Skip to content

Commit

Permalink
More heuristics to detect lying resolvers
Browse files Browse the repository at this point in the history
  • Loading branch information
@jedisct1
jedisct1 committed Jan 11, 2025
1 parent b74b46c commit f332394
Showing 1 changed file with 19 additions and 4 deletions.
23 changes: 19 additions & 4 deletions dnscrypt-proxy/serversInfo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -621,11 +621,26 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
false,
)
if err == nil {
if msg.Rcode != dns.RcodeNameError && msg.Id == 0xcafe {
dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
return ServerInfo{}, fmt.Errorf("[%s] unexpected catchall response", name)
if msg.Id != 0xcafe {
dlog.Infof("[%s] handling of DNS message identifiers is broken", name)
}
for _, rr := range msg.Answer {
if rr.Header().Rrtype == dns.TypeA || rr.Header().Rrtype == dns.TypeAAAA {
dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
}
}
for _, rr := range msg.Extra {
if rr.Header().Rrtype == dns.TypeTXT {
dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
txts := rr.(*dns.TXT).Txt
cause := ""
if len(txts) > 0 {
cause = txts[0]
}
return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
}
}
dlog.Debugf("[%s] seems to be also accessible over plain DNS", name)
}
}

Expand Down

0 comments on commit f332394

Please sign in to comment.