Bug 207550

Summary: Konqueror performs DNS lookups even though proxy is configured
Product: konqueror Reporter: Alain Knaff <kde>
Component: generalAssignee: Dawit Alemayehu <adawit>
Status: RESOLVED FIXED    
Severity: minor CC: adawit, aspotashev, christian.apeltauer
Priority: NOR    
Version: 4.3.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In: 4.7.0

Description Alain Knaff 2009-09-16 10:49:28 UTC
Version:            (using KDE 4.3.0)
OS:                Linux
Installed from:    Fedora RPMs

When browsing, konqueror looks up the Web server's name in DNS, even though a proxy is configured. Normally, the web browser is supposed to send the host name to the proxy "as is", and not attempt to perform a local resolution.

Rated as severe due to the privacy implications and due to its sneakiness: 
Indeed, performing a local resolution may be a privacy list when surfing on an untrusted network, connected to a HTTP proxy via an SSH tunnel. Anybody spying on the local network will still see the host names, even though the traffic itself is encrypted.

I only discovered this by chance while attempting to surf while DNS was down. Other people might "discover" the bug by being called for a "surprise meeting" into their manager's office... :-)

Other browsers, such as Firefox, don't do this.
Comment 1 Dawit Alemayehu 2011-03-24 17:58:41 UTC
This is not as nefarious as you made it out to be. There is nothing sneaky about what konqueror, which is NOT the cluprit anyways, does here. After all you requested to browse the site. It is not as if it did the query for something you did not enter behind your back.

Anyhow, if you want to remove the DNS query which happens because of the URIFilter plugins, then locate and remove the 'localdomainurifilter' and 'fixhosturifilter' plugins from your system. There are two ways you can do that:

#1. Do a locate for the plugins names stated above, e.g. locate fixhosturifilter.

#2. Remove the .desktop and .so files found as a result of step #1 OR

#3. Copy the .desktop files found to your own local services directory, usually ~/.kde/share/kde4/services, and replace the content with

[Desktop Entry]
Hidden=true

Viola, the DNS query should go away once you restart any running instances of Konqueror. Oh and since almost all browsers support DNS prefetching to speed up the download of resources, it is not entirely correct to claim that "other browses , such as Firefox, do not do this either.

For the HTTPS over proxy case, there is an additional DNS query that happens at the lower levels inside KIO ; so unless that gets resolved this issue will not be completely resolved.
Comment 2 Dawit Alemayehu 2011-05-20 03:45:12 UTC
Git commit 65aabc8c6df6d25fc35d06ad880ecdc9a2e43291 by Dawit Alemayehu.
Committed on 01/05/2011 at 17:46.
Pushed by adawit into branch 'master'.

Avoid resolving host names in TCPSlaveBase::connectToHost.

This basically reverts commit 79c4ed8a7c7fe18f4c1d02d5faba5e7a412f57ae which
was a workaround for bugs in hardware that was caused by QAbstractSocket's
potential propensity to perform multiple look ups when connectToHost and
waitForConnected are called successively.

BUG: 207550
BUG: 162600
REVIEW: 101338

M  +13   -29   kio/kio/tcpslavebase.cpp     

http://commits.kde.org/kdelibs/65aabc8c6df6d25fc35d06ad880ecdc9a2e43291
Comment 3 Alain Knaff 2011-05-20 12:20:27 UTC
Thanks for fixing this eventually, it is reassuring that the KDE team still values privacy.
Comment 4 Dawit Alemayehu 2011-05-28 03:44:41 UTC
*** Bug 191372 has been marked as a duplicate of this bug. ***