I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1475605 to capture
this issue and (most of) this discussion.
On Tue, Jun 26, 2018 at 5:17 PM, Brannon Dorsey
wrote:
> >
> > First, I think downright denying "private IP addresses" from DNS
> responses
> > is very hard and is doomed to break th
>
> First, I think downright denying "private IP addresses" from DNS responses
> is very hard and is doomed to break the web experience for a set of users
> who use private/local DNSes etc.
>
Yes, I concur. Lets not block them outright, but rather only in the
instance that a domain name that prev
On Thu, 28 Jun 2018, Martin Thomson wrote:
If we ever have code to support .local in the browser, then those will need
to avoid using the DoH stack for resolving those names.
That is *exactly* what we already have and do! =) Since they're explicitly
local, they're considered "blacklisted" by
On Thu, Jun 28, 2018 at 1:21 AM Benjamin Francis wrote:
> On 25 June 2018 at 16:50, Brannon Dorsey wrote:
>
> > As far as I see it, a
> > domain name should never be allowed to respond with a private IP address
> > moments after it first responded with a public IP address.
> >
>
> If I understand
On 25 June 2018 at 16:50, Brannon Dorsey wrote:
> As far as I see it, a
> domain name should never be allowed to respond with a private IP address
> moments after it first responded with a public IP address.
>
If I understand correctly, this is exactly what we plan to do on our Mozilla
IoT gatew
On Mon, 25 Jun 2018, Brannon Dorsey wrote:
Users can protect themselves from this type of attack by using a DNS
resolver that filters out private IP addresses from public DNS responses.
OpenDNS and dd-wrt can both provide this functionality if configured
properly, but my question is, *why not
6 matches
Mail list logo
