Several DNSSEC Interference Measurement v3 events missing from Wireshark on certain queries
Categories
(Shield :: Shield Study, defect)
Tracking
(Not tracked)
People
(Reporter: ppop, Unassigned)
References
Details
Attachments
(1 file)
33.07 KB,
image/png
|
Details |
[Affected versions]:
- Firefox Unbranded Release 96.0.1
[Affected platforms]:
- Windows 10 x64
- macOS 11.6.2
[Prerequisites]:
- Have a Normandy recipe with the DNSSEC Interference Measurement v3 add-on live.
- Have a browser profile enrolled in the Normandy experiment.
- Have Wireshark installed.
[Steps to reproduce]:
- Click the "Start capturing packets" button from Wireshark.
- Open the browser with the profile from prerequisites.
- Navigate to about:telemetry and wait for the study related archived pings to generate.
- Click the "Stop capturing packets" button from Wireshark.
- Apply the following filter: (dns.flags.response == 0) and (dns.qry.name == "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15._smimecert.dnssec-experiment-moz.net").
- Observe the filtered events.
[Expected result]:
- Two rows with captured events are displayed.
[Actual result]:
- Only a single row is displayed.
[Notes]:
- Two rows should also be displayed when applying the following filter, however one of them is missing:
(dns.flags.response == 0) and (dns.qry.name == "httpssvc.dnssec-experiment-moz.net") - Attached a screenshot of the issue:
Comment 1•3 years ago
|
||
I think this relates to the TCP errors you were seeing. I assume what's happening is that the TCP-based DNS requests aren't showing up in Wireshark because the add-on failed to open a TCP connection to your DNS resolver.
When you click on the row shown in that screenshot, what transport protocol is listed? Is it UDP?
Reporter | ||
Comment 2•3 years ago
|
||
I've re-checked the rows for the 2 filters listed in the bug and both of them have the UDP protocol.
Comment 3•3 years ago
|
||
Okay, then I think this is probably fine. If your DNS resolver (e.g., whatever DNS cache your router is running) doesn't support TCP, then the add-on should report pings with TCP errors, and you shouldn't see any DNS queries get sent over TCP in Wireshark. I don't know what your DNS resolver is, but my understanding is that it's fairly common for DNS resolvers to not support TCP.
Updated•3 years ago
|
Reporter | ||
Comment 4•3 years ago
|
||
Marking this as verified since some errors are expected depending on the DNS resolver used.
Description
•