Support Unstoppable Domains via DNS over HTTPS behind a feature flag #7702
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yrliou
force-pushed
the
unstoppable_domains
branch
7 times, most recently
from
dc11193 to
6b4853e
Compare
yrliou
force-pushed
the
unstoppable_domains
branch
5 times, most recently
from
9b1c406 to
8f0651f
Compare
yrliou
force-pushed
the
unstoppable_domains
branch
4 times, most recently
from
256ced6 to
5cff9ce
Compare
yrliou
commented
Feb 10, 2021
| "//net/*", | ||
| "//services/network/*", | ||
| ] | ||
| + friend += brave_dns_friend |
There was a problem hiding this comment.
We need to add our test target as friend to these targets otherwise it will fail the gn_check for dns_transaction_unittest.cc
yrliou
commented
Feb 10, 2021
yrliou
commented
Feb 10, 2021
yrliou
commented
Feb 10, 2021
| DCHECK(secure_); | ||
|
|
||
| size_t doh_server_index = dns_server_iterator_->GetNextAttemptIndex(); | ||
| + BRAVE_MAKE_HTTP_ATTEMPT |
There was a problem hiding this comment.
This is to skip the DoH server we added for non-target TLDs (ex: non-crypto domains) when doing name resolution.
yrliou
force-pushed
the
unstoppable_domains
branch
2 times, most recently
from
550b2ee to
43fa128
Compare
yrliou
force-pushed
the
unstoppable_domains
branch
from
43fa128 to
e29bfde
Compare
bridiver
reviewed
Feb 24, 2021
| @@ -20,7 +20,19 @@ Polymer({ | |||
| showRestartToast_: Boolean, | |||
| torEnabled_: Boolean, | |||
| widevineEnabled_: Boolean, | |||
| disableTorOption_: Boolean | |||
| disableTorOption_: Boolean, | |||
| udEnabled_: Boolean, | |||
There was a problem hiding this comment.
please don't abbreviate, it makes it much harder to find things when searching.
yrliou
force-pushed
the
unstoppable_domains
branch
from
cb6294d to
fbe1607
Compare
bridiver
approved these changes
Mar 2, 2021
yrliou
force-pushed
the
unstoppable_domains
branch
from
11a3365 to
5446cc6
Compare
- Do not abbreviate unstoppable domains in brave_default_extensions_page - Add comment to stub_resolver_config_reader override - Separate Brave's own DnsTransaction unit tests - Remove patch of stub_resolver_config_reader.cc and settings_secure_dns_handler.cc - Update test - Move browser/unstoppable_domains into its own target
yrliou
force-pushed
the
unstoppable_domains
branch
2 times, most recently
from
5cac257 to
b612d3c
Compare
Before we were overriding SplitGroup and we will miss adding our DoH resolver if doh_templates is empty.
yrliou
force-pushed
the
unstoppable_domains
branch
from
b612d3c to
c3fc742
Compare
…nfig_reader.cc Add it back due to chromium_src override has duplicate codes which is risky.
|
CI has post-init failures only which are due to vulnerabilities found by audit_deps and unrelated to this PR, merging. |
yrliou
added a commit
that referenced
this pull request
Mar 18, 2021
Support Unstoppable Domains via DNS over HTTPS behind a feature flag
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support of Unstoppable Domains via public DoH endpoint https://resolver.unstoppable.io/dns-query provided by Unstoppable Domains, which currently is just a redirect to Cloudflare server https://eth.resolver.cloudflare-eth.com/dns-query without any logging.
This endpoint will only be used for name resolution if user set the resolve method to
Public DNS over HTTPS server, and it will only be used for name resolution of domains ended with.crypto. The way we achieve this in the PR is hooking in where chromium updates the secure dns configuration in network service, add the custom servers if pref is set to public DoH. These added custom servers will be skipped for non-crypto domains before making actual DNS attempt in DNS transactions.An interstitial page will be shown to users to opt in when users try to load *.crypto domains.
New setting for resolve method is added:
Resolves brave/brave-browser#14099
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed).Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on.
Test Plan:
This site can’t be reached.Go to settings, search for unstoppable, there should be no unstoppable domains resolve method setting.
Go to brave://flags and search for unstoppable and enable the feature flag.
Click Disable, should now see site can't be reached and
Method to resolve unstoppable domainsin brave://settings should now beDisabled.Change the resolve method setting back to ask and visit brave.crypto again.
Opt-in interstitial should be shown again, and this time click
Proceed.Page should be loaded now. (Note that there will be a brief moment that it is showing site is not reached while the page is loading, this is a known and will be addressed in a new issue.)
Method to resolve unstoppable domainsin brave://settings should now bePublic DNS over HTTP server.Open a new tab and visit brad.crypto, page should be loaded normally without any interstitial pages.