Skip to content

[Bug]: Preemptive DNS requests when typing Federated Cloud ID #57242

New issue
New issue
Open
Bug
Open
[Bug]: Preemptive DNS requests when typing Federated Cloud ID#57242
Bug
Labels
0. Needs triagePending check for reproducibility or if it fits our roadmapbug
@neijrr

Description

@neijrr
neijrr
opened on Dec 25, 2025

⚠️ This issue respects the following points: ⚠️

Bug description

When selecting user from other server by typing their Federated Cloud ID, server preemptively tries to resolve the domain, which causes several CannotReachRemoteException Host "..." violates local access rules + Host ... was not connected to because it violates local access rules, or CannotReachRemoteException No DNS record found for ... errors.

Steps to reproduce

Manually write user's cloud ID.

Expected behavior

DNS request and connection is only made when person tried to add user from other federation by pressing Enter or clicking on entry in user list, or few seconds after person stops typing.

Nextcloud Server version

32

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.3

Web server

Nginx

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "###",
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "32.0.1.2",
        "overwrite.cli.url": "https:\/\/###",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance_window_start": 1,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "default_phone_region": "RU",
        "skeletondirectory": "",
        "maintenance": false,
        "forbidden_filename_basenames": [
            "con",
            "prn",
            "aux",
            "nul",
            "com0",
            "com1",
            "com2",
            "com3",
            "com4",
            "com5",
            "com6",
            "com7",
            "com8",
            "com9",
            "com\u00b9",
            "com\u00b2",
            "com\u00b3",
            "lpt0",
            "lpt1",
            "lpt2",
            "lpt3",
            "lpt4",
            "lpt5",
            "lpt6",
            "lpt7",
            "lpt8",
            "lpt9",
            "lpt\u00b9",
            "lpt\u00b2",
            "lpt\u00b3"
        ],
        "forbidden_filename_characters": [
            "<",
            ">",
            ":",
            "\"",
            "|",
            "?",
            "*",
            "\\",
            "\/"
        ],
        "forbidden_filename_extensions": [
            " ",
            ".",
            ".filepart",
            ".part"
        ],
        "defaultapp": "files",
        "theme": "",
        "loglevel": 2,
        "user_oidc": {
            "login_label": "{name}"
        },
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "cadviewer"
        ],
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": true,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl"
    }
}

