Firefox queries DNS of Proxy destination
Categories
(Core :: Networking: Proxy, defect, P3)
Tracking
()
People
(Reporter: eros_uk, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
When Firefox is set to use a proxy, (e.g. in Network Settings, PAC, or extension), expectation has been that Firefox forwards the request to the proxy without any need to DNS query the final destination.
https://bugzilla.mozilla.org/show_bug.cgi?id=1473678#c4
When a HTTP proxy is used (with or without a PAC), the host name is passed to the proxy and the proxy then resolves that name. This is by design!
https://bugzilla.mozilla.org/show_bug.cgi?id=1473678#c6
When a HTTP proxy is used, this is how a client/browser must behave. It sends the host name to the proxy, not the IP address.All HTTP clients/browsers do this since this is how HTTP over proxy works.
Firefox -> proxy.com -> destination.com
While Firefox needs to query DNS for the proxy.com
(if not IP), there should not be a reason for Firefox DNS query destination.com
However, logs show that Firefox does indeed DNS queries destination.com
.
Firefox might be querying DNS as part of some other process (prefetch config is attached) but nonetheless it appears that the action is not necessary.
SOCKS seems to have a Proxy DNS when using SOCKS v5
option.
Once a SOCKS proxy is used and the above option is set, Firefox no longer queries the DNS for the destination.com
.
Demo: DNS lookups through a SOCKS5 Proxy Server
Shouldn't not-querying-the-destination be the standard behaviour (regardless of HTTP/HTTPS/SOCKS)?
STR
- Set a Proxy/PAC in Network Settings to be applied to all network connections
- Monitor DNS query
- Open any page (with a domain)
Tested on Ubuntu Nightly 106.0a1 (2022-09-16) (64-bit)
It appears when DoH is enabled, Firefox queries both cloudflare.com
& WiFi DNS for the destination.com
.
Updated•2 years ago
|
Comment 2•2 years ago
|
||
nsHttp.log.moz_log
Comment 3•2 years ago
|
||
Hi,
I assume this is related. I have noticed that Firefox is leaking DNS queries at client end when http proxy is enabled. I enabled tcpdump on 53/udp and noticed that the DNS name of the URL I have entered has been resolved by the client.
I guess this is a security concern, since you leak your browsing history in the DNS logs.
I have entered https://regex101.com/ and this is what I have found in my tcpdump (on the client using Firefox) ...
listening on en0, link-type EN10MB (Ethernet), capture size 1024 bytes
17:50:09.882531 IP macbook.fritz.box.50232 > ubuntu-pi.fritz.box.domain: 33821+ A? regex101.com. (30)
17:50:09.883377 IP macbook.fritz.box.56499 > ubuntu-pi.fritz.box.domain: 52053+ PTR? 29.1.168.192.in-addr.arpa. (43)
17:50:09.883504 IP macbook.fritz.box.52301 > ubuntu-pi.fritz.box.domain: 21783+ A? fonts.googleapis.com. (38)
17:50:09.891344 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.50232: 33821 1/0/0 A 78.47.220.195 (46)
17:50:09.894545 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.56499: 52053* 1/1/1 PTR MacBook.fritz.box. (104)
17:50:09.895219 IP macbook.fritz.box.59698 > ubuntu-pi.fritz.box.domain: 25669+ PTR? 2.1.168.192.in-addr.arpa. (42)
17:50:09.900912 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.59698: 25669* 1/1/1 PTR ubuntu-pi.fritz.box. (105)
17:50:09.906266 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.52301: 21783 1/0/0 A 173.194.76.95 (54)
17:50:10.282276 IP macbook.fritz.box.59063 > ubuntu-pi.fritz.box.domain: 51451+ A? fonts.gstatic.com. (35)
17:50:10.288052 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.59063: 51451 1/0/0 A 142.250.185.99 (51)
17:50:21.565230 IP macbook.fritz.box.50450 > ubuntu-pi.fritz.box.domain: 22787+ A? incoming.telemetry.mozilla.org. (48)
17:50:21.569282 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.50450: 22787* 1/0/0 A 0.0.0.0 (64)
I have attached the corresponding nsHttp.log.moz_log
. From my point of view this is a bug.
Comment 4•3 months ago
|
||
Moving bug to Core/Networking: Proxy.
Description
•