DNS over HTTP activated when GUI says it's off
Categories
(Firefox :: Settings UI, defect)
Tracking
()
People
(Reporter: junk07+mozilla, Unassigned)
Details
Steps to reproduce:
According to the user, normal browser use.
This morning, a Windows PC running Firefox 77.0.1 effectively attacked my web proxy by trying to access DNS-over-HTTPS server 250x/sec (Bug 1643228 suggests less aggressive behavior)
Actual results:
The Settings GUI showed that DNS-over-HTTPS was disabled (and user never asked for it to be enabled). Setting & clearing the option did nothing until I exited Firefox and went back in; at that point, it stopped trying to use the feature.
Expected results:
DNS-over-HTTPS should not spontaneously enable itself on an established installtion.
The GUI should accurately reflect the state of the feature; if GUI says it's disabled, it should be disabled.
|
||
Comment 1•5 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
|
||
Comment 2•5 years ago
|
||
(In reply to Charles Boling from comment #0)
Steps to reproduce:
According to the user, normal browser use.
This morning, a Windows PC running Firefox 77.0.1 effectively attacked my web proxy by trying to access DNS-over-HTTPS server 250x/sec (Bug 1643228 suggests less aggressive behavior)
Actual results:
The Settings GUI showed that DNS-over-HTTPS was disabled (and user never asked for it to be enabled). Setting & clearing the option did nothing until I exited Firefox and went back in; at that point, it stopped trying to use the feature.
Expected results:
DNS-over-HTTPS should not spontaneously enable itself on an established installtion.
The GUI should accurately reflect the state of the feature; if GUI says it's disabled, it should be disabled.
Thank you for reporting these issues! As we covered in the other one (bug 1643228), there was a bug in 77.0 that caused an unexpected number of requests to go out to DoH providers and we shipped 77.0.1 to mitigate this issue. As for the GUI - here is some relevant context:
- Automatic heuristics to turn DNS over HTTPS on and off are actually enabled by default for users in the US - this means that for these clients, if the network conditions pass our heuristics, DoH will be turned on.
- Unfortunately the checkbox to turn DoH on and off in the preferences UI will reflect the outcome of our heuristics (if they are on) rather than whether the heuristics are actually enabled. This is being fixed (see also: bug 1642078).
- In the future, we will be shipping some code that automatically chooses one of the available providers rather than sticking with the default (Cloudflare) for all users. The choice will be made based on DNS resolution performance (in terms of speed) of each provider, as seen on a given client.
- This code runs a few DNS requests in order to do said performance measurement - the domains being resolved are not user-data but rather pre-defined.
- These measurement-related requests were responsible for triggering the bug leading to an unchecked flood of requests.
I hope this clarifies some of the problems you're seeing. It's likely that the excessive requests were not because DoH was enabled, but just due to the measurements. However, the issue with the GUI is also valid and we are working on fixing it. I'll leave this open for now since we don't have a dupe that covers all of the issues.
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
Reporter | |
Comment 3•5 years ago
|
||
Got it. Nice work -- thanks!
|
||
Comment 4•5 years ago
|
||
Hey nhnt11 - would you say this bug, as stated, is a dupe of bug 1642078 then?
|
|
||
Comment 5•5 years ago
|
||
Yeah, as of two days ago we scope-creeped that bug to include a change that fixes this one as stated. Thanks for the nudge!
Description
•