Fix DoH Fallback Check and Short Study Implementation [chromium/src : main]

0 views
Skip to first unread message

Brian Begnoche (Gerrit)

unread,
Mar 24, 2026, 3:35:48 PM (11 days ago) Mar 24
to AyeAye, zackha...@chromium.org, nwoked...@chromium.org, bnc+...@chromium.org, andysjl...@chromium.org, xinghui...@chromium.org, network-ser...@chromium.org, vakh+safe_br...@chromium.org, net-r...@chromium.org, druber...@chromium.org, fenced-fra...@chromium.org

Brian Begnoche added 2 comments

File net/dns/dns_client.cc
Line 211, Patchset 5 (Latest): if (!context->ShouldAllowDohFallback()) {
Brian Begnoche . unresolved

We've been talking about the fact that we don't want DoH probes and canary domain check to fire because of the unconditionally populated DoH config.

We could add this same check to NetworkContext::ActivateDohProbes, although it would only want to do that when `should_perform_doh_fallback_upgrade` is true. Maybe it can get to the DnsConfig already, or this needs to be surfaced via ResourceContext in some fashion.

And CanaryDomainService could do the same check via ResourceContext.

I think I would propose a new method that checks should_perform_doh_fallback_upgrade and ShouldAllowDohFallback to return whether DoH probes (including canary domain) should be active.

Something along those lines.

File net/dns/host_resolver.h
Line 575, Patchset 5 (Latest): virtual void SetDohFallbackAllowed(bool allowed);
Brian Begnoche . unresolved

Maybe this should only be added to ContextHostResolver.

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Id2dadf2446ab9147cff1f7e585ae22165a245474
Gerrit-Change-Number: 7689192
Gerrit-PatchSet: 5
Gerrit-Owner: Brian Begnoche <b...@chromium.org>
Gerrit-Comment-Date: Tue, 24 Mar 2026 19:35:42 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Andrew Williams (Gerrit)

unread,
Mar 31, 2026, 2:21:41 PM (4 days ago) Mar 31
to Brian Begnoche, AyeAye, zackha...@chromium.org, nwoked...@chromium.org, bnc+...@chromium.org, andysjl...@chromium.org, xinghui...@chromium.org, network-ser...@chromium.org, vakh+safe_br...@chromium.org, net-r...@chromium.org, druber...@chromium.org, fenced-fra...@chromium.org
Attention needed from Brian Begnoche

Andrew Williams added 5 comments

Patchset-level comments
File-level comment, Patchset 6 (Latest):
Andrew Williams . resolved

Posting some updates for knowledge sharing

File chrome/browser/net/profile_network_context_service.cc
Line 210, Patchset 6 (Latest): if (secure_dns_mode != net::SecureDnsMode::kAutomatic) {
Andrew Williams . unresolved

I think for simplicity we should just check `safe_browsing::IsEnhancedProtectionEnabled(profile_prefs)` here, because all the other cases will be handled elsewhere... I've implemented it this way (but correct me if I'm wrong on this!)

File chrome/browser/safe_browsing/generated_safe_browsing_pref.cc
Line 107, Patchset 6 (Latest):void GeneratedSafeBrowsingPref::OnSafeBrowsingPreferencesChanged() {
Andrew Williams . unresolved

From chatting with Gemini, IIUC GeneratedSafeBrowsingPref is only used for the settings but this pref can change via other means as well, for instance via the pref syncing. I ended up monitoring for changes to the ESB prefs in ProfileNetworkContextService

File net/dns/dns_client.cc
Line 211, Patchset 5: if (!context->ShouldAllowDohFallback()) {
Brian Begnoche . unresolved

We've been talking about the fact that we don't want DoH probes and canary domain check to fire because of the unconditionally populated DoH config.

We could add this same check to NetworkContext::ActivateDohProbes, although it would only want to do that when `should_perform_doh_fallback_upgrade` is true. Maybe it can get to the DnsConfig already, or this needs to be surfaced via ResourceContext in some fashion.

And CanaryDomainService could do the same check via ResourceContext.

I think I would propose a new method that checks should_perform_doh_fallback_upgrade and ShouldAllowDohFallback to return whether DoH probes (including canary domain) should be active.

Something along those lines.

Andrew Williams

Thanks, that makes sense. I don't know that NetworkContext::ActivateDohProbes is the right spot because the DnsConfig is not easily available there IIUC... I ended up adding it into DnsOverHttpsProbeRunner::ContinueProbe

File net/dns/host_resolver.h
Line 575, Patchset 5: virtual void SetDohFallbackAllowed(bool allowed);
Brian Begnoche . unresolved

Maybe this should only be added to ContextHostResolver.

Andrew Williams

I tried this and it turns out that the per-profile NetworkContext uses more than just ContextHostResolver, specifically for tests. There's like three different classes that get used. I ended up adding the HostResolver method

Open in Gerrit

Related details

Attention is currently required from:
  • Brian Begnoche
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Id2dadf2446ab9147cff1f7e585ae22165a245474
Gerrit-Change-Number: 7689192
Gerrit-PatchSet: 6
Gerrit-Owner: Brian Begnoche <b...@chromium.org>
Gerrit-CC: Andrew Williams <awi...@chromium.org>
Gerrit-Attention: Brian Begnoche <b...@chromium.org>
Gerrit-Comment-Date: Tue, 31 Mar 2026 18:21:36 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Brian Begnoche <b...@chromium.org>
satisfied_requirement
unsatisfied_requirement
open
diffy

Andrew Williams (Gerrit)

unread,
Apr 3, 2026, 1:47:27 PM (22 hours ago) Apr 3
to Brian Begnoche, AyeAye, zackha...@chromium.org, nwoked...@chromium.org, bnc+...@chromium.org, andysjl...@chromium.org, xinghui...@chromium.org, network-ser...@chromium.org, vakh+safe_br...@chromium.org, net-r...@chromium.org, druber...@chromium.org, fenced-fra...@chromium.org
Attention needed from Brian Begnoche

Andrew Williams added 1 comment

Patchset-level comments
Andrew Williams . resolved
I ended up splitting this up into the following CLs:
 - https://chromium-review.googlesource.com/c/chromium/src/+/7704626 - Move kForceSecureDnsDohFallback feature to net/
 - https://chromium-review.googlesource.com/c/chromium/src/+/7723198 - [DoH] Remove fallback upgrade managed preference logic
 - https://chromium-review.googlesource.com/c/chromium/src/+/7704042 - [DoH] Prevent use of fallback DoH provider when ESB disabled
 - https://chromium-review.googlesource.com/c/chromium/src/+/7710806 - [DoH] Prevent DoH probes and canary domain check if pref disabled
 - https://chromium-review.googlesource.com/c/chromium/src/+/7718918 - [DoH] Move kForceSecureDnsDohFallback to the network service

Thanks for putting this together!

Open in Gerrit

Related details

Attention is currently required from:
  • Brian Begnoche
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Id2dadf2446ab9147cff1f7e585ae22165a245474
Gerrit-Change-Number: 7689192
Gerrit-PatchSet: 6
Gerrit-Owner: Brian Begnoche <b...@chromium.org>
Gerrit-CC: Andrew Williams <awi...@chromium.org>
Gerrit-Attention: Brian Begnoche <b...@chromium.org>
Gerrit-Comment-Date: Fri, 03 Apr 2026 17:47:19 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy
Reply all
Reply to author
Forward
0 new messages