Closed Bug 1619071 Opened 2 years ago Closed 8 months ago

Canary domain use-application-dns.net with NOERROR response

Categories

(Core :: Networking: DNS, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
95 Branch
Tracking Status
firefox95 --- fixed

People

(Reporter: pe1chl, Assigned: nhnt11)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged][trr])

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Please enhance the handling of use-application-dns.net queries as a DoH canary domain.
Some routers with simple DNS resolver allowing static domain entries can only return records with NOERROR and a fixed A and/or AAAA value in their replies.
As it is now, only NOERROR records without A and AAAA are accepted as an indication that DoH should not be used, which is not possible with those routers.
Please add to that: a reply with NOERROR and a defined A or AAAA record, e.g. 127.0.0.2 or similar.

See Also: → 1616644

This seems fine to me. Taking a look at https://en.wikipedia.org/wiki/Reserved_IP_addresses it'd be good to get some of our standards people to weigh in on which range might be best to use.

I feel good about treating any "local" IP address as a trigger.
The IP checks are done here and we can use nsIIOService.hostnameIsLocalIPAddress to check it in the addon/platform.

Priority: -- → P2
Whiteboard: [necko-triaged][trr]

Is there any update on this? Would you consider 0.0.0.0 as "local" as well?

Assignee: nobody → nhnt11
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: P2 → P3

This allows certain routers to signal us to disable DoH when they are not capable of
responding with NXDOMAIN or no A records.

Pushed by nhnt11@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/83ed6619c2ea
Trip Canary heuristic when canonical lookup contains only local addresses. r=necko-reviewers,valentin
Pushed by nhnt11@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6ed00b7f71c2
Trip Canary heuristic when canonical lookup contains only local addresses. r=necko-reviewers,valentin
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
Flags: needinfo?(nhnt11)
You need to log in before you can comment on or make changes to this bug.