Specify resolver source breaks CNAME adblocking #14755

darkdh · 2021-03-16T01:45:47Z

Caused by brave/brave-core#7731 for fixing DoH leak
And the resolver only checks local cache for CNAME request and we will only get DNS_CACHE_MISS error for empty cache on Linux reported by @antonok-edm but it did resolved for me on macos after clearing dns cache

The text was updated successfully, but these errors were encountered:

darkdh · 2021-03-16T05:11:40Z

after brave/brave-core#8262 is landed and uplifted to release.
We should test on different platforms to figure out what still doesn't work
and disable CNAME adblocking when DoH is enabled on those platforms

LaurenWags · 2021-03-18T16:50:12Z

labelling as QA/Blocked until this is uplifted

kjozwiak · 2021-03-19T06:37:24Z

Uplifted via brave/brave-core#8287 (review) & brave/brave-core#8288 (review).

stephendonner · 2021-03-19T15:53:49Z

Verification PASSED on macOS Big Sur using the following build:

Brave	1.22.65 Chromium: 89.0.4389.90 (Official Build) (x86_64)
Revision	62eb262cdaae9ef819aadd778193781455ec7a49-refs/branch-heads/4389@{#1534}
OS	macOS Version 11.2.3 (Build 20D91)

`No DoH leak`

Prerequisite: Followed https://wiki.wireshark.org/TLS and set up environment

Using the STR mentioned via brave/brave-core#8279 (comment), ensured that there weren't any DNS queries leaked when visiting https://tools.ietf.org:

`CNAME adblock`

DoH disabled

`Disabled`	`Without filters`	`Filters applied`

DoH automatic

`Automatic`	`Without filters`	`Filters applied`

Cloudflare

`Cloudflare`	`Without filters`	`Filters applied`

NextDNS

`NextDNS`	`Without filters`	`Filters applied`

Verification passed on

Brave | 1.23.68 Chromium: 90.0.4430.51 (Official Build) (64-bit)
-- | --
Revision | 32e5fa33a31641bded70a90e60121060691e7125-refs/branch-heads/4430@{#927}
OS | Windows 10 OS Version 2004 (Build 19041.867)

Verified the test plan from brave/brave-core#8279

`No DoH leak`

Ensured that there weren't any DNS queries leaked when visiting https://tools.ietf.org:

`CNAME adblock`

DoH disabled

`Disabled`	`Without filters`	`Filters applied`

DoH automatic

`Automatic`	`Without filters`	`Filters applied`

Cloudflare

`Cloudflare`	`Without filters`	`Filters applied`

NextDNS

`NextDNS`	`Without filters`	`Filters applied`

Verification passed on

Brave	1.23.69 Chromium: 90.0.4430.61 (Official Build) (64-bit)
Revision	dced74d4124b26b14126b611853d33512b60c7b6-refs/branch-heads/4430@{#1115}
OS	Ubuntu 18.04 LTS

Verified the test plan from brave/brave-core#8279

`No DoH leak`

Ensured that there weren't any DNS queries leaked when visiting https://tools.ietf.org:

`CNAME adblock`

DoH disabled

`Disabled`	`Without filters`	`Filters applied`

DoH automatic

`Automatic`	`Without filters`	`Filters applied`

Cloudflare

`Cloudflare`	`Without filters`	`Filters applied`

NextDNS

`NextDNS`	`Without filters`	`Filters applied`

srirambv · 2021-03-22T11:15:12Z

Verification passed on OnePlus 6T with Android 10 running 1.22.66 x64 build

Verified test plan from Only specify net::HostResolverSource::DNS when DoH is enabled brave-core#8279

DoH Automatic

Android.ARM.DoH.Automatic.mp4

DoH OpenDNS

Android.ARM.DoH.Open.DNS.mp4

DoH CloudFlare

Android.ARM.DoH.Cloudflare.mp4

Verification passed on Samsung Tab A with Android 10 running 1.22.66 x64 build

Verified test plan from Only specify net::HostResolverSource::DNS when DoH is enabled brave-core#8279

DoH Automatic

Android.Tab.DoH.Automatic.mp4

DoH OpenDNS

Android.Tab.DoH.OpenDNS.mp4

DoH CloudFlare

Android.Tab.DoH.CloudFlare.mp4

bsclifton · 2021-03-23T18:24:47Z

Moving to 1.23 after manually reverting from 1.22.x with brave/brave-core@f20e8ba

The fix for this appears to be causing #14721 on all channels

darkdh added OS/Android Fixes related to Android browser functionality OS/Desktop labels Mar 16, 2021

darkdh self-assigned this Mar 16, 2021

darkdh mentioned this issue Mar 16, 2021

Explicit DNS query made by CNAME adblocking should respect user dns setting brave/brave-core#8260

