Firefox queries DNS of Proxy destination
Categories
(Core :: Networking: Proxy, defect, P3)
Tracking
()
People
(Reporter: eros_uk, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
prefetch.png
When Firefox is set to use a proxy, (e.g. in Network Settings, PAC, or extension), expectation has been that Firefox forwards the request to the proxy without any need to DNS query the final destination.
https://bugzilla.mozilla.org/show_bug.cgi?id=1473678#c4
When a HTTP proxy is used (with or without a PAC), the host name is passed to the proxy and the proxy then resolves that name. This is by design!
https://bugzilla.mozilla.org/show_bug.cgi?id=1473678#c6
When a HTTP proxy is used, this is how a client/browser must behave. It sends the host name to the proxy, not the IP address.All HTTP clients/browsers do this since this is how HTTP over proxy works.
Firefox -> proxy.com -> destination.com
While Firefox needs to query DNS for the proxy.com (if not IP), there should not be a reason for Firefox DNS query destination.com
However, logs show that Firefox does indeed DNS queries destination.com.
Firefox might be querying DNS as part of some other process (prefetch config is attached) but nonetheless it appears that the action is not necessary.
SOCKS seems to have a Proxy DNS when using SOCKS v5 option.
Once a SOCKS proxy is used and the above option is set, Firefox no longer queries the DNS for the destination.com.
Demo: DNS lookups through a SOCKS5 Proxy Server
Shouldn't not-querying-the-destination be the standard behaviour (regardless of HTTP/HTTPS/SOCKS)?
STR
- Set a Proxy/PAC in Network Settings to be applied to all network connections
- Monitor DNS query
- Open any page (with a domain)
Tested on Ubuntu Nightly 106.0a1 (2022-09-16) (64-bit)
It appears when DoH is enabled, Firefox queries both cloudflare.com & WiFi DNS for the destination.com.
|
||
Updated•2 years ago
|
|
||
Comment 2•2 years ago
|
||
nsHttp.log.moz_log
|
|
||
Comment 3•2 years ago
|
||
Hi,
I assume this is related. I have noticed that Firefox is leaking DNS queries at client end when http proxy is enabled. I enabled tcpdump on 53/udp and noticed that the DNS name of the URL I have entered has been resolved by the client.
I guess this is a security concern, since you leak your browsing history in the DNS logs.
I have entered https://regex101.com/ and this is what I have found in my tcpdump (on the client using Firefox) ...
listening on en0, link-type EN10MB (Ethernet), capture size 1024 bytes
17:50:09.882531 IP macbook.fritz.box.50232 > ubuntu-pi.fritz.box.domain: 33821+ A? regex101.com. (30)
17:50:09.883377 IP macbook.fritz.box.56499 > ubuntu-pi.fritz.box.domain: 52053+ PTR? 29.1.168.192.in-addr.arpa. (43)
17:50:09.883504 IP macbook.fritz.box.52301 > ubuntu-pi.fritz.box.domain: 21783+ A? fonts.googleapis.com. (38)
17:50:09.891344 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.50232: 33821 1/0/0 A 78.47.220.195 (46)
17:50:09.894545 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.56499: 52053* 1/1/1 PTR MacBook.fritz.box. (104)
17:50:09.895219 IP macbook.fritz.box.59698 > ubuntu-pi.fritz.box.domain: 25669+ PTR? 2.1.168.192.in-addr.arpa. (42)
17:50:09.900912 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.59698: 25669* 1/1/1 PTR ubuntu-pi.fritz.box. (105)
17:50:09.906266 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.52301: 21783 1/0/0 A 173.194.76.95 (54)
17:50:10.282276 IP macbook.fritz.box.59063 > ubuntu-pi.fritz.box.domain: 51451+ A? fonts.gstatic.com. (35)
17:50:10.288052 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.59063: 51451 1/0/0 A 142.250.185.99 (51)
17:50:21.565230 IP macbook.fritz.box.50450 > ubuntu-pi.fritz.box.domain: 22787+ A? incoming.telemetry.mozilla.org. (48)
17:50:21.569282 IP ubuntu-pi.fritz.box.domain > macbook.fritz.box.50450: 22787* 1/0/0 A 0.0.0.0 (64)
I have attached the corresponding nsHttp.log.moz_log. From my point of view this is a bug.
|
||
Comment 4•3 months ago
|
||
Moving bug to Core/Networking: Proxy.
Description
•