summaryrefslogtreecommitdiffstats
path: root/netwerk/dns
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:43:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:43:14 +0000
commit8dd16259287f58f9273002717ec4d27e97127719 (patch)
tree3863e62a53829a84037444beab3abd4ed9dfc7d0 /netwerk/dns
parentReleasing progress-linux version 126.0.1-1~progress7.99u1. (diff)
downloadfirefox-8dd16259287f58f9273002717ec4d27e97127719.tar.xz
firefox-8dd16259287f58f9273002717ec4d27e97127719.zip
Merging upstream version 127.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk/dns')
-rw-r--r--netwerk/dns/DNS.cpp34
-rw-r--r--netwerk/dns/PlatformDNSAndroid.cpp4
-rw-r--r--netwerk/dns/PlatformDNSUnix.cpp4
-rw-r--r--netwerk/dns/PlatformDNSWin.cpp7
-rw-r--r--netwerk/dns/TRRService.cpp7
-rw-r--r--netwerk/dns/TRRService.h2
-rw-r--r--netwerk/dns/TRRServiceBase.cpp3
-rw-r--r--netwerk/dns/TRRServiceBase.h1
-rw-r--r--netwerk/dns/effective_tld_names.dat650
-rw-r--r--netwerk/dns/nsDNSService2.cpp18
-rw-r--r--netwerk/dns/nsDNSService2.h2
-rw-r--r--netwerk/dns/nsHostResolver.cpp14
-rw-r--r--netwerk/dns/nsHostResolver.h2
-rw-r--r--netwerk/dns/nsIDNSByTypeRecord.idl6
-rw-r--r--netwerk/dns/nsIDNSRecord.idl4
-rw-r--r--netwerk/dns/nsIDNSService.idl4
16 files changed, 406 insertions, 356 deletions
diff --git a/netwerk/dns/DNS.cpp b/netwerk/dns/DNS.cpp
index 91730989db..31d910851b 100644
--- a/netwerk/dns/DNS.cpp
+++ b/netwerk/dns/DNS.cpp
@@ -21,36 +21,6 @@
namespace mozilla {
namespace net {
-const char* inet_ntop_internal(int af, const void* src, char* dst,
- socklen_t size) {
-#ifdef XP_WIN
- if (af == AF_INET) {
- struct sockaddr_in s;
- memset(&s, 0, sizeof(s));
- s.sin_family = AF_INET;
- memcpy(&s.sin_addr, src, sizeof(struct in_addr));
- int result = getnameinfo((struct sockaddr*)&s, sizeof(struct sockaddr_in),
- dst, size, nullptr, 0, NI_NUMERICHOST);
- if (result == 0) {
- return dst;
- }
- } else if (af == AF_INET6) {
- struct sockaddr_in6 s;
- memset(&s, 0, sizeof(s));
- s.sin6_family = AF_INET6;
- memcpy(&s.sin6_addr, src, sizeof(struct in_addr6));
- int result = getnameinfo((struct sockaddr*)&s, sizeof(struct sockaddr_in6),
- dst, size, nullptr, 0, NI_NUMERICHOST);
- if (result == 0) {
- return dst;
- }
- }
- return nullptr;
-#else
- return inet_ntop(af, src, dst, size);
-#endif
-}
-
// Copies the contents of a PRNetAddr to a NetAddr.
// Does not do a ptr safety check!
void PRNetAddrToNetAddr(const PRNetAddr* prAddr, NetAddr* addr) {
@@ -135,7 +105,7 @@ bool NetAddr::ToStringBuffer(char* buf, uint32_t bufSize) const {
}
struct in_addr nativeAddr = {};
nativeAddr.s_addr = addr->inet.ip;
- return !!inet_ntop_internal(AF_INET, &nativeAddr, buf, bufSize);
+ return !!inet_ntop(AF_INET, &nativeAddr, buf, bufSize);
}
if (addr->raw.family == AF_INET6) {
if (bufSize < INET6_ADDRSTRLEN) {
@@ -143,7 +113,7 @@ bool NetAddr::ToStringBuffer(char* buf, uint32_t bufSize) const {
}
struct in6_addr nativeAddr = {};
memcpy(&nativeAddr.s6_addr, &addr->inet6.ip, sizeof(addr->inet6.ip.u8));
- return !!inet_ntop_internal(AF_INET6, &nativeAddr, buf, bufSize);
+ return !!inet_ntop(AF_INET6, &nativeAddr, buf, bufSize);
}
#if defined(XP_UNIX)
if (addr->raw.family == AF_LOCAL) {
diff --git a/netwerk/dns/PlatformDNSAndroid.cpp b/netwerk/dns/PlatformDNSAndroid.cpp
index 171797b938..7875ea7dec 100644
--- a/netwerk/dns/PlatformDNSAndroid.cpp
+++ b/netwerk/dns/PlatformDNSAndroid.cpp
@@ -5,6 +5,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "GetAddrInfo.h"
+#include "mozilla/glean/GleanMetrics.h"
#include "mozilla/net/DNSPacket.h"
#include "nsIDNSService.h"
#include "mozilla/Maybe.h"
@@ -71,6 +72,7 @@ nsresult ResolveHTTPSRecordImpl(const nsACString& aHost, uint16_t aFlags,
}
LOG("resolving %s\n", host.get());
+ TimeStamp startTime = TimeStamp::Now();
// Perform the query
rv = packet.FillBuffer(
[&](unsigned char response[DNSPacket::MAX_SIZE]) -> int {
@@ -118,6 +120,8 @@ nsresult ResolveHTTPSRecordImpl(const nsACString& aHost, uint16_t aFlags,
return len - 8;
});
+ mozilla::glean::networking::dns_native_https_call_time.AccumulateRawDuration(
+ TimeStamp::Now() - startTime);
if (NS_FAILED(rv)) {
LOG("failed rv");
return rv;
diff --git a/netwerk/dns/PlatformDNSUnix.cpp b/netwerk/dns/PlatformDNSUnix.cpp
index c7f57fcdda..8a328f3da5 100644
--- a/netwerk/dns/PlatformDNSUnix.cpp
+++ b/netwerk/dns/PlatformDNSUnix.cpp
@@ -5,6 +5,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "GetAddrInfo.h"
+#include "mozilla/glean/GleanMetrics.h"
#include "mozilla/net/DNSPacket.h"
#include "nsIDNSService.h"
#include "mozilla/Maybe.h"
@@ -55,6 +56,7 @@ nsresult ResolveHTTPSRecordImpl(const nsACString& aHost, uint16_t aFlags,
rv = packet.FillBuffer(
[&](unsigned char response[DNSPacket::MAX_SIZE]) -> int {
int len = 0;
+ TimeStamp startTime = TimeStamp::Now();
#if defined(HAVE_RES_NINIT)
len = res_nquery(sThreadRes.get(), host.get(), ns_c_in,
nsIDNSService::RESOLVE_TYPE_HTTPSSVC, response,
@@ -65,6 +67,8 @@ nsresult ResolveHTTPSRecordImpl(const nsACString& aHost, uint16_t aFlags,
response, DNSPacket::MAX_SIZE);
#endif
+ mozilla::glean::networking::dns_native_https_call_time
+ .AccumulateRawDuration(TimeStamp::Now() - startTime);
if (len < 0) {
LOG("DNS query failed");
}
diff --git a/netwerk/dns/PlatformDNSWin.cpp b/netwerk/dns/PlatformDNSWin.cpp
index 42f1483ec3..93e936f4dc 100644
--- a/netwerk/dns/PlatformDNSWin.cpp
+++ b/netwerk/dns/PlatformDNSWin.cpp
@@ -5,6 +5,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "GetAddrInfo.h"
+#include "mozilla/glean/GleanMetrics.h"
#include "mozilla/net/DNSPacket.h"
#include "nsIDNSService.h"
#include "mozilla/Maybe.h"
@@ -39,9 +40,15 @@ nsresult ResolveHTTPSRecordImpl(const nsACString& aHost, uint16_t aFlags,
return NS_ERROR_UNKNOWN_HOST;
}
+ TimeStamp startTime = TimeStamp::Now();
+
DNS_STATUS status =
DnsQuery_A(host.get(), nsIDNSService::RESOLVE_TYPE_HTTPSSVC,
DNS_QUERY_STANDARD, nullptr, &result, nullptr);
+
+ mozilla::glean::networking::dns_native_https_call_time.AccumulateRawDuration(
+ TimeStamp::Now() - startTime);
+
if (status != ERROR_SUCCESS) {
LOG("DnsQuery_A failed with error: %ld\n", status);
return NS_ERROR_UNKNOWN_HOST;
diff --git a/netwerk/dns/TRRService.cpp b/netwerk/dns/TRRService.cpp
index fbaa67ee14..4599e7b5c0 100644
--- a/netwerk/dns/TRRService.cpp
+++ b/netwerk/dns/TRRService.cpp
@@ -170,7 +170,7 @@ static void EventTelemetryPrefChanged(const char* aPref, void* aData) {
StaticPrefs::network_trr_confirmation_telemetry_enabled());
}
-nsresult TRRService::Init() {
+nsresult TRRService::Init(bool aNativeHTTPSQueryEnabled) {
MOZ_ASSERT(NS_IsMainThread(), "wrong thread");
if (mInitialized) {
return NS_OK;
@@ -189,6 +189,7 @@ nsresult TRRService::Init() {
sTRRServicePtr = this;
+ mNativeHTTPSQueryEnabled = aNativeHTTPSQueryEnabled;
ReadPrefs(nullptr);
mConfirmation.HandleEvent(ConfirmationEvent::Init);
@@ -1021,7 +1022,9 @@ bool TRRService::IsExcludedFromTRR_unlocked(const nsACString& aHost) {
return true;
}
if (mDNSSuffixDomains.Contains(subdomain)) {
- LOG(("Subdomain [%s] of host [%s] Is Excluded From TRR via pref\n",
+ LOG(
+ ("Subdomain [%s] of host [%s] Is Excluded From TRR via DNSSuffix "
+ "domains\n",
subdomain.BeginReading(), aHost.BeginReading()));
return true;
}
diff --git a/netwerk/dns/TRRService.h b/netwerk/dns/TRRService.h
index 3283a8ea06..4c757bd90f 100644
--- a/netwerk/dns/TRRService.h
+++ b/netwerk/dns/TRRService.h
@@ -42,7 +42,7 @@ class TRRService : public TRRServiceBase,
bool OnWritingThread() const override { return NS_IsMainThread(); }
- nsresult Init();
+ nsresult Init(bool aNativeHTTPSQueryEnabled);
nsresult Start();
bool Enabled(nsIRequest::TRRMode aRequestMode = nsIRequest::TRR_DEFAULT_MODE);
bool IsConfirmed() { return mConfirmation.State() == CONFIRM_OK; }
diff --git a/netwerk/dns/TRRServiceBase.cpp b/netwerk/dns/TRRServiceBase.cpp
index 943edc41dd..31d09f3720 100644
--- a/netwerk/dns/TRRServiceBase.cpp
+++ b/netwerk/dns/TRRServiceBase.cpp
@@ -163,8 +163,9 @@ void TRRServiceBase::OnTRRModeChange() {
}
static bool readHosts = false;
+ // When native HTTPS query is enabled, we need to read etc/hosts.
if ((mMode == nsIDNSService::MODE_TRRFIRST ||
- mMode == nsIDNSService::MODE_TRRONLY) &&
+ mMode == nsIDNSService::MODE_TRRONLY || mNativeHTTPSQueryEnabled) &&
!readHosts) {
readHosts = true;
ReadEtcHostsFile();
diff --git a/netwerk/dns/TRRServiceBase.h b/netwerk/dns/TRRServiceBase.h
index a7f85fc95d..f79e31cdb3 100644
--- a/netwerk/dns/TRRServiceBase.h
+++ b/netwerk/dns/TRRServiceBase.h
@@ -82,6 +82,7 @@ class TRRServiceBase : public nsIProxyConfigChangedCallback {
Atomic<bool, Relaxed> mURISetByDetection{false};
Atomic<bool, Relaxed> mTRRConnectionInfoInited{false};
DataMutex<RefPtr<nsHttpConnectionInfo>> mDefaultTRRConnectionInfo;
+ bool mNativeHTTPSQueryEnabled{false};
};
} // namespace net
diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat
index fdcaca41d5..d4886d518b 100644
--- a/netwerk/dns/effective_tld_names.dat
+++ b/netwerk/dns/effective_tld_names.dat
@@ -6710,7 +6710,7 @@ org.zw
// newGTLDs
-// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-05-04T15:12:50Z
+// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-05-31T15:16:08Z
// This list is auto-generated, don't edit it manually.
// aaa : American Automobile Association, Inc.
// https://www.iana.org/domains/root/db/aaa.html
@@ -8976,7 +8976,7 @@ lotte
// https://www.iana.org/domains/root/db/lotto.html
lotto
-// love : Merchant Law Group LLP
+// love : Waterford Limited
// https://www.iana.org/domains/root/db/love.html
love
@@ -11387,9 +11387,9 @@ auth-fips.us-west-2.amazoncognito.com
// Amazon EC2
// Submitted by Luke Wells <psl-maintainers@amazon.com>
// Reference: 4c38fa71-58ac-4768-99e5-689c1767e537
+*.compute.amazonaws.com.cn
*.compute.amazonaws.com
*.compute-1.amazonaws.com
-*.compute.amazonaws.com.cn
us-east-1.amazonaws.com
// Amazon EMR
@@ -12288,26 +12288,26 @@ ju.mp
// CentralNic : http://www.centralnic.com/names/domains
// Submitted by registry <gavin.brown@centralnic.com>
-ae.org
+za.bz
br.com
cn.com
-com.de
-com.se
de.com
eu.com
-gb.net
-hu.net
-jp.net
jpn.com
mex.com
ru.com
sa.com
-se.net
uk.com
-uk.net
us.com
-za.bz
za.com
+com.de
+gb.net
+hu.net
+jp.net
+se.net
+uk.net
+ae.org
+com.se
// No longer operated by CentralNic, these entries should be adopted and/or removed by current operators
// Submitted by Gavin Brown <gavin.brown@centralnic.com>
@@ -12328,8 +12328,8 @@ gr.com
// Radix FZC : http://domains.in.net
// Submitted by Gavin Brown <gavin.brown@centralnic.com>
-in.net
web.in
+in.net
// US REGISTRY LLC : http://us.org
// Submitted by Gavin Brown <gavin.brown@centralnic.com>
@@ -12367,7 +12367,10 @@ discourse.team
// Clever Cloud : https://www.clever-cloud.com/
// Submitted by Quentin Adam <noc@clever-cloud.com>
+cleverapps.cc
+*.services.clever-cloud.com
cleverapps.io
+cleverapps.tech
// Clerk : https://www.clerk.dev
// Submitted by Colin Sidoti <systems@clerk.dev>
@@ -12398,8 +12401,8 @@ cloudaccess.net
// cloudControl : https://www.cloudcontrol.com/
// Submitted by Tobias Wilken <tw@cloudcontrol.com>
-cloudcontrolled.com
cloudcontrolapp.com
+cloudcontrolled.com
// Cloudera, Inc. : https://www.cloudera.com/
// Submitted by Kedarnath Waikar <security@cloudera.com>
@@ -12439,11 +12442,11 @@ co.cz
// Submitted by Jan Krpes <jan.krpes@cdn77.com>
cdn77-storage.com
rsc.contentproxy9.cz
-cdn77-ssl.net
r.cdn77.net
-ssl.origin.cdn77-secure.org
+cdn77-ssl.net
c.cdn77.org
rsc.cdn77.org
+ssl.origin.cdn77-secure.org
// Cloud DNS Ltd : http://www.cloudns.net
// Submitted by Aleksander Hristov <noc@cloudns.net> & Boyan Peychev <boyan@cloudns.net>
@@ -12506,8 +12509,8 @@ test.ru
// COSIMO GmbH : http://www.cosimo.de
// Submitted by Rene Marticke <rmarticke@cosimo.de>
dyn.cosidns.de
-dynamisches-dns.de
dnsupdater.de
+dynamisches-dns.de
internet-dns.de
l-o-g-i-n.de
dynamic-dns.info
@@ -12561,9 +12564,9 @@ cyon.site
// Danger Science Group: https://dangerscience.com/
// Submitted by Skylar MacDonald <skylar@dangerscience.com>
+platform0.app
fnwk.site
folionetwork.site
-platform0.app
// Daplie, Inc : https://daplie.com
// Submitted by AJ ONeal <aj@daplie.com>
@@ -12693,6 +12696,26 @@ dy.fi
tunk.org
// DynDNS.com : http://www.dyndns.com/services/dns/dyndns/
+dyndns.biz
+for-better.biz
+for-more.biz
+for-some.biz
+for-the.biz
+selfip.biz
+webhop.biz
+ftpaccess.cc
+game-server.cc
+myphotos.cc
+scrapping.cc
+blogdns.com
+cechire.com
+dnsalias.com
+dnsdojo.com
+doesntexist.com
+dontexist.com
+doomdns.com
+dyn-o-saur.com
+dynalias.com
dyndns-at-home.com
dyndns-at-work.com
dyndns-blog.com
@@ -12707,64 +12730,14 @@ dyndns-server.com
dyndns-web.com
dyndns-wiki.com
dyndns-work.com
-dyndns.biz
-dyndns.info
-dyndns.org
-dyndns.tv
-at-band-camp.net
-ath.cx
-barrel-of-knowledge.info
-barrell-of-knowledge.info
-better-than.tv
-blogdns.com
-blogdns.net
-blogdns.org
-blogsite.org
-boldlygoingnowhere.org
-broke-it.net
-buyshouses.net
-cechire.com
-dnsalias.com
-dnsalias.net
-dnsalias.org
-dnsdojo.com
-dnsdojo.net
-dnsdojo.org
-does-it.net
-doesntexist.com
-doesntexist.org
-dontexist.com
-dontexist.net
-dontexist.org
-doomdns.com
-doomdns.org
-dvrdns.org
-dyn-o-saur.com
-dynalias.com
-dynalias.net
-dynalias.org
-dynathome.net
-dyndns.ws
-endofinternet.net
-endofinternet.org
-endoftheinternet.org
est-a-la-maison.com
est-a-la-masion.com
est-le-patron.com
est-mon-blogueur.com
-for-better.biz
-for-more.biz
-for-our.info
-for-some.biz
-for-the.biz
-forgot.her.name
-forgot.his.name
from-ak.com
from-al.com
from-ar.com
-from-az.net
from-ca.com
-from-co.net
from-ct.com
from-dc.com
from-de.com
@@ -12777,10 +12750,8 @@ from-il.com
from-in.com
from-ks.com
from-ky.com
-from-la.net
from-ma.com
from-md.com
-from-me.org
from-mi.com
from-mn.com
from-mo.com
@@ -12793,7 +12764,6 @@ from-nh.com
from-nj.com
from-nm.com
from-nv.com
-from-ny.net
from-oh.com
from-ok.com
from-or.com
@@ -12811,45 +12781,18 @@ from-wa.com
from-wi.com
from-wv.com
from-wy.com
-ftpaccess.cc
-fuettertdasnetz.de
-game-host.org
-game-server.cc
getmyip.com
-gets-it.net
-go.dyndns.org
gotdns.com
-gotdns.org
-groks-the.info
-groks-this.info
-ham-radio-op.net
-here-for-more.info
hobby-site.com
-hobby-site.org
-home.dyndns.org
-homedns.org
-homeftp.net
-homeftp.org
-homeip.net
homelinux.com
-homelinux.net
-homelinux.org
homeunix.com
-homeunix.net
-homeunix.org
iamallama.com
-in-the-band.net
is-a-anarchist.com
is-a-blogger.com
is-a-bookkeeper.com
-is-a-bruinsfan.org
is-a-bulls-fan.com
-is-a-candidate.org
is-a-caterer.com
-is-a-celticsfan.org
is-a-chef.com
-is-a-chef.net
-is-a-chef.org
is-a-conservative.com
is-a-cpa.com
is-a-cubicle-slave.com
@@ -12858,31 +12801,25 @@ is-a-designer.com
is-a-doctor.com
is-a-financialadvisor.com
is-a-geek.com
-is-a-geek.net
-is-a-geek.org
is-a-green.com
is-a-guru.com
is-a-hard-worker.com
is-a-hunter.com
-is-a-knight.org
is-a-landscaper.com
is-a-lawyer.com
is-a-liberal.com
is-a-libertarian.com
-is-a-linux-user.org
is-a-llama.com
is-a-musician.com
is-a-nascarfan.com
is-a-nurse.com
is-a-painter.com
-is-a-patsfan.org
is-a-personaltrainer.com
is-a-photographer.com
is-a-player.com
is-a-republican.com
is-a-rockstar.com
is-a-socialist.com
-is-a-soxfan.org
is-a-student.com
is-a-teacher.com
is-a-techie.com
@@ -12894,92 +12831,158 @@ is-an-anarchist.com
is-an-artist.com
is-an-engineer.com
is-an-entertainer.com
-is-by.us
is-certified.com
-is-found.org
is-gone.com
is-into-anime.com
is-into-cars.com
is-into-cartoons.com
is-into-games.com
is-leet.com
-is-lost.org
is-not-certified.com
-is-saved.org
is-slick.com
is-uberleet.com
-is-very-bad.org
-is-very-evil.org
-is-very-good.org
-is-very-nice.org
-is-very-sweet.org
is-with-theband.com
isa-geek.com
-isa-geek.net
-isa-geek.org
isa-hockeynut.com
issmarterthanyou.com
+likes-pie.com
+likescandy.com
+neat-url.com
+saves-the-whales.com
+selfip.com
+sells-for-less.com
+sells-for-u.com
+servebbs.com
+simple-url.com
+space-to-rent.com
+teaches-yoga.com
+writesthisblog.com
+ath.cx
+fuettertdasnetz.de
isteingeek.de
istmein.de
-kicks-ass.net
-kicks-ass.org
-knowsitall.info
-land-4-sale.us
lebtimnetz.de
leitungsen.de
-likes-pie.com
-likescandy.com
+traeumtgerade.de
+barrel-of-knowledge.info
+barrell-of-knowledge.info
+dyndns.info
+for-our.info
+groks-the.info
+groks-this.info
+here-for-more.info
+knowsitall.info
+selfip.info
+webhop.info
+forgot.her.name
+forgot.his.name
+at-band-camp.net
+blogdns.net
+broke-it.net
+buyshouses.net
+dnsalias.net
+dnsdojo.net
+does-it.net
+dontexist.net
+dynalias.net
+dynathome.net
+endofinternet.net
+from-az.net
+from-co.net
+from-la.net
+from-ny.net
+gets-it.net
+ham-radio-op.net
+homeftp.net
+homeip.net
+homelinux.net
+homeunix.net
+in-the-band.net
+is-a-chef.net
+is-a-geek.net
+isa-geek.net
+kicks-ass.net
+office-on-the.net
+podzone.net
+scrapper-site.net
+selfip.net
+sells-it.net
+servebbs.net
+serveftp.net
+thruhere.net
+webhop.net
merseine.nu
mine.nu
+shacknet.nu
+blogdns.org
+blogsite.org
+boldlygoingnowhere.org
+dnsalias.org
+dnsdojo.org
+doesntexist.org
+dontexist.org
+doomdns.org
+dvrdns.org
+dynalias.org
+dyndns.org
+go.dyndns.org
+home.dyndns.org
+endofinternet.org
+endoftheinternet.org
+from-me.org
+game-host.org
+gotdns.org
+hobby-site.org
+homedns.org
+homeftp.org
+homelinux.org
+homeunix.org
+is-a-bruinsfan.org
+is-a-candidate.org
+is-a-celticsfan.org
+is-a-chef.org
+is-a-geek.org
+is-a-knight.org
+is-a-linux-user.org
+is-a-patsfan.org
+is-a-soxfan.org
+is-found.org
+is-lost.org
+is-saved.org
+is-very-bad.org
+is-very-evil.org
+is-very-good.org
+is-very-nice.org
+is-very-sweet.org
+isa-geek.org
+kicks-ass.org
misconfused.org
-mypets.ws
-myphotos.cc
-neat-url.com
-office-on-the.net
-on-the-web.tv
-podzone.net
podzone.org
readmyblog.org
-saves-the-whales.com
-scrapper-site.net
-scrapping.cc
-selfip.biz
-selfip.com
-selfip.info
-selfip.net
selfip.org
-sells-for-less.com
-sells-for-u.com
-sells-it.net
sellsyourhome.org
-servebbs.com
-servebbs.net
servebbs.org
-serveftp.net
serveftp.org
servegame.org
-shacknet.nu
-simple-url.com
-space-to-rent.com
stuff-4-sale.org
-stuff-4-sale.us
-teaches-yoga.com
-thruhere.net
-traeumtgerade.de
-webhop.biz
-webhop.info
-webhop.net
webhop.org
+better-than.tv
+dyndns.tv
+on-the-web.tv
worse-than.tv
-writesthisblog.com
+is-by.us
+land-4-sale.us
+stuff-4-sale.us
+dyndns.ws
+mypets.ws
// ddnss.de : https://www.ddnss.de/
// Submitted by Robert Niedziela <webmaster@ddnss.de>
ddnss.de
dyn.ddnss.de
dyndns.ddnss.de
-dyndns1.de
dyn-ip24.de
+dyndns1.de
home-webserver.de
dyn.home-webserver.de
myhome-server.de
@@ -12987,8 +12990,8 @@ ddnss.org
// Definima : http://www.definima.com/
// Submitted by Maxence Bitterli <maxence@definima.com>
-definima.net
definima.io
+definima.net
// DigitalOcean App Platform : https://www.digitalocean.com/products/app-platform/
// Submitted by Braxton Huggins <psl-maintainers@digitalocean.com>
@@ -13153,6 +13156,11 @@ us-2.evennode.com
us-3.evennode.com
us-4.evennode.com
+// Expo : https://expo.dev/
+// Submitted by James Ide <psl@expo.dev>
+expo.app
+staging.expo.app
+
// eDirect Corp. : https://hosting.url.com.tw/
// Submitted by C.S. chang <cschang@corp.url.com.tw>
twmail.cc
@@ -13251,8 +13259,6 @@ u.channelsdvr.net
edgecompute.app
fastly-edge.com
fastly-terrarium.com
-fastlylb.net
-map.fastlylb.net
freetls.fastly.net
map.fastly.net
a.prod.fastly.net
@@ -13260,6 +13266,8 @@ global.prod.fastly.net
a.ssl.fastly.net
b.ssl.fastly.net
global.ssl.fastly.net
+fastlylb.net
+map.fastlylb.net
// Fastmail : https://www.fastmail.com/
// Submitted by Marc Bradshaw <marc@fastmailteam.com>
@@ -13329,8 +13337,8 @@ flutterflow.app
// fly.io: https://fly.io
// Submitted by Kurt Mackey <kurt@fly.io>
fly.dev
-edgeapp.net
shw.io
+edgeapp.net
// Flynn : https://flynn.io
// Submitted by Jonathan Rudenberg <jonathan@flynn.io>
@@ -13419,6 +13427,8 @@ aliases121.com
// GDS : https://www.gov.uk/service-manual/technology/managing-domain-names
// Submitted by Stephen Ford <hostmaster@digital.cabinet-office.gov.uk>
+campaign.gov.uk
+service.gov.uk
independent-commission.uk
independent-inquest.uk
independent-inquiry.uk
@@ -13426,8 +13436,6 @@ independent-panel.uk
independent-review.uk
public-inquiry.uk
royal-commission.uk
-campaign.gov.uk
-service.gov.uk
// CDDO : https://www.gov.uk/guidance/get-an-api-domain-on-govuk
// Submitted by Jamie Tanna <jamie.tanna@digital.cabinet-office.gov.uk>
@@ -13615,71 +13623,64 @@ ro.im
goip.de
// Google, Inc.
-// Submitted by Eduardo Vela <evn@google.com>
-*.run.app
-web.app
-*.0emm.com
-appspot.com
-*.r.appspot.com
-codespot.com
-googleapis.com
-googlecode.com
-pagespeedmobilizer.com
-publishproxy.com
-withgoogle.com
-withyoutube.com
-*.gateway.dev
-cloud.goog
-translate.goog
-*.usercontent.goog
-cloudfunctions.net
+// Submitted by Shannon McCabe <public-suffix-editors@google.com>
blogspot.ae
blogspot.al
blogspot.am
+*.hosted.app
+*.run.app
+web.app
+blogspot.com.ar
+blogspot.co.at
+blogspot.com.au
blogspot.ba
blogspot.be
blogspot.bg
blogspot.bj
+blogspot.com.br
+blogspot.com.by
blogspot.ca
blogspot.cf
blogspot.ch
blogspot.cl
-blogspot.co.at
-blogspot.co.id
-blogspot.co.il
-blogspot.co.ke
-blogspot.co.nz
-blogspot.co.uk
-blogspot.co.za
-blogspot.com
-blogspot.com.ar
-blogspot.com.au
-blogspot.com.br
-blogspot.com.by
blogspot.com.co
-blogspot.com.cy
-blogspot.com.ee
-blogspot.com.eg
-blogspot.com.es
-blogspot.com.mt
-blogspot.com.ng
-blogspot.com.tr
-blogspot.com.uy
+*.0emm.com
+appspot.com
+*.r.appspot.com
+blogspot.com
+codespot.com
+googleapis.com
+googlecode.com
+pagespeedmobilizer.com
+publishproxy.com
+withgoogle.com
+withyoutube.com
blogspot.cv
+blogspot.com.cy
blogspot.cz
blogspot.de
+*.gateway.dev
blogspot.dk
+blogspot.com.ee
+blogspot.com.eg
+blogspot.com.es
blogspot.fi
blogspot.fr
+cloud.goog
+translate.goog
+*.usercontent.goog
blogspot.gr
blogspot.hk
blogspot.hr
blogspot.hu
+blogspot.co.id
blogspot.ie
+blogspot.co.il
blogspot.in
blogspot.is
blogspot.it
blogspot.jp
+blogspot.co.ke
blogspot.kr
blogspot.li
blogspot.lt
@@ -13687,10 +13688,14 @@ blogspot.lu
blogspot.md
blogspot.mk
blogspot.mr
+blogspot.com.mt
blogspot.mx
blogspot.my
+cloudfunctions.net
+blogspot.com.ng
blogspot.nl
blogspot.no
+blogspot.co.nz
blogspot.pe
blogspot.pt
blogspot.qa
@@ -13704,9 +13709,13 @@ blogspot.si
blogspot.sk
blogspot.sn
blogspot.td
+blogspot.com.tr
blogspot.tw
blogspot.ug
+blogspot.co.uk
+blogspot.com.uy
blogspot.vn
+blogspot.co.za
// Goupile : https://goupile.fr
// Submitted by Niels Martignene <hello@goupile.fr>
@@ -13739,8 +13748,8 @@ conf.se
// Handshake : https://handshake.org
// Submitted by Mike Damm <md@md.vc>
-hs.zone
hs.run
+hs.zone
// Hashbang : https://hashbang.sh
hashbang.sh
@@ -13813,6 +13822,10 @@ ie.ua
// HostyHosting (hostyhosting.com)
hostyhosting.io
+// Hypernode B.V. : https://www.hypernode.com/
+// Submitted by Cipriano Groenendal <security@nl.team.blue>
+hypernode.io
+
// Häkkinen.fi
// Submitted by Eero Häkkinen <Eero+psl@Häkkinen.fi>
häkkinen.fi
@@ -13833,8 +13846,8 @@ iliadboxos.it
// Impertrix Solutions : <https://impertrixcdn.com>
// Submitted by Zhixiang Zhao <csuite@impertrix.com>
-impertrixcdn.com
impertrix.com
+impertrixcdn.com
// Incsub, LLC: https://incsub.com/
// Submitted by Aaron Edwards <sysadmins@incsub.com>
@@ -13851,10 +13864,10 @@ in-berlin.de
in-brb.de
in-butter.de
in-dsl.de
-in-dsl.net
-in-dsl.org
in-vpn.de
+in-dsl.net
in-vpn.net
+in-dsl.org
in-vpn.org
// info.at : http://www.info.at/
@@ -14029,13 +14042,13 @@ jotelulu.cloud
// JouwWeb B.V. : https://www.jouwweb.nl
// Submitted by Camilo Sperberg <tech@webador.com>
-jouwweb.site
webadorsite.com
+jouwweb.site
// Joyent : https://www.joyent.com/
// Submitted by Brian Bennett <brian.bennett@joyent.com>
-*.triton.zone
*.cns.joyent.com
+*.triton.zone
// JS.ORG : http://dns.js.org
// Submitted by Stefan Keim <admin@js.org>
@@ -14077,8 +14090,8 @@ oya.to
// Katholieke Universiteit Leuven: https://www.kuleuven.be
// Submitted by Abuse KU Leuven <abuse@kuleuven.be>
-kuleuven.cloud
ezproxy.kuleuven.be
+kuleuven.cloud
// .KRD : http://nic.krd/data/krd/Registration%20Policy.pdf
co.krd
@@ -14086,8 +14099,8 @@ edu.krd
// Krellian Ltd. : https://krellian.com
// Submitted by Ben Francis <ben@krellian.com>
-krellian.net
webthings.io
+krellian.net
// LCube - Professional hosting e.K. : https://www.lcube-webhosting.de
// Submitted by Lars Laehn <info@lcube.de>
@@ -14121,8 +14134,8 @@ co.technology
// linkyard ldt: https://www.linkyard.ch/
// Submitted by Mario Siegenthaler <mario.siegenthaler@linkyard.ch>
-linkyard.cloud
linkyard-cloud.ch
+linkyard.cloud
// Linode : https://linode.com
// Submitted by <security@linode.com>
@@ -14177,11 +14190,9 @@ lugs.org.uk
// Lukanet Ltd : https://lukanet.com
// Submitted by Anton Avramov <register@lukanet.com>
barsy.bg
-barsy.co.uk
-barsyonline.co.uk
+barsy.club
barsycenter.com
barsyonline.com
-barsy.club
barsy.de
barsy.eu
barsy.in
@@ -14200,6 +14211,8 @@ barsy.shop
barsy.site
barsy.support
barsy.uk
+barsy.co.uk
+barsyonline.co.uk
// Magento Commerce
// Submitted by Damien Tournoud <dtournoud@magento.cloud>
@@ -14230,8 +14243,8 @@ mcpe.me
// Submitted by Evgeniy Subbotin <e.subbotin@mchost.ru>
mcdir.me
mcdir.ru
-mcpre.ru
vps.mcdir.ru
+mcpre.ru
// Mediatech : https://mediatech.by
// Submitted by Evgeniy Kozhuhovskiy <ugenk@mediatech.by>
@@ -14280,10 +14293,9 @@ co.pl
// Microsoft Azure : https://home.azure
*.azurecontainer.io
azure-api.net
+azure-mobile.net
azureedge.net
azurefd.net
-azurewebsites.net
-azure-mobile.net
azurestaticapps.net
1.azurestaticapps.net
2.azurestaticapps.net
@@ -14297,6 +14309,7 @@ eastasia.azurestaticapps.net
eastus2.azurestaticapps.net
westeurope.azurestaticapps.net
westus2.azurestaticapps.net
+azurewebsites.net
cloudapp.net
trafficmanager.net
blob.core.windows.net
@@ -14335,8 +14348,8 @@ pp.ru
// Mythic Beasts : https://www.mythic-beasts.com
// Submitted by Paul Cammish <kelduum@mythic-beasts.com>
hostedpi.com
-customer.mythic-beasts.com
