Possible to resolve IP using remote DNS?

[GoogleCodeExporter]

ShowIP will not do DNS loopup if network.proxy.type == 1 && 
network.proxy.socks_remote_dns == true, which is considered a security feature 
to not leak privacy through DNS queries. Regarding this, I have a bug report 
and a feature request.

The Defect:
When the user uses a Proxy Auto-Config setup, network.proxy.type is set to 2. 
If the user also sets network.proxy.socks_remote_dns to true, ShowIP will still 
do DNS lookup locally (AFAIK). This is wrong and probably confuses the user.

The Feature Request:
More generally than the title suggests, I wonder if it's possible for ShowIP to 
lookup IP on a per-URL basis, determining which DNS resolver to query based on 
settings for the current URL.
I mean, ideally, no matter what value the proxy.type or proxy.socks_remote_dns, 
the user should always see the IP address that is _currently used_ by Firefox, 
not one of the IP addresses returned by the DNS resolver.
I'm guessing maybe there is a higher level API for lookuping IP addresses the 
way Firefox does?

Original issue reported on code.google.com by socks.n....@gmail.com on 25 May 2011 at 4:12

[GoogleCodeExporter]

Well, that is an interesting question. Ideally I'd like to not do dns look-ups 
at all but just listen to outgoing socket connections. afaict that is not 
possible in firefox?

Original comment by jan.ditt...@gmail.com on 25 May 2011 at 4:29

[GoogleCodeExporter]

I think ShowIP need not to listen to socket connections.

Firefox surely maintains a local DNS cache (or simlified lookup table?), 
combining results from the hosts file, from local ISP's DNS resolver, or from 
remote DNS, right?

I think maybe ShowIP should just query this (Firefox) local cache, and not 
query other resources at all (unless explicitly specified by the user, but 
that's different).

What do you think?

Original comment by socks.n....@gmail.com on 25 May 2011 at 5:46

[GoogleCodeExporter]

Can you point me to source inside Firefox where you think such a cache would 
live? Last time I checked (more than a year back), no such thing existed. I 
wouldn't even be sure, that Firefox reads /etc/hosts directly. IP addresses may 
also change between different requests for the same resource due to DNS 
round-robin. I'll look into it again one of these days...

Original comment by jan.ditt...@gmail.com on 25 May 2011 at 6:07

[GoogleCodeExporter]

Maybe...
http://mxr.mozilla.org/mozilla2.0/source/netwerk/dns/nsDNSService2.cpp#331
http://mxr.mozilla.org/mozilla2.0/source/netwerk/dns/nsHostResolver.cpp
should be of some help, but I don't really understand the source xD.

Also I found somebody claiming:
> If you're using a SOCKS proxy with remote DNS enabled then this isn't 
possible, as no DNS lookups will be in your cache.
source: http://flagfox.servehttp.com/forum/viewtopic.php?f=3&t=20
That came as a surprise to me. Don't know if this is true / has changed.

Original comment by socks.n....@gmail.com on 25 May 2011 at 8:54

[GoogleCodeExporter]

I wasn't aware that using a PAC file triggers different behavior than manual
proxy configuration [1]. So apart from ``network.proxy.socks_remote_dns`` set
to true, I also created the perf ``network.dns.disablePrefetch`` to bypass
local DNS queries for sites accessed through SOCKS proxy. With ShowIP disabled,
the unwanted local DNS queries are not performed, while with ShowIP enabled,
they are. So ShowIP is "leaking my privacy" ;)

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=488162#c9

Original comment by socks.n....@gmail.com on 25 May 2011 at 5:43

[GoogleCodeExporter]

There is actually code in the plugin to detect the proxy setup. I don't 
remember from the top of my head, but try looking in the plugins settings 
dialog.

Original comment by jan.ditt...@gmail.com on 11 Jun 2011 at 10:07

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect