Open Bug 1810410 Opened 2 years ago Updated 1 year ago

Why does "DNS over HTTPS" chase CNAME answers if HTTPS records have valid answers.

Categories

(Core :: Networking: DNS, enhancement, P2)

Firefox 102
enhancement

Tracking

()

People

(Reporter: valentin, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

+++ This bug was initially created as a clone of Bug #1779110 +++

(In reply to fantasyfate from bug 1779110 comment #18)

Unfortunately at version 108, "DNS over HTTPS" chases CNAME answers if HTTPS records have valid answers.

Opening "https://dns.nextdns.io/", and the CoreDNS will display DNS queries from Firefox (the order may differ):

HTTPS IN dns.nextdns.io.
A IN dns.nextdns.io.
AAAA IN dns.nextdns.io.
A IN steering.nextdns.io.
AAAA IN steering.nextdns.io.
Summary: Why does "DNS over HTTPS" chases CNAME answers for HTTPS records and NODATA responses? → Why does "DNS over HTTPS" chase CNAME answers if HTTPS records have valid answers.

Alternative effortless way to reproduce this bug:

  1. Enable DNS over HTTPS
  2. Open the URL in address bar (it is useless to resolve domain in "about:networking#dnslookuptool" page)
  3. Observe results in "about:networking#dns" page

For extra two examples:
Open "https://www.economist.com/", but "economist.com.cdn.cloudflare.net" appears.
Open "https://www.speedtest.net/", but "www.speedtest.net.cdn.cloudflare.net" appears.

Assignee: valentin.gosu → nobody
You need to log in before you can comment on or make changes to this bug.