caracal.mythic-beasts.com
+customer.mythic-beasts.com
fentiger.mythic-beasts.com
lynx.mythic-beasts.com
ocelot.mythic-beasts.com
@@ -14418,6 +14431,10 @@ noop.app
// Submitted by Laurent Pellegrino <security@noticeable.io>
noticeable.news
+// Notion Labs, Inc : https://www.notion.so/
+// Submitted by Jess Yao <trust-core-team@makenotion.com>
+notion.site
+
// Now-DNS : https://now-dns.com
// Submitted by Steve Russell <steve@now-dns.com>
dnsking.ch
@@ -14453,91 +14470,91 @@ nerdpol.ovh
// No-IP.com : https://noip.com/
// Submitted by Deven Reza <publicsuffixlist@noip.com>
+mmafan.biz
+myftp.biz
+no-ip.biz
+no-ip.ca
+fantasyleague.cc
+gotdns.ch
+3utilities.com
blogsyte.com
-brasilia.me
-cable-modem.org
ciscofreak.com
-collegefan.org
-couchpotatofries.org
damnserver.com
-ddns.me
+ddnsking.com
ditchyourip.com
-dnsfor.me
dnsiskinky.com
-dvrcam.info
dynns.com
-eating-organic.net
-fantasyleague.cc
geekgalaxy.com
-golffan.us
health-carereform.com
homesecuritymac.com
homesecuritypc.com
-hopto.me
-ilovecollege.info
-loginto.me
-mlbfan.org
-mmafan.biz
myactivedirectory.com
-mydissent.net
-myeffect.net
-mymediapc.net
-mypsx.net
mysecuritycamera.com
-mysecuritycamera.net
-mysecuritycamera.org
+myvnc.com
net-freaks.com
-nflfan.org
-nhlfan.net
-no-ip.ca
-no-ip.co.uk
-no-ip.net
-noip.us
onthewifi.com
-pgafan.net
point2this.com
-pointto.us
-privatizehealthinsurance.net
quicksytes.com
-read-books.org
securitytactics.com
+servebeer.com
+servecounterstrike.com
serveexchange.com
+serveftp.com
+servegame.com
+servehalflife.com
+servehttp.com
servehumour.com
+serveirc.com
+servemp3.com
servep2p.com
+servepics.com
+servequake.com
servesarcasm.com
stufftoread.com
-ufcfan.org
unusualperson.com
workisboring.com
-3utilities.com
-bounceme.net
-ddns.net
-ddnsking.com
-gotdns.ch
-hopto.org
-myftp.biz
-myftp.org
-myvnc.com
-no-ip.biz
+dvrcam.info
+ilovecollege.info
no-ip.info
-no-ip.org
+brasilia.me
+ddns.me
+dnsfor.me
+hopto.me
+loginto.me
noip.me
+webhop.me
+bounceme.net
+ddns.net
+eating-organic.net
+mydissent.net
+myeffect.net
+mymediapc.net
+mypsx.net
+mysecuritycamera.net
+nhlfan.net
+no-ip.net
+pgafan.net
+privatizehealthinsurance.net
redirectme.net
-servebeer.com
serveblog.net
-servecounterstrike.com
-serveftp.com
-servegame.com
-servehalflife.com
-servehttp.com
-serveirc.com
serveminecraft.net
-servemp3.com
-servepics.com
-servequake.com
sytes.net
-webhop.me
+cable-modem.org
+collegefan.org
+couchpotatofries.org
+hopto.org
+mlbfan.org
+myftp.org
+mysecuritycamera.org
+nflfan.org
+no-ip.org
+read-books.org
+ufcfan.org
zapto.org
+no-ip.co.uk
+golffan.us
+noip.us
+pointto.us
// NodeArt : https://nodeart.io
// Submitted by Konstantin Nosov <Nosov@nodeart.io>
@@ -14557,6 +14574,7 @@ prvcy.page
// Observable, Inc. : https://observablehq.com
// Submitted by Mike Bostock <dns@observablehq.com>
+observablehq.cloud
static.observableusercontent.com
// Octopodal Solutions, LLC. : https://ulterius.io/
@@ -14577,25 +14595,25 @@ omniwe.site
// One.com: https://www.one.com/
// Submitted by Jacob Bunk Nielsen <jbn@one.com>
-123hjemmeside.dk
-123hjemmeside.no
-123homepage.it
-123kotisivu.fi
-123minsida.se
-123miweb.es
-123paginaweb.pt
-123siteweb.fr
123webseite.at
-123webseite.de
123website.be
+simplesite.com.br
123website.ch
+simplesite.com
+123webseite.de
+123hjemmeside.dk
+123miweb.es
+123kotisivu.fi
+123siteweb.fr
+simplesite.gr
+123homepage.it
123website.lu
123website.nl
+123hjemmeside.no
service.one
-simplesite.com
-simplesite.com.br
-simplesite.gr
simplesite.pl
+123paginaweb.pt
+123minsida.se
// One Fold Media : http://www.onefoldmedia.com/
// Submitted by Eddie Jones <eddie@onefoldmedia.com>
@@ -14645,8 +14663,8 @@ outsystemscloud.com
// OVHcloud: https://ovhcloud.com
// Submitted by Vincent Cassé <vincent.casse@ovhcloud.com>
-*.webpaas.ovh.net
*.hosting.ovh.net
+*.webpaas.ovh.net
// OwnProvider GmbH: http://www.ownprovider.com
// Submitted by Jan Moennich <jan.moennich@ownprovider.com>
@@ -14699,8 +14717,8 @@ zakopane.pl
// Pantheon Systems, Inc. : https://pantheon.io/
// Submitted by Gary Dylina <gary@pantheon.io>
-pantheonsite.io
gotpantheon.com
+pantheonsite.io
// Peplink | Pepwave : http://peplink.com/
// Submitted by Steve Leung <steveleung@peplink.com>
@@ -14736,9 +14754,9 @@ platterp.us
// Plesk : https://www.plesk.com/
// Submitted by Anton Akhtyamov <program-managers@plesk.com>
+pleskns.com
pdns.page
plesk.page
-pleskns.com
// Pley AB : https://www.pley.com/
// Submitted by Henning Pohl <infra@pley.com>
@@ -14869,8 +14887,8 @@ g.vbrplsbx.io
// Rancher Labs, Inc : https://rancher.com
// Submitted by Vincent Fiduccia <domains@rancher.com>
-*.on-k3s.io
*.on-rancher.cloud
+*.on-k3s.io
*.on-rio.io
// Read The Docs, Inc : https://www.readthedocs.org
@@ -14883,8 +14901,8 @@ rhcloud.com
// Render : https://render.com
// Submitted by Anurag Goel <dev@render.com>
-app.render.com
onrender.com
+app.render.com
// Repl.it : https://repl.it
// Submitted by Lincoln Bergeson <psl@repl.it>
@@ -15029,8 +15047,8 @@ sandcats.io
// SBE network solutions GmbH : https://www.sbe.de/
// Submitted by Norman Meilick <nm@sbe.de>
-logoip.de
logoip.com
+logoip.de
// Scaleway : https://www.scaleway.com/
// Submitted by Rémy Léone <rleone@scaleway.com>
@@ -15119,6 +15137,10 @@ biz.ua
co.ua
pp.ua
+// Sheezy.Art : https://sheezy.art
+// Submitted by Nyoom <admin@sheezy.art>
+sheezy.games
+
// Shift Crypto AG : https://shiftcrypto.ch
// Submitted by alex <alex@shiftcrypto.ch>
shiftcrypto.dev
