uBlock + Firefox = DNS Leaking

[snoitallicso]

Prerequisites

• [X] I verified that this is not a filter issue (MUST be reported at filter issue tracker)
• [X] This is not a support issue or a question
• [X] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
• [X] The issue is not present after wholly disabling uBlock Origin ("uBO") in the browser
• [X] I checked the documentation to understand that the issue I report is not a normal behavior

I tried to reproduce the issue when...

• [X] uBO is the only extension
• [X] uBO with default lists/settings
• [X] using a new, unmodified browser profile

Description

Settings:

Proxy DNS when using SOCKS v5 = true

Enable DNS over HTTPS = true

Provider DNS: NextDNS, Cloudflare (it doesn't matter even if it on/off)

I'm using proxy extension to get one stricted by country website and find out that it can detect my actual IP without problem. At forums root of the problem named by DNS is leaking.

At first time I was thinking that problem can be fixed by about:config (to fix WebRTC Leaking), so I switch:

Set these to False

about:config?filter=media.peerconnection.enabled about:config?filter=media.peerconnection.use_document_iceservers about:config?filter=media.peerconnection.video.enabled about:config?filter=webgl.enable-webgl2 Set these to True about:config?filter=media.peerconnection.turn.disable about:config?filter=webgl.disabled Set to 1 about:config?filter=media.peerconnection.identity.timeout

But problem is not going away.

After that I switch over 6 proxy extensions with dozen of the countries.

But that doesn't change anything. So I started to disable extensions and check… And I solve my problem as uBlock was disabled!

I like uBlock and do not want it to change for ADBP etc.

Can you fix that issue?

P.S. at Chrome this problem doesn't appear.

A specific URL where the issue occurs

https://surfshark.com/dns-leak-test

Steps to Reproduce

1. Install a proxy extension
2. Install ublock
3. Go to https://surfshark.com/dns-leak-test
4. Now disable ublock and retest

Expected behavior

My ISP's original IP shouldn't be available for public.

Actual behavior

Proxy IP + ISP's available for web services.

uBlock Origin version

1.37.2

Browser name and version

Firefox 92.0.1 / 94.0a1 (2021-09-30)

Operating System and version

Windows 10

[snoitallicso]

[snoitallicso]

[gorhill]

Install a proxy extension

That is your issue, use a system-wide proxy or disable uBO's "Uncloak canonical names". When you use a proxy extension, there is no guarantee that other extensions will have their own network requests go through another proxy extension -- extensions cannot affect each other.

[snoitallicso]

Install a proxy extension

That is your issue, use a system-wide proxy or disable uBO's "Uncloak canonical names". When you use a proxy extension, there is no guarantee that other extensions will have their own network requests go through another proxy extension -- extensions cannot affect each other.

There is no problem using proxy extension without uBlock!

[gorhill]

Disable "Uncloak canonical names" and report the result.

[gorhill]

Also, be more specific:

Install a proxy extension

Provide an exact URL to such extension.

[snoitallicso]

Uncloak canonical names

Problem solved. Please add information inside help popup for such issues?

Also, be more specific:

Install a proxy extension

Provide an exact URL to such extension.

Any top proxy extension from addons.mozilla.org

[gorhill]

The issue is only with proxy/vpn extensions, there is no issue with system-wide proxy/vpn.

[gorhill]

I installed Hola Free VPN Proxy Unblocker, and when uBO does a DNS query to resolve to cnames, there is a proxyInfo property on the request details object.

Those per-site proxy extensions are probably using proxy.onRequest, hence why uBO's internal DNS queries do not go through the proxy. There is no magic solution for uBO disabling cname-uncloaking if the proxyInfo property is present, as the proxyInfo property may also exist when a there is a system-wide or browser-wide proxy configuration in effect. The issue is per-site proxying through an extension.

What I could do is add a sub setting "Disable the uncloaking of canonical names for proxied requests" to avoid the kind of surprise here (the imperfect proxying when done through an extension).

[uBlock-user]

same as https://github.com/uBlockOrigin/uBlock-issues/issues/911 ?

[gorhill]

Not the same, #911 was fixed by Firefox -- the issue was uBO's DNS queries were bypassing the browser-wide settings. This is fixed.

Here the issue is uBO's DNS query not being proxied by another extension doing the proxying on-the-fly through proxy.onRequest(), which is expected as extensions can't interfere which each other's requests -- there is no way for uBO to know whether the proxying was done on-the-fly or is browser-wide.

A solution for this would be for Firefox to indicate with a property in the proxyInfo object whether the proxying was done on-the-fly, in which case uBO could avoid making a DNS query.

[ghost]

There is no such issue with OpenVPN.

[uBlock-user]

https://bugzilla.mozilla.org/show_bug.cgi?id=1910593

fixed in ff 132

[mb]

https://bugzilla.mozilla.org/show_bug.cgi?id=1910593 isn't a fix for the DNS leak described in this bug. I verified that the leak described in this issue still occurs in Firefox Nightly 132.0a1 (2024-09-18), where Bug 1910593 is fixed. The fix in uBlock https://github.com/gorhill/uBlock/commit/d5f14ffa32a3b0ae3662bd8067dc937dc116d2cc pending for the next release is still necessary.