Closed Bug 1845595 Opened 2 years ago Closed 2 years ago

Cloudflare DNS doesnt properly resolve websites

Categories

(Core :: Networking: DNS, defect)

Product:
Core
Component:
Networking: DNS
Version:
Firefox 115
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: bo0od, Unassigned)

References

Details

Attachments

(2 files)

manjaroforum.png
23.99 KB, image/png
Details
downloadlink.png
22.83 KB, image/png
Details
Attached image manjaroforum.png

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

Simply go to about:preferences#privacy then DNS over HTTPS then Max protection

Actual results:

Check the uploaded image

Expected results:

Display and redirect to websites properly (websites are legit)

Attached image downloadlink.png

More info: the connection tested from Dubai/UAE
Issue reported to CF with no reply until now: https://community.cloudflare.com/t/cloudflare-dns-cant-resolve-some-websites-affected-country-is-uae-dubai/536675

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Security
Product: Firefox → Core

Unfortunately this warning appears to be working exactly as intended -- your country is blocking access to "DNS over HTTPS" (DOH). In lower protection levels Firefox would silently fall back to "plaintext" DNS just so people didn't have a broken internet. We're confident now that the DNS over HTTPS infrastructure is generally reliable enough to offer this "strict" mode that will let the user know before we leak any destination information.

In theory this could be a temporary network glitch or busy DOH server. But if "Try Again" doesn't work and other people aren't having a problem with the server (for example, https://downforeveryoneorjustme.com/mozilla.cloudflare-dns.com.?proto=https ) then the network you are on is taking active steps to disable DOH. The only thing you can do a that point is either a) submit to the surveillance, or b) find a way on to another network such as through a VPN. Although countries who block DOH probably also block VPNs.

https://support.mozilla.org/en-US/kb/dns-over-https#

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Component: DOM: Security → Networking: DNS
Resolution: --- → WORKSFORME

The messaging might have been improved with Bug 1836732. "Unexpected problem" is certainly not very helpful. @bo0od can you verify that the messaging improved in Nightly https://www.mozilla.org/en-US/firefox/channel/desktop/? Bug 1841509 might also be helpful in addressing the blocking behavior. I've put

162.159.61.4 mozilla.cloudflare-dns.com

into my /etc/hosts to not rely on native DNS to bootstrap the DoH connection. I was then able to use DoH in my university network.

Flags: needinfo?(bo0od)
See Also: → 1836732
Flags: needinfo?(bo0od)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: