[clug] firefox checks links?

Daniel Pittman daniel at rimspace.net
Mon Aug 24 19:02:21 MDT 2009 

Eyal Lebedinsky <eyal at eyal.emu.id.au> writes:

> This is ff 3.5.2 on f11.
>
> I notice a large number of reports in my log like
> 	named[3085]: network unreachable resolving 'gallery.orchidspng.com/A/IN': 2001:503:231d::2:30#53
> and I assume that many more lookups are done that do not fail.

That seems likely.  FWIW, since you evidently don't have working IPv6 you can
probably make your life nicer by configuring your resolver to look for IPv4
addresses only.

> After some checking I noted that this url is listed in a links page (my
> local homepage). I did not open any of these links, yet firefox shows some
> interest.
>
> What is firefox doing? I turned off safe-browsing - are there more such
> safety features in firefox?

Firefox had a feature to prefetch links from the page, perhaps you have that
turned on?  Check 'network.prefetch-next'.

Also, note that Firefox will also prefetch explicitly requested prefetch links
and all, so you may still see the behaviour.

(and, kids, *THIS* is why we never, ever use a web application that has a
 regular GET link that causes destructive changes, right? ;)

> Is it doing some kind of pre-emptive lookup (how can I disable it then)?

Possibly.

> I also notice messages like
> 	named[3085]: network unreachable resolving
> 	'storagereview.com.dlv.isc.org/DLV/IN': 2001:500:2c::254#53
> which I assume are the DNSSEC part of other lookup entries.

Well, they are part of the DLV check you configured as part of your DNSSEC
enabled resolver, but are caused by your configuring the resolver to check
IPv6 despite not having a working IPv6 configuration.

> Should I leave dnssec enabled?

I have no idea.  What is your threat model?  Why did you turn it on in the
first place?  Why do you think you should turn it off?

We can't tell you what level of security is appropriate to your situation and
tastes.  Only you can do that.

Regards,
        Daniel
-- 
✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons
   Looking for work?  Love Perl?  In Melbourne, Australia?  We are hiring.

More information about the linux mailing list