Open Bug 468868 Opened 16 years ago Updated 1 day ago

network.proxy.socks_remote_dns preference doesn't work with PAC files.

Categories

(Core :: Networking: Proxy, defect, P5)

Product:
Core
Component:
Networking: Proxy
Platform:
x86
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox57 - ---

People

(Reporter: bugs, Unassigned)

Details

(Whiteboard: [necko-would-take]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

This may be related to, but is not a duplicate of bug 458303.



Reproducible: Always

Steps to Reproduce:
I need to use a SOCKS proxy server to access a network resource, a resource that is not DNS resolvable by public DNS.

Access works as expected when configuring Firefox to use a SOCKS proxy (and only a SOCKS proxy) and after setting network.proxy.socks_remote_dns to true.

However, utilizing a Proxy Auto-Configuration (PAC) file to return the same information fails.  I've verified that the PAC file is queried, and an embedded alert statement indicates that it is returning the same SOCKS information.  However, Firefox still appears to attempt a local DNS lookup, then fails with an "Address Not Found" error.
Confirming with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090219 Minefield/3.2a1pre

STR:
1. set network.proxy.socks_remote_dns to true
2. use a PAC file
3. have that PAC file return SOCKS

Expected results:
The DNS lookup happens on the SOCKS server

Actual results:
DNS lookup failure

Other notes:
It's probably permissible for IsHostInNet to make no sense, but if the PAC file never calls it or does anything else other than string comparisons against the host, it would be preferable to delay DNS lookup to after the proxy was determined.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows Vista → All
Related: bug 474824,
Fwiw, I did investigate how this should work with the original fix.  See bug 134105 comment 55 https://bugzilla.mozilla.org/show_bug.cgi?id=134105#c55 .  In an ideal world, the PAC would describe how to interact with proxy servers - that's its role in life, after all.  It would seem strange and confusing if one PAC will be interpreted differently by multiple clients.  Also consider that the PAC format is cross-browser.  I did at one point have a change which allowed a PAC to specify mode, but the interop issues were very large.

I don't mean to imply that nothing should be done here, just that honoring the pref seems like a band-aid that won't fix the entire issue.  If an enterprise needs to push down custom FireFox configs, then perhaps they didn't need a PAC anyway...
Two notes:

1) This seems only to happen with local PAC files. If you have a remote one specifying a SOCKS proxy everything works fine for me.

2) You may use FoxyProxy that works even in the case of local PAC files (as a disclaimer: I'm one of the devs).
Whiteboard: [necko-would-take]
[Tracking Requested - why for this release]:
As the proxy API for WebExtension uses PAC, this bug causes DNS leaks for all users who wish to use extensions to manage their proxy settings in Firefox 57.
tracking-firefox57: --- → ?
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
Severity: normal → S3

Moving bug to Core/Networking: Proxy.

Component: Networking → Networking: Proxy
You need to log in before you can comment on or make changes to this bug.