On Mon, 19 Mar 2018, Martin Thomson wrote:
I don't know if it is possible to know if you have a manually-configured DNS
server, but disabling this experiment there if we can determine that would
be good - that might not be something to worry about with Nightly, but it
seems like it might be needed for this to hit the trains.
How do we otherwise determine that a DNS server is not safe to replace?
Split horizon DNS is going to cause unexpected failures when users -
particularly enterprise users - try to reach names that aren't public.
That's not just an enterprise thing; this will break my home router in some
ways as well, though I'm actually totally OK with that in this case :)
I don't think it is possible - with any particularly high degree of certainty
- to know if a DNS server has been manually configured (or even if the term
itself is easy to define). The system APIs for name lookups typically don't
even expose which DNS server they use, they just resolve host names to
addresses for us.
For TRR, we've instead focused pretty hard on providing a "retry-algorithm" so
that Firefox can (if asked), retry a failed name resolve or TCP connect
without TRR and then "blacklist" that host for further TRR use for a period
into the future.
For hosts that are TRR-blacklisted this way, we also check the next-level
domain of it in the background to see if we should also blacklist the whole
domain from TRR use. Ie if "www.example.com" fails with TRR, it gets
blacklisted, retried with the native resolver and "example.com" is tested to
see if the entire domain should be blacklisted.
--
/ daniel.haxx.se
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
