Closed Bug 1818022 Opened 2 years ago Closed 2 years ago

Simplify the DoH native fallback warning detection and application

Categories

(Firefox :: Security, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
115 Branch
Tracking Status
firefox115 --- fixed

People

(Reporter: acreskey, Assigned: valentin)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

In Bug 1806412 we introduced the native fallback warning.

It's a rather complex system and this bug is to look for opportunities to simplify it.

The complexities:
• Normally when the DoH heuristics are tripped we disable DoH. With the fallback warning in place we need to stay in mode 2 so that we can detect that DoH is desired. This changes the behaviour of the DoHController in an unanticipated way.
• The logical conditions to support native fallback warning in nsHostResolver::NameLookup are quite complex. If a heuristic is tripped, we don't want to use a TRR. And on the other hand we don't want to fallback to native under certain scenarios.

Ideally we could find a way to contain this logic outside of the common codepath in nsHostResolver::NameLookup.

The addition of tests to native fallback, bug 1810005, should help this work.

This patch reverts the fallback warning behaviour when a canary heuristic
was tripped. Instead of enabling TRR and failing DNS resolves if skip reason
is a canary code, we now leave it disabled and instead fail DNS resolves
that would have otherwise used TRR if it had been enabled.

Assignee: nobody → valentin.gosu
Status: NEW → ASSIGNED
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/c44e06ad2914 Simplify the DoH native fallback warning detection and application r=acreskey,necko-reviewers,kershaw
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 115 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: