This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is Firefox 36 on Windows receiving connections from DNS servers? Option network.dns.get-ttl

  • 1 reply
  • 3 have this problem
  • 1 view
  • Last reply by jayelbe

more options

Subsequent to updating to Firefox 36, my firewall has been inundating me with requests to allow external connections from the Internet to my browser. Looking into this in more detail, Comodo Firewall is indicating that external Internet sites are trying to connect to Firefox, from port 53 to an arbitrary port on my machine.

If I disable the new FF36 option network.dns.get-ttl, this stops. I can't find any documentation or help on this option.

Why is Firefox doing this? Is Comodo incorrect when it labels this as an external attempt to connect? (It's normally been extremely good at differentiating between inbound & outbound traffic). I'm assuming that Firefox is trying to determine TTL for DNS caching, but it doesn't make sense why DNS servers are then trying to connect back to me.

I'm loathe to create a firewall rule that states arbitrary connections from the Internet to my machine are OK as long as they originated on port 53, so advice on how to manage whatever this new feature is securely would be appreciated.

Thanks in advance for any assistance.

Subsequent to updating to Firefox 36, my firewall has been inundating me with requests to allow external connections from the Internet to my browser. Looking into this in more detail, Comodo Firewall is indicating that external Internet sites are trying to connect to Firefox, from port 53 to an arbitrary port on my machine. If I disable the new FF36 option network.dns.get-ttl, this stops. I can't find any documentation or help on this option. Why is Firefox doing this? Is Comodo incorrect when it labels this as an external attempt to connect? (It's normally been extremely good at differentiating between inbound & outbound traffic). I'm assuming that Firefox is trying to determine TTL for DNS caching, but it doesn't make sense why DNS servers are then trying to connect back to me. I'm loathe to create a firewall rule that states arbitrary connections from the Internet to my machine are OK as long as they originated on port 53, so advice on how to manage whatever this new feature is securely would be appreciated. Thanks in advance for any assistance.

Chosen solution

Hi grammarye,

Yep, you're right in thinking that Firefox is attempting to look up the TTL. This is new behaviour in Firefox 36 and was introduced because services with frequently changing DNS records (like Cloudflare) weren't working correctly for Firefox users.

Firefox makes asynchronous DNS lookups - meaning it will make a DNS request and then proceed to do other work instead of waiting for a response.

Your ISP's DNS server will only cache a domain's TTL for a short time, so if it doesn't have the current TTL, it will query with other DNS servers to find it.

IANAE, but presumably what's happening is thus:

  1. Firefox attempts to lookup the DNS record for the domain you wish to connect to
  2. Your ISP's DNS server doesn't have the current TTL, so connects with other DNS servers to find it
  3. During the delay, Firefox busies itself with something else
  4. DNS server then reconnects to give you the full DNS record, including TTL
  5. Comodo sees the packets from the DNS server and panics

I completely agree that whitelisting arbitrary ports is a bad idea, but in this case the behaviour is completely innocuous.

You may wish to whitelist Firefox in your Comodo firewall, or continue to leave network.dns.get-ttl disabled.

(edited to fix broken links and add a sentence)

Read this answer in context 👍 0

All Replies (1)

more options

Chosen Solution

Hi grammarye,

Yep, you're right in thinking that Firefox is attempting to look up the TTL. This is new behaviour in Firefox 36 and was introduced because services with frequently changing DNS records (like Cloudflare) weren't working correctly for Firefox users.

Firefox makes asynchronous DNS lookups - meaning it will make a DNS request and then proceed to do other work instead of waiting for a response.

Your ISP's DNS server will only cache a domain's TTL for a short time, so if it doesn't have the current TTL, it will query with other DNS servers to find it.

IANAE, but presumably what's happening is thus:

  1. Firefox attempts to lookup the DNS record for the domain you wish to connect to
  2. Your ISP's DNS server doesn't have the current TTL, so connects with other DNS servers to find it
  3. During the delay, Firefox busies itself with something else
  4. DNS server then reconnects to give you the full DNS record, including TTL
  5. Comodo sees the packets from the DNS server and panics

I completely agree that whitelisting arbitrary ports is a bad idea, but in this case the behaviour is completely innocuous.

You may wish to whitelist Firefox in your Comodo firewall, or continue to leave network.dns.get-ttl disabled.

(edited to fix broken links and add a sentence)

Modified by jayelbe