@@ -15223,8 +15245,8 @@ stackit.zone
// Staclar : https://staclar.com
// Submitted by Q Misell <q@staclar.com>
-musician.io
// Submitted by Matthias Merkel <matthias.merkel@staclar.com>
+musician.io
novecore.site
// staticland : https://static.land
@@ -15336,8 +15358,8 @@ su.paba.se
// Symfony, SAS : https://symfony.com/
// Submitted by Fabien Potencier <fabien@symfony.com>
-*.s5y.io
*.sensiosite.cloud
+*.s5y.io
// Syncloud : https://syncloud.org
// Submitted by Boris Rybalkin <syncloud@syncloud.it>
@@ -15359,14 +15381,14 @@ dsmynas.net
familyds.net
dsmynas.org
familyds.org
-vpnplus.to
direct.quickconnect.to
+vpnplus.to
// Tabit Technologies Ltd. : https://tabit.cloud/
// Submitted by Oren Agiv <oren@tabit.cloud>
-tabitorder.co.il
-mytabit.co.il
mytabit.com
+mytabit.co.il
+tabitorder.co.il
// TAIFUN Software AG : http://taifun-software.de
// Submitted by Bjoern Henke <dev-server@taifun-software.de>
@@ -15407,11 +15429,11 @@ telebit.io
reservd.com
thingdustdata.com
cust.dev.thingdust.io
+reservd.dev.thingdust.io
cust.disrec.thingdust.io
+reservd.disrec.thingdust.io
cust.prod.thingdust.io
cust.testing.thingdust.io
-reservd.dev.thingdust.io
-reservd.disrec.thingdust.io
reservd.testing.thingdust.io
// ticket i/O GmbH : https://ticket.io
@@ -15473,8 +15495,6 @@ tuxfamily.org
// TwoDNS : https://www.twodns.de/
// Submitted by TwoDNS-Support <support@two-dns.de>
dd-dns.de
-diskstation.eu
-diskstation.org
dray-dns.de
draydns.de
dyn-vpn.de
@@ -15485,6 +15505,8 @@ my-wan.de
syno-ds.de
synology-diskstation.de
synology-ds.de
+diskstation.eu
+diskstation.org
// Typedream : https://typedream.com
// Submitted by Putri Karunia <putri@typedream.com>
@@ -15496,15 +15518,15 @@ pro.typeform.com
// Uberspace : https://uberspace.de
// Submitted by Moritz Werner <mwerner@jonaspasche.com>
-uber.space
*.uberspace.de
+uber.space
// UDR Limited : http://www.udr.hk.com
// Submitted by registry <hostmaster@udr.hk.com>
hk.com
-hk.org
-ltd.hk
inc.hk
+ltd.hk
+hk.org
// UK Intis Telecom LTD : https://it.com
// Submitted by ITComdomains <to@it.com>
@@ -15525,8 +15547,8 @@ org.yt
// United Gameserver GmbH : https://united-gameserver.de
// Submitted by Stefan Schwarz <sysadm@united-gameserver.de>
-virtualuser.de
virtual-user.de
+virtualuser.de
// Upli : https://upli.io
// Submitted by Lenny Bakkalian <lenny.bakkalian@gmail.com>
@@ -15541,6 +15563,11 @@ dnsupdate.info
// Submitted by Ed Moore <Ed.Moore@lib.de.us>
lib.de.us
+// Val Town, Inc : https://val.town/
+// Submitted by Tom MacWright <security@val.town>
+express.val.run
+web.val.run
+
// VeryPositive SIA : http://very.lv
// Submitted by Danko Aleksejevs <danko@very.lv>
2038.io
@@ -15586,10 +15613,10 @@ webflowtest.io
// WebHotelier Technologies Ltd: https://www.webhotelier.net/
// Submitted by Apostolos Tsakpinis <apostolos.tsakpinis@gmail.com>
-reserve-online.net
-reserve-online.com
bookonline.app
hotelwithflight.com
+reserve-online.com
+reserve-online.net
// WebWaddle Ltd: https://webwaddle.com/
// Submitted by Merlin Glander <hostmaster@webwaddle.com>
@@ -15605,21 +15632,33 @@ wedeploy.sh
// Submitted by Jung Jin <jungseok.jin@wdc.com>
remotewd.com
+// Whatbox Inc. : https://whatbox.ca/
+// Submitted by Anthony Ryan <servers@whatbox.ca>
+box.ca
+
// WIARD Enterprises : https://wiardweb.com
// Submitted by Kidd Hustle <kiddhustle@wiardweb.com>
pages.wiardweb.com
// Wikimedia Labs : https://wikitech.wikimedia.org
// Submitted by Arturo Borrero Gonzalez <aborrero@wikimedia.org>
-wmflabs.org
toolforge.org
wmcloud.org
+wmflabs.org
// WISP : https://wisp.gg
// Submitted by Stepan Fedotov <stepan@wisp.gg>
panel.gg
daemon.panel.gg
+// Wix.com, Inc. : https://www.wix.com
+// Submitted by Shahar Talmi / Alon Kochba <publicsuffixlist@wix.com>
+wixsite.com
+wixstudio.com
+editorx.io
+wixstudio.io
+wix.run
+
// Wizard Zines : https://wizardzines.com
// Submitted by Julia Evans <julia@wizardzines.com>
messwithdns.com
@@ -15645,13 +15684,6 @@ weeklylottery.org.uk
wpenginepowered.com
js.wpenginepowered.com
-// Wix.com, Inc. : https://www.wix.com
-// Submitted by Shahar Talmi <shahar@wix.com>
-wixsite.com
-editorx.io
-wixstudio.io
-wix.run
-
// XenonCloud GbR: https://xenoncloud.net
// Submitted by Julian Uphoff <publicsuffixlist@xenoncloud.net>
half.host
@@ -15707,6 +15739,10 @@ za.org
// Submitted by Julian Alker <security@zap-hosting.com>
zap.cloud
+// Zeabur : https://zeabur.com/
+// Submitted by Zeabur Team <contact@zeabur.com>
+zeabur.app
+
// Zine EOOD : https://zine.bg/
// Submitted by Martin Angelov <martin@zine.bg>
bss.design
diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
index 68a76a0c1f..b688daadc9 100644
--- a/netwerk/dns/nsDNSService2.cpp
+++ b/netwerk/dns/nsDNSService2.cpp
@@ -874,7 +874,7 @@ nsDNSService::Init() {
do_GetService("@mozilla.org/network/oblivious-http-service;1"));
mTrrService = new TRRService();
- if (NS_FAILED(mTrrService->Init())) {
+ if (NS_FAILED(mTrrService->Init(mResolver->IsNativeHTTPSEnabled()))) {
mTrrService = nullptr;
}
@@ -975,6 +975,15 @@ nsresult nsDNSService::PreprocessHostname(bool aLocalDomain,
return NS_OK;
}
+bool nsDNSService::IsLocalDomain(const nsACString& aHostname) const {
+ bool localDomain = mLocalDomains.Contains(aHostname);
+ if (StringEndsWith(aHostname, "."_ns)) {
+ localDomain = localDomain || mLocalDomains.Contains(Substring(
+ aHostname, 0, aHostname.Length() - 1));
+ }
+ return localDomain;
+}
+
nsresult nsDNSService::AsyncResolveInternal(
