Closed Bug 1888815 Opened 1 year ago Closed 1 year ago

Firefox keeps trying to resolve cname-only https rr

Categories

(Core :: Networking: DNS, defect, P2)

Product:
Core
Component:
Networking: DNS
Version:
Firefox 126
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
127 Branch
Tracking Flags:
Tracking Status
firefox127 --- fixed

People

(Reporter: lilydjwg, Assigned: valentin)

References

(Blocks 3 open bugs)

Details

(Whiteboard: [necko-triaged][necko-priority-next])

Attachments

(3 files)

network-dns.png
207.26 KB, image/png
Details
Bug 1888815 - Add test for HTTPS record caching r=#necko
48 bytes, text/x-phabricator-request
Details | Review
Bug 1888815 - Do not set the NS_HTTP_REFRESH_DNS flag unless force-reloading the page r=#necko
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

Steps to reproduce:

open a matrix client and login into a mozilla.org account so firefox keeps polling the matrix for incoming messages.

Actual results:

Firefox keeps trying to resolve the https DNS record for mozilla.modular.im very frequently, maybe one for each HTTP request.

Expected results:

Shouldn't Firefox cache the result and calm down a bit?

The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking: DNS
Product: Firefox → Core

Thank you for reporting the issue.
I would expect DNS cache to be used.
Could you please share the output of about:networking#dns

Flags: needinfo?(lilydjwg)
Attached image network-dns.png

Here it is. After I opened my matrix tab (app.schildi.chat), I did a "clear cache" first, observed repeated HTTPS record requests (for mozilla.modular.im which is the matrix server) via Wireshark, and then refreshed and took the screenshot.

Firefox does have the A record cached (I don't see repeated requests for it in Wireshark also), but not for the HTTPS record.

Flags: needinfo?(lilydjwg)
Assignee: nobody → valentin.gosu
Blocks: 1852752
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged][necko-priority-new]

The test confirms that the DNS code works correctly. But I've reproduced the issue locally, and tracked down the problem to:
https://searchfox.org/mozilla-central/rev/c09764753ea40725eb50decad2c51edecbd33308/netwerk/protocol/http/nsHttpChannel.cpp#6613-6617

if (!LoadIsTRRServiceChannel() &&
    (mLoadFlags & VALIDATE_ALWAYS ||
     BYPASS_LOCAL_CACHE(mLoadFlags, LoadPreferCacheLoadOverBypass()))) {
  mCaps |= NS_HTTP_REFRESH_DNS;
}

This means the host resolver is instructed to bypass the cache.
Considering how often this happens, this could actually be a perf issue.
We need to:

  1. Figure out if these flags are correct & if we should always refresh the cache when VALIDATE_ALWAYS is set
  2. Consider not refreshing the DNS cache if the negative cache entry is recent.
Blocks: dns, necko-perf
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Type: enhancement → defect
See Also: → 1785964
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged][necko-priority-next]

This flag was previously being set for every page reload.
Only setting it for force-reload makes it so that we don't needlessly refresh
DNS cache entries and improves page load performance.

Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/2329d6565203 Do not set the NS_HTTP_REFRESH_DNS flag unless force-reloading the page r=necko-reviewers,jesup

https://hg.mozilla.org/mozilla-central/rev/2329d6565203

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox127: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 127 Branch
See Also: → 1885556
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: