Closed Bug 1636411 Opened 11 months ago Closed 11 months ago

Allow disabling DNS via pref

Categories

(Core :: Networking: DNS, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla78
Tracking Status
firefox78 --- fixed

People

(Reporter: acat, Assigned: acat)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged] [tor 33962])

Attachments

(2 files)

In Tor Browser we keep a patch originally for bug 751465 as a defense-in-depth for DNS leaks like bug 1618271 or bug 1470411. The patch approach is similar to the one described in https://bugzilla.mozilla.org/show_bug.cgi?id=1618271#c2: we check if network.proxy.socks_remote_dns == true and in that case we only allow resolving IP literals.

However, for now I'd like to suggest a simpler solution which should work for Tor Browser and I assume should be easier to accept and land. Just disable DNS (only allow ip literals or cached entries) if network.dns.disabled = true. This should work for us, as we can just set network.dns.disabled = true. For Firefox, I guess protections for DNS proxy bypasses like the one discussed in https://bugzilla.mozilla.org/show_bug.cgi?id=1618271#c2 can be done later independently of this (when network.dns.disabled = false).

If network.dns.disabled=true, only resolve IP literals or cached
entries.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6bbed9a7eb4b
Allow disabling DNS resolution via pref r=dragana,necko-reviewers
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla78

Adding a check that I had missed in 1636411, cached entries should not be
renewed if network.dns.disabled = true.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #9147212 - Attachment description: Bug 1636411 followup - don't renew cached entries if network.dns.disabled → Bug 1636411 followup - add network.dns.disabled checks to cover all paths
Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1bd7b8776812
followup - add network.dns.disabled checks to cover all paths r=necko-reviewers,valentin
Status: REOPENED → RESOLVED
Closed: 11 months ago11 months ago
Resolution: --- → FIXED
Regressions: 1638192
Whiteboard: [necko-triaged] → [necko-triaged] [tor 33962]
You need to log in before you can comment on or make changes to this bug.