Closed Bug 1567774 Opened 6 years ago Closed 6 years ago

Google sites (partially) not working on IETF network with DoH mode 3

Categories

(Core :: Networking: DNS, defect, P2)

Product:
Core
Component:
Networking: DNS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox70 --- affected

People

(Reporter: mt, Unassigned)

References

Details

(Whiteboard: [trr][mode 3][necko-triaged][secure-proxy])

I have only done some rudimentary digging on this one, so apologies if this is a bit vague.

The IETF network operates a DNS server (31.130.229.6#53) which produces both A (e.g., 172.217.13.110) and AAAA (2607:f8b0:4020:804::200e) records for docs.google.com. Cloudflare (104.16.248.249 and 1.1.1.1) produces only a A record with a different value to the one provided by the local resolver.

I am unable to use the A record Cloudflare provides to contact these google servers when it differs. It does not always differ. When the value is the same, these problems aren't seen.

Similar effects are seen on other google properties, but not all. I had problems with fonts.google.com as well. I'm guessing that this is the result of the same problem (but that problem is now gone again).

I don't know to what extent this is common, or what the possible remedy is, but it is bad and it warrants some consideration.

To be clear, this could be the result of hostile network management practices; it's not like DoH is very popular here.

Whiteboard: [trr][secure-proxy]
Whiteboard: [trr][secure-proxy] → [trr][secure-proxy][mode 3]
Priority: -- → P2
Whiteboard: [trr][secure-proxy][mode 3] → [trr][mode 3][necko-triaged][secure-proxy]

Kershaw, can you take a look? thanks!

Flags: needinfo?(kershaw)

I've tried to reproduce with the mozilla dns server (10.238.75.120#53) since the IETF one is not reachable for me.
The DNS records of fonts.google.com from mozilla dns server was:
2a00:1450:4005:80b::200e
172.217.19.78

The records from 1.1.1.1 was:
2a00:1450:4001:809::200e
216.58.207.46

I've tried several times to connect to fonts.google.com and the connections were all successful.
This bug is difficult to proceed since I can't reproduce and there is no enough information.

Martin, do you have the steps that can reproduce this every time? If this is easy for you to reproduce, could you try to capture the http log?
Thanks.

Flags: needinfo?(kershaw) → needinfo?(mt)

I can't reproduce this every time, and that network is no longer active. I suspect that we're stuck with no resolution unless CF are able to provide further insight.

Flags: needinfo?(mt)

I'd like to close this bug, since I have no clues on how to proceed.
Feel free to reopen this if you have any new information (reproduce steps or http log).

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.