List of activated Apps

Enabled:
  - activity: 5.0.0-dev.0
  - bruteforcesettings: 5.0.0-dev.0
  - calendar: 6.1.2
  - circles: 32.0.0
  - cloud_federation_api: 1.16.0
  - comments: 1.22.0
  - contacts: 8.1.2
  - contactsinteraction: 1.13.1
  - dav: 1.34.2
  - deck: 1.16.3
  - external: 7.0.0
  - federatedfilesharing: 1.22.0
  - federation: 1.22.0
  - files: 2.4.0
  - files_downloadlimit: 5.0.0-dev.0
  - files_external: 1.24.0
  - files_reminders: 1.5.0
  - files_sharing: 1.24.0
  - files_trashbin: 1.22.0
  - files_versions: 1.25.0
  - forms: 5.2.3
  - groupfolders: 20.1.6
  - imageconverter: 2.1.0
  - logreader: 5.0.0-dev.0
  - lookup_server_connector: 1.20.0
  - nextcloud_announcements: 4.0.0-dev.0
  - notifications: 5.0.0-dev.0
  - notify_push: 1.2.1
  - oauth2: 1.20.0
  - onlyoffice: 9.12.0
  - password_policy: 4.0.0-dev.0
  - passwords: 2025.12.21
  - photos: 5.0.0-dev.1
  - privacy: 4.0.0-dev.0
  - profile: 1.1.0
  - provisioning_api: 1.22.0
  - recommendations: 5.0.0-dev.0
  - related_resources: 3.0.0-dev.0
  - serverinfo: 4.0.0-dev.0
  - settings: 1.15.1
  - sharebymail: 1.22.0
  - side_menu: 5.1.3
  - spreed: 22.0.7
  - support: 4.0.0-dev.0
  - survey_client: 4.0.0-dev.0
  - systemtags: 1.22.0
  - tables: 1.0.2
  - talk_matterbridge: 1.32.1026000
  - tasks: 0.17.1
  - text: 6.0.1
  - theming: 2.7.0
  - twofactor_backupcodes: 1.21.0
  - updatenotification: 1.22.0
  - user_oidc: 8.2.2
  - user_status: 1.12.0
  - viewer: 5.0.0-dev.0
  - weather_status: 1.12.0
  - webhook_listeners: 1.3.0
  - workflowengine: 2.14.0
Disabled:
  - admin_audit: 1.22.0
  - app_api: 32.0.0 (installed 32.0.0)
  - dashboard: 7.12.0 (installed 7.11.0)
  - encryption: 2.20.0
  - files_pdfviewer: 5.0.0-dev.0 (installed 5.0.0-dev.0)
  - firstrunwizard: 5.0.0-dev.0 (installed 4.0.0)
  - mail_roundcube: 1.2.2 (installed 1.2.2)
  - suspicious_login: 10.0.0-dev.0
  - twofactor_nextcloud_notification: 6.0.0-dev.0
  - twofactor_totp: 14.0.0
  - user_ldap: 1.23.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"AGjx7Uq4muCLJacGvCeA","level":2,"time":"2025-12-25T09:45:14+00:00","remoteAddr":"94.230.11.126","user":"[email protected]","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/spreed/api/v1/proxy/new/user-avatar/64/dark?cloudId=dolgopolovav%40d","message":"Host d was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0","version":"32.0.1.2","data":[],"id":"694d12e39b8a6"}
{"reqId":"AGjx7Uq4muCLJacGvCeA","level":3,"time":"2025-12-25T09:45:14+00:00","remoteAddr":"94.230.11.126","user":"[email protected]","app":"spreed","method":"GET","url":"/ocs/v2.php/apps/spreed/api/v1/proxy/new/user-avatar/64/dark?cloudId=dolgopolovav%40d","message":"Could not reach remote","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0","version":"32.0.1.2","exception":{"Exception":"OCA\\Talk\\Exceptions\\CannotReachRemoteException","Message":"Host \"d\" violates local access rules","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/ProxyRequest.php","line":166,"function":"request","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\ProxyRequest","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/Controller/AvatarController.php","line":78,"function":"get","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\ProxyRequest","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Controller/AvatarController.php","line":246,"function":"getUserProxyAvatar","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Controller/AvatarController.php","line":208,"function":"getUserProxyAvatar","class":"OCA\\Talk\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":204,"function":"getUserProxyAvatarDarkWithoutRoom","class":"OCA\\Talk\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":61,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/ocs/v2.php","line":8,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/ProxyRequest.php","Line":150,"Previous":{"Exception":"OCP\\Http\\Client\\LocalServerException","Message":"Host \"d\" violates local access rules","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Http/Client/Client.php","line":205,"function":"preventLocalAddress","class":"OC\\Http\\Client\\Client","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/ProxyRequest.php","line":128,"function":"get","class":"OC\\Http\\Client\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/ProxyRequest.php","line":166,"function":"request","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\ProxyRequest","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Federation/Proxy/TalkV1/Controller/AvatarController.php","line":78,"function":"get","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\ProxyRequest","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Controller/AvatarController.php","line":246,"function":"getUserProxyAvatar","class":"OCA\\Talk\\Federation\\Proxy\\TalkV1\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/apps/spreed/lib/Controller/AvatarController.php","line":208,"function":"getUserProxyAvatar","class":"OCA\\Talk\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":204,"function":"getUserProxyAvatarDarkWithoutRoom","class":"OCA\\Talk\\Controller\\AvatarController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":61,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/ocs/v2.php","line":8,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Http/Client/Client.php","Line":171},"message":"Could not reach remote","exception":[],"CustomMessage":"Could not reach remote"},"id":"694d12e39b8a3"}

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapbug

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions