No Local DNS error for SSL sites if convergence is installed

Any feedback, suggestion, bug reports, problems....
Post Reply
nitrox
Posts: 1
Joined: Fri Feb 03, 2012 12:09 pm

No Local DNS error for SSL sites if convergence is installed

Post by nitrox » Fri Feb 03, 2012 12:35 pm

Flagfox was showing flags for SSL sites before I installed convergence but after installation whenever i visit a SSL site for eg. https://encrypted.google.com/, i get Your current proxy settings do not allow local DNS requests.

Firefox proxy settings is set to No Proxy and network.proxy.socks_remote_dns is set to false (default value).

Here is a screenshot http://i.imgur.com/qDEwb.png

Convergence can be downloaded from http://convergence.io/

The issue can also be reproduced in Firefox Stable, Beta and Nightly as well.

User avatar
DaveG
Flagfox Developer
Posts: 723
Joined: Wed Oct 03, 2007 9:06 pm
Location: Philadelphia, USA

Re: No Local DNS error for SSL sites if convergence is insta

Post by DaveG » Fri Feb 03, 2012 7:29 pm

I just tested this out and it's easy to reproduce.

Near as I can tell, the Convergence addon works by itself acting as an internal proxy for all SSL connections so it can do its thing. This wouldn't necessarily mean that Flagfox couldn't also fetch the DNS request, but it seems that Firefox is being told to not let anyone else do so. I think I'm doing things correctly here by listening to what Firefox tells me via the transparent proxy flag, and this addon sets that somehow (I don't know if it's directly or indirectly), thus telling things that it's the only thing allowed to do DNS lookups. I do think it is odd that even with all normal proxy settings saying otherwise this seems to be the case. I'm looking into this some more now.

User avatar
DaveG
Flagfox Developer
Posts: 723
Joined: Wed Oct 03, 2007 9:06 pm
Location: Philadelphia, USA

Re: No Local DNS error for SSL sites if convergence is insta

Post by DaveG » Fri Feb 03, 2012 8:37 pm

DaveG wrote:transparent proxy flag, and this addon sets that somehow (I don't know if it's directly or indirectly), thus telling things that it's the only thing allowed to do DNS lookups.
Apparently they directly set that flag in their extension. I don't know if they really need to do so or not, however. Nonetheless, they are telling Firefox that all who listen should not do DNS lookups themselves.

My only thought would be to additionally check for the specific type of proxy that would normally go with this, but then that would probably break Flagfox under other proxy software.

I don't see a good solution to this problem right now. (at least, not one that is possible to attempt while I still support the 250k Firefox 3.x users)

Post Reply