const nsACString& aHostname, uint16_t type, nsIDNSService::DNSFlags flags,
nsIDNSAdditionalInfo* aInfo, nsIDNSListener* aListener,
@@ -996,7 +1005,8 @@ nsresult nsDNSService::AsyncResolveInternal(
res = mResolver;
idn = mIDN;
- localDomain = mLocalDomains.Contains(aHostname);
+
+ localDomain = IsLocalDomain(aHostname);
}
if (mNotifyResolution) {
@@ -1076,7 +1086,7 @@ nsresult nsDNSService::CancelAsyncResolveInternal(
res = mResolver;
idn = mIDN;
- localDomain = mLocalDomains.Contains(aHostname);
+ localDomain = IsLocalDomain(aHostname);
}
if (!res) {
return NS_ERROR_OFFLINE;
@@ -1212,7 +1222,7 @@ nsresult nsDNSService::ResolveInternal(
MutexAutoLock lock(mLock);
res = mResolver;
idn = mIDN;
- localDomain = mLocalDomains.Contains(aHostname);
+ localDomain = IsLocalDomain(aHostname);
}
if (mNotifyResolution) {
diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
index 11f22c038e..523abcb613 100644
--- a/netwerk/dns/nsDNSService2.h
+++ b/netwerk/dns/nsDNSService2.h
@@ -83,6 +83,8 @@ class nsDNSService final : public mozilla::net::DNSServiceBase,
nsresult PreprocessHostname(bool aLocalDomain, const nsACString& aInput,
nsIIDNService* aIDN, nsACString& aACE);
+ bool IsLocalDomain(const nsACString& aHostname) const;
+
nsresult AsyncResolveInternal(
const nsACString& aHostname, uint16_t type, nsIDNSService::DNSFlags flags,
nsIDNSAdditionalInfo* aInfo, nsIDNSListener* aListener,
diff --git a/netwerk/dns/nsHostResolver.cpp b/netwerk/dns/nsHostResolver.cpp
index b74b974041..4dcdb3ac79 100644
--- a/netwerk/dns/nsHostResolver.cpp
+++ b/netwerk/dns/nsHostResolver.cpp
@@ -455,7 +455,8 @@ already_AddRefed<nsHostRecord> nsHostResolver::InitLoopbackRecord(
return rec.forget();
}
-static bool IsNativeHTTPSEnabled() {
+// static
+bool nsHostResolver::IsNativeHTTPSEnabled() {
if (!StaticPrefs::network_dns_native_https_query()) {
return false;
}
@@ -527,6 +528,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
bool excludedFromTRR = false;
if (TRRService::Get() && TRRService::Get()->IsExcludedFromTRR(host)) {
flags |= nsIDNSService::RESOLVE_DISABLE_TRR;
+ flags |= nsIDNSService::RESOLVE_DISABLE_NATIVE_HTTPS_QUERY;
excludedFromTRR = true;
if (!aTrrServer.IsEmpty()) {
@@ -1182,8 +1184,14 @@ nsresult nsHostResolver::NameLookup(nsHostRecord* rec,
(rec->mEffectiveTRRMode == nsIRequest::TRR_FIRST_MODE &&
(rec->flags & nsIDNSService::RESOLVE_DISABLE_TRR || serviceNotReady ||
NS_FAILED(rv)))) {
- if (!IsNativeHTTPSEnabled() && !rec->IsAddrRecord()) {
- return rv;
+ if (!rec->IsAddrRecord()) {
+ if (!IsNativeHTTPSEnabled()) {
+ return NS_ERROR_UNKNOWN_HOST;
+ }
+
+ if (rec->flags & nsIDNSService::RESOLVE_DISABLE_NATIVE_HTTPS_QUERY) {
+ return NS_ERROR_UNKNOWN_HOST;
+ }
}
#ifdef DEBUG
diff --git a/netwerk/dns/nsHostResolver.h b/netwerk/dns/nsHostResolver.h
index 02e6a343f8..15ab3a7349 100644
--- a/netwerk/dns/nsHostResolver.h
+++ b/netwerk/dns/nsHostResolver.h
@@ -339,6 +339,8 @@ class nsHostResolver : public nsISupports, public AHostResolver {
* Called by the networking dashboard via the DnsService2
*/
void GetDNSCacheEntries(nsTArray<mozilla::net::DNSCacheEntries>*);
+
+ static bool IsNativeHTTPSEnabled();
};
#endif // nsHostResolver_h__
diff --git a/netwerk/dns/nsIDNSByTypeRecord.idl b/netwerk/dns/nsIDNSByTypeRecord.idl
index 13290e260e..89829c5c2a 100644
--- a/netwerk/dns/nsIDNSByTypeRecord.idl
+++ b/netwerk/dns/nsIDNSByTypeRecord.idl
@@ -32,7 +32,7 @@ native TypeResult(mozilla::net::TypeRecordResultType);
native MaybePort(mozilla::Maybe<uint16_t>);
native MaybeAlpnTuple(mozilla::Maybe<std::tuple<nsCString, mozilla::net::SupportedAlpnRank>>);
-[scriptable, uuid(5d13241b-9d46-448a-90d8-77c418491026)]
+[scriptable, builtinclass, uuid(5d13241b-9d46-448a-90d8-77c418491026)]
interface nsIDNSByTypeRecord : nsIDNSRecord
{
/**
@@ -43,10 +43,10 @@ interface nsIDNSByTypeRecord : nsIDNSRecord
[noscript] readonly attribute TypeResult results;
};
-[scriptable, uuid(2a71750d-cb21-45f1-9e1c-666d18dd7645)]
+[scriptable, builtinclass, uuid(2a71750d-cb21-45f1-9e1c-666d18dd7645)]
interface nsIDNSTXTRecord : nsISupports
{
- CStringArrayRef getRecords();
+ [noscript] CStringArrayRef getRecords();
/*
* Return concatenated strings.
diff --git a/netwerk/dns/nsIDNSRecord.idl b/netwerk/dns/nsIDNSRecord.idl
index 27df2e28be..ebe8869c60 100644
--- a/netwerk/dns/nsIDNSRecord.idl
+++ b/netwerk/dns/nsIDNSRecord.idl
@@ -26,12 +26,12 @@ interface nsINetAddr;
* like an enumerator, allowing the caller to easily step through the
* list of IP addresses.
*/
-[scriptable, uuid(f92228ae-c417-4188-a604-0830a95e7eb9)]
+[scriptable, builtinclass, uuid(f92228ae-c417-4188-a604-0830a95e7eb9)]
interface nsIDNSRecord : nsISupports
{
};
-[scriptable, uuid(cb260e20-943f-4309-953b-78c90d3a7638)]
+[scriptable, builtinclass, uuid(cb260e20-943f-4309-953b-78c90d3a7638)]
interface nsIDNSAddrRecord : nsIDNSRecord
{
/**
diff --git a/netwerk/dns/nsIDNSService.idl b/netwerk/dns/nsIDNSService.idl
index c1aecccd8c..8ceb8f3958 100644
--- a/netwerk/dns/nsIDNSService.idl
+++ b/netwerk/dns/nsIDNSService.idl
@@ -91,9 +91,11 @@ interface nsIDNSService : nsISupports
// If set, the DNS service will pass a DNS record to
// OnLookupComplete even when there was a resolution error.
RESOLVE_WANT_RECORD_ON_ERROR = (1 << 16),
+ // If set, the native HTTPS query is not allowed.
+ RESOLVE_DISABLE_NATIVE_HTTPS_QUERY = (1 << 17),
// Bitflag containing all possible flags.
- ALL_DNSFLAGS_BITS = ((1 << 17) - 1),
+ ALL_DNSFLAGS_BITS = ((1 << 18) - 1),
};
cenum ConfirmationState : 8 {