Open Bug 1884762 Opened 1 year ago Updated 4 months ago

Add networking API to determine if domain is local

Categories

(Core :: Networking, enhancement, P2)

Product:
Core
Component:
Networking
Type:
enhancement
Points:
5

Tracking

()

People

(Reporter: valentin, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [necko-triaged][necko-priority-next])

Add API to query whether a domain is local or remote

(In reply to Marco Bonardo [:mak] from bug 1871359 comment #0)

While investigating Bug 1870484, we found that our functionality is overlapping with Domain-Over-Https (called trr in network code and later here).

The Address Bar tries to discern local from remote domains, using PSL to identify top-level domains, and preferences for potential local resources.
Though, once that's done, it's up to network, so even if the Address Bar evaluated something to be local, it may still go to the remote DNS because network decides so. Or even if network considers some resource local, the Address Bar may not know.

Trr is doing pretty much a similar discerning as the Address Bar, but with more sources:

  • nsINetworkLinkService.dnsSuffixList
  • Preferences network.trr.excluded-domains and network.trr.builtin-excluded-domains
  • /etc/hosts

Due to this disconnection between the 2, the final user experience may not be the best.
We'd like to evaluate with the network team what's the best approach to unify this decision path.

For example, we could migrate our prefs to the network ones, but would network accept additional local domains indicated by https://tools.ietf.org/html/rfc2606 (.test, .example, .invalid, .localhost) + https://tools.ietf.org/html/draft-wkumari-dnsop-internal-00 (we have evidence of .internal being used by GCP and Digicert, possibly others).
Having a single pref that users can modify would be beneficial to both.
Otherwise, we could start observing both prefs (ours and network's).

Similarly, having a common souce of truth (API) including /etc/hosts and dnsSuffixList may be beneficial, so we don't have to duplicate all the checks, with risk of introducing differences and bugs.
Something like nsINetworkLinkService could expose an isResourceLocal(URI) (fantasy name) API that we could use.

As a first step, I'd like to hear from Network for thoughts and opinions about this, and whether we could put together a plan to reach convergence.

Requrements:

  1. Interface that provides method to determine if domain is local: boolean hasLocalDomain(in nsIURI uri) or boolean isLocalDomain(in AUTF8String domain).
  2. Make sure that all of rfc2606 domains are added to the list (.internal too) - builtin-excluded-domains - or maybe we want a different pref that is not TRR specific.
  3. Make sure we parse also /etc/hosts when TRR is not enabled (watch out for performance regressions).
  4. Consider watching for changes /etc/hosts - this can be a follow-up. I think Chrome does it, but I don't think it's very common for the file to change.
  5. Make sure it's an appropriate replacement for domainsuffixwhitelist prefs.
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged][necko-priority-next]
Points: --- → 5
See Also: → 1927288

Hi Oskar, could you take a look at this bug?
This is a good opportunity to learn DNS code a bit.

Flags: needinfo?(omansfeld)
Assignee: nobody → omansfeld
Status: NEW → ASSIGNED
Flags: needinfo?(omansfeld)

I started looking into this and have some questions/thoughts:

  1. How should we structure the prefs?

    • I think it's a good idea to have a single point where the user would add additional custom local domains, right now they would have to be added to both browser.fixup.domainsuffixwhitelist.<suffix> and to network.trr.excluded-domains or network.trr.builtin-excluded-domains.
    • Suggestion: add a new pref (something like network.local-domains e.g.) that can replace both builtin-excluded-domains and the domainsuffixwhitelist prefs. excluded-domains should be kept because users might want to exclude domains from TRR that are not local. This new pref can then be used by the new API.

  2. Where to implement method

    • should this be it's own interface that only implements the new API or can we add the method to an existing interface?
    • e.g. to nsINetworkLinkService where we are already parsing the DNS suffixes since we probably want to use that for the API anyways.
Flags: needinfo?(valentin.gosu)

(In reply to Oskar Mansfeld from comment #3)

I started looking into this and have some questions/thoughts:

  1. How should we structure the prefs?
    • I think it's a good idea to have a single point where the user would add additional custom local domains, right now they would have to be added to both browser.fixup.domainsuffixwhitelist.<suffix> and to network.trr.excluded-domains or network.trr.builtin-excluded-domains.
    • Suggestion: add a new pref (something like network.local-domains e.g.) that can replace both builtin-excluded-domains and the domainsuffixwhitelist prefs. excluded-domains should be kept because users might want to exclude domains from TRR that are not local. This new pref can then be used by the new API.

I would leave existing network.trr.excluded-domains prefs untouched. We use them to save the user's excluded domains, and they're not exactly local domains.
We can replace network.trr.builtin-excluded-domains and browser.fixup.domainsuffixwhitelist.*

  1. Where to implement method
    • should this be it's own interface that only implements the new API or can we add the method to an existing interface?
    • e.g. to nsINetworkLinkService where we are already parsing the DNS suffixes since we probably want to use that for the API anyways.

I'm OK with either. Probably best to create a new interface nsILocalDomainService. We need a few different methods here:

  • hasLocalTLD(domain) - returns true if the domain is .internal, .local, etc
  • isPublicTLD(domain) - not sure if we need this when we have nsIEffectiveTLDService::hasKnownPublicSuffix
  • isLocallyResolved(domain) - returns true if the domain is on the TRR excluded-domain list, or in /etc/hosts, or DNS suffix list. We can split this into several methods (isExcludedFromTRR, isInEtcHosts, matchesDNSsuffixList). I think many consumers just want to know if something is locally resolved, so as to not use TRR / turn it into a google search, so this method is the one we want most.
Flags: needinfo?(valentin.gosu)

currently cleaning up my bugs and unassingning from this one as I'll focus on neqo/quic/http3 work.

Assignee: omansfeld → nobody
Status: ASSIGNED → NEW
Rank: 2
You need to log in before you can comment on or make changes to this bug.