Open Bug 1870496 Opened 5 months ago Updated 2 months ago

DNS resolution fails if any label in a CNAME target begins with a hyphen or an underscore

Categories

(Core :: Networking: DNS, defect, P3)

Product:
Core
Component:
Networking: DNS
Version:
Firefox 120
Platform:
All
Android
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: bugzilla.mozilla.simon, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Steps to reproduce:

Set up the following DNS records:

www1.test A 192.0.2.1
_www2.test A 192.0.2.1
www3._www3.test A 192.0.2.1
www_4.test A 192.0.2.1
-www5.test A 192.0.2.1
www6.-www6.test A 192.0.2.1

cname1.test CNAME www1.test
cname2.test CNAME _www2.test
cname3.test CNAME www3._www3.test
cname4.test CNAME www_4.test
cname5.test CNAME -www5.test
cname6.test CNAME www6.-www6.test

Open all of the "cname1" to "cname6" hostnames as URLs in Firefox.

Actual results:

Only "cname1" and "cname4" can be resolved and Firefox will connect to them.
The other names will return "Address Not Found".

Expected results:

All of "cname1" to "cname6" can be resolved and Firefox will connect to them.

The hostnames used in CNAME targets (or chains of CNAME targets) should not be subject to the same validation as the hostname in the URL.

All of these work in Chrome 120.0.6099.115 and Samsung Internet 23.0.1.1 (including the A names as URLs) on the same Android 14 device.

For testing, there's a list of links to hostnames set up like this at https://gist.github.com/nomis/e4d32435f199aeffbf64197dc55b5ba9.

Just a guess: Maybe Firefox is using Android System's Resolver , and Chromium-based browsers are using there own dns resolver?

Testing with /system/bin/ping produces the same results, so it does look like a bug in the Android resolver.

The Android bug is here: https://issuetracker.google.com/issues/154694663

Bug 1630439 is the same issue but with trailing underscores.

See Also: → 1630439, 1632163

Sending to the DNS component to answer comment 3 and triage accordingly.

Component: General → Networking: DNS
Product: Fenix → Core

(In reply to jackyzy823 from comment #3)

Just a guess: Maybe Firefox is using Android System's Resolver , and Chromium-based browsers are using there own dns resolver?

Yes, we are using Android System's Resolver.

Blocks: dns
Severity: -- → S4
Priority: -- → P3
Whiteboard: [necko-triaged]
Duplicate of this bug: 1870497
No longer duplicate of this bug: 1870497
See Also: → 1870497
Whiteboard: [necko-triaged] → [necko-triaged][necko-priority-review]

Let's file a bug in Android/Bionic.
If the Java DNS API works but getaddrinfo doesn't we could consider moving to that (if it also has other benefits).

Whiteboard: [necko-triaged][necko-priority-review] → [necko-triaged]

Let's file a bug in Android/Bionic.

Putting the Bionic bug report from comment 5 into "See Also"

See Also: → https://issuetracker.google.com/issues/154694663
You need to log in before you can comment on or make changes to this bug.