Closed

24 tasks

darkdh added QA/Test-Plan-Specified QA/Yes release-notes/include labels Mar 16, 2021

darkdh closed this as completed Mar 16, 2021

darkdh added closed/invalid and removed QA/Test-Plan-Specified QA/Yes release-notes/include labels Mar 16, 2021

darkdh reopened this Mar 16, 2021

darkdh added OS/Linux needs-investigation A bug not 100% confirmed/fixed and removed closed/invalid labels Mar 16, 2021

antonok-edm mentioned this issue Mar 16, 2021

Fix regression in CNAME uncloaking #14756

Closed

darkdh added OS/Windows and removed OS/Android Fixes related to Android browser functionality OS/Desktop needs-investigation A bug not 100% confirmed/fixed labels Mar 17, 2021

darkdh mentioned this issue Mar 17, 2021

Only specify net::HostResolverSource::DNS when DoH is enabled brave/brave-core#8279

Merged

24 tasks

darkdh added OS/Android Fixes related to Android browser functionality OS/Desktop QA/Test-Plan-Specified QA/Yes release-notes/include and removed OS/Linux OS/Windows labels Mar 17, 2021

bbondy closed this as completed in brave/brave-core#8279 Mar 18, 2021

bbondy added this to the 1.24.x - Nightly milestone Mar 18, 2021

antonok-edm mentioned this issue Mar 18, 2021

Unblocked CNAME on https://firstlutherancc.org/ #14700

Closed

This was referenced Mar 18, 2021

Only specify net::HostResolverSource::DNS when DoH is enabled (uplift to 1.23.x) brave/brave-core#8287

Merged

Only specify net::HostResolverSource::DNS when DoH is enabled (uplift to 1.22.x) brave/brave-core#8288

Merged

darkdh modified the milestones: 1.24.x - Nightly, 1.22.x - Release Mar 18, 2021

LaurenWags added the QA/Blocked label Mar 18, 2021

kjozwiak removed the QA/Blocked label Mar 19, 2021

stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Mar 19, 2021

stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Mar 19, 2021

srirambv added QA Pass - Android ARM QA Pass - Android Tab labels Mar 22, 2021

LaurenWags mentioned this issue Mar 22, 2021

[Desktop] Release Notes for 1.22.x Release #1 #14871

Closed

kjozwiak mentioned this issue Mar 23, 2021

Release Notes for 1.22.x - Release #3 #14895

Closed

bsclifton modified the milestones: 1.22.x - Release, 1.23.x - Beta Mar 23, 2021

kjozwiak mentioned this issue Mar 24, 2021

Pending verifications/Release Notes from 1.21.x Release #1 #14912

Closed

LaurenWags added the QA/Test-All-Platforms label Mar 29, 2021

GeetaSarvadnya added the QA Pass-Win64 label Apr 8, 2021

btlechowski added the QA Pass-Linux label Apr 12, 2021

LaurenWags mentioned this issue Apr 13, 2021

[Desktop] Release Notes for 1.23.x Release #1 #15260

Closed

kjozwiak mentioned this issue Apr 20, 2021

Release Notes for 1.23.x Release #1 #15378

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Specify resolver source breaks CNAME adblocking #14755

Specify resolver source breaks CNAME adblocking #14755

darkdh commented Mar 16, 2021 •

edited

Loading

darkdh commented Mar 16, 2021 •

edited

Loading

LaurenWags commented Mar 18, 2021

kjozwiak commented Mar 19, 2021

stephendonner commented Mar 19, 2021 •

edited by btlechowski

Loading

srirambv commented Mar 22, 2021

bsclifton commented Mar 23, 2021

Specify resolver source breaks CNAME adblocking #14755

Specify resolver source breaks CNAME adblocking #14755

Comments

darkdh commented Mar 16, 2021 • edited Loading

darkdh commented Mar 16, 2021 • edited Loading

LaurenWags commented Mar 18, 2021

kjozwiak commented Mar 19, 2021

stephendonner commented Mar 19, 2021 • edited by btlechowski Loading

No DoH leak

CNAME adblock

No DoH leak

CNAME adblock

No DoH leak

CNAME adblock

srirambv commented Mar 22, 2021

bsclifton commented Mar 23, 2021

darkdh commented Mar 16, 2021 •

edited

Loading

darkdh commented Mar 16, 2021 •

edited

Loading

stephendonner commented Mar 19, 2021 •

edited by btlechowski

Loading

`No DoH leak`

`CNAME adblock`

`No DoH leak`

`CNAME adblock`

`No DoH leak`

`CNAME adblock`