERROR_UNKNOWN_HOST.

[1] http://github.com/shuLhan/rescached-go/

Actual results:

Firefox unable to resolve the sub.domain.tld.

Here is the log output (redacted),

++++
...
[Parent 8252: Socket Thread]: D/nsHostResolver Resolving host [sub.domain.tld] - bypassing cache type 0. [this=0x7f2e9258f970]
[Parent 8252: Socket Thread]: D/nsHostResolver No usable record in cache for host [sub.domain.tld] type 0.
[Parent 8252: Socket Thread]: D/nsHostResolver TRR Resolve sub.domain.tld type 1
[Parent 8252: Socket Thread]: D/nsHostResolver DNS lookup for host [sub.domain.tld] blocking pending 'getaddrinfo' or trr query: callback [0x7f2e704a0550]
[Parent 8252: Main Thread]: D/nsHostResolver TRR::SendHTTPRequest resolve sub.domain.tld type 1
[Parent 8252: Main Thread]: D/nsHostResolver TRR::OnStartRequest 0x7f2e6cebc000 sub.domain.tld 1
[Parent 8252: Main Thread]: D/nsHostResolver TRR:OnDataAvailable 0x7f2e6cebc000 sub.domain.tld 1 failed=0 aCount=52
[Parent 8252: Main Thread]: D/nsHostResolver TRR:OnStopRequest 0x7f2e6cebc000 sub.domain.tld 1 failed=0 code=0
[Parent 8252: Main Thread]: D/nsHostResolver doh decode sub.domain.tld 52 bytes
[Parent 8252: Main Thread]: D/nsHostResolver TRR Decode: 1 answer records (52 bytes body) sub.domain.tld index=36
[Parent 8252: Main Thread]: D/nsHostResolver TRR:DohDecode failed: local IP addresses or unknown IP family
[Parent 8252: Main Thread]: D/nsHostResolver TRR::On200Response DohDecode 80004005
[Parent 8252: Main Thread]: D/nsHostResolver TRR:OnStopRequest 0x7f2e6cebc000 status 0 mFailed 0
[Parent 8252: Main Thread]: D/nsHostResolver nsHostResolver::CompleteLookup sub.domain.tld 0x7f2e70003fb0 804B001E trr=1 stillResolving=0
[Parent 8252: Main Thread]: D/nsHostResolver TRR lookup Complete (1) sub.domain.tld FAILED
[Parent 8252: Main Thread]: D/nsHostResolver nsHostResolver record 0x7f2e6fe71820 new gencnt
[Parent 8252: Main Thread]: D/nsHostResolver Caching host [sub.domain.tld] negative record for 60 seconds.
[Parent 8252: Main Thread]: D/nsHostResolver CompleteLookup: sub.domain.tld has NO address
[Parent 8252: Main Thread]: D/nsHostResolver nsHostResolver record 0x7f2e6fe71820 calling back dns users
...
++++

From my understanding, its failed because "[Parent 8252: Main Thread]: D/nsHostResolver TRR:DohDecode failed: local IP addresses or unknown IP family"

Expected results:

Firefox DoH should allow local IP address.

Component: Untriaged → Networking: DNS
Product: Firefox → Core

We have a pref for that. Try setting network.trr.allow-rfc1918 to true.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Whiteboard: [necko-triaged][trr]
You need to log in before you can comment on or make changes to this bug.