Firefox do not recognize DNS resolution of Borgon IP Address from Secure DoH
Categories
(Core :: Networking: DNS, defect)
Tracking
()
People
(Reporter: 20h2, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
92.00 KB,
image/png
|
Details |
Screenshot_2024-09-08_08.png
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Steps to reproduce:
My company use a domain which resolves to 10.200.*.*, a Borgon IP Address.
However, when I enabled DNS over HTTPS in Firefox, no matter which DoH server is set or used, firefox would tell me "The website wasn't found by ...." (NS_ERROR_UNKNOWN_HOST).
But when I add an entry of 10.200.X.X to /etc/hosts, then Firefox can open that website using my company's network.
Actual results:
- Set up DoH in Firefox.
- Query or try to open a website which resolves to 10.X.X.X (in my case it is 10.200.X.X)
- Firefox tells me that website cannot be found.
- Add an entry in /etc/hosts and let trr bypass hosts resolutions.
- Then the website can be found.
Expected results:
The website should be found & accessible no matter whether DoH is used or not.
|
||
Comment 1•6 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•6 months ago
|
||
Hi,
Normally domains that resolve to local IP addresses 10.X.X.X should not be handled by DoH, which is why we have the network.trr.allow-rfc1918 pref.
The solution is to either use DoH in Increased protection mode so that Firefox falls back to the OS resolver, change the pref due to this specific use case, or add the domain to the DoH exception list.
Adding an entry for the domain in /etc/hosts makes Firefox not use DoH for that domain.
Please let me know if you have any feedback. Thanks!
|
||
Comment 3•6 months ago
|
||
Could take a look at comment #2 and see if the solution works for you?
|
||
Updated•4 months ago
|
Description
•