dns-over-https-proxy icon indicating copy to clipboard operation
dns-over-https-proxy copied to clipboard
verified publisher icon wrouesnel

bug!!!

Open jzp820927 opened this issue 9 years ago • 5 comments

netstat -lunp|egrep 63 udp 0 0 0.0.0.0:63 0.0.0.0:* 19550/dns-over-http

dig www.facebook.com -p 63 ;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.facebook.com -p 63 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33103 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: Message has 43 extra bytes at end

;; QUESTION SECTION: ;www.facebook.com. IN A

;; Query time: 634 msec ;; SERVER: 127.0.0.1#63(127.0.0.1) ;; WHEN: Tue Jun 21 18:45:34 CST 2016 ;; MSG SIZE rcvd: 105

jzp820927 avatar Jun 21 '16 10:06 jzp820927

Thanks for the report. This one is a little odd - by default Google gives you quite a bit of information back, which you can add to DNS replies (and I do) but dig tends not to like it. By and large, it seems to keep working as a practical resolver.

wrouesnel avatar Jun 21 '16 13:06 wrouesnel

$ nslookup

set port=63 www.google.com Server: 127.0.0.1 Address: 127.0.0.1#63

Non-authoritative answer: Name: www.google.com Address: 64.233.189.105 Name: www.google.com Address: 64.233.189.106 Name: www.google.com Address: 64.233.189.99 Name: www.google.com Address: 64.233.189.104 Name: www.google.com Address: 64.233.189.147 Name: www.google.com Address: 64.233.189.103

www.facebook.com ;; Warning: Message parser reports malformed message packet. Server: 127.0.0.1 Address: 127.0.0.1#63

Non-authoritative answer: *** Can't find www.facebook.com: No answer

jzp820927 avatar Jun 21 '16 14:06 jzp820927

This is because it cannot handle CNAME type answers.

This hack just ignores them:

@@ -259,7 +174,10 @@ func proxy(addr string, w dns.ResponseWriter, req *dns.Msg) {
        // Parse google RRs to DNS RRs
        answers := []dns.RR{}
        for _, a := range dnsResp.Answer {
-               answers = append(answers, NewRR(a))
+               log.Debugln(a)
+               if (a.Type != 5) {
+                       answers = append(answers, NewRR(a))
+               }
        }

        // Parse google RRs to DNS RRs

mattm404 avatar Sep 30 '16 10:09 mattm404

thx!

jzp820927 avatar Oct 01 '16 02:10 jzp820927

nslookup www.facebook.com Server: 127.0.0.1 Address: 127.0.0.1#53

Non-authoritative answer: Name: star-mini.c10r.facebook.com Address: 31.13.95.36 Name: star-mini.c10r.facebook.com Address: 2a03:2880:f102:83:face:b00c:0:25de

ping www.facebook.com ping: unknown host www.facebook.com

jzp820927 avatar Dec 01 '16 18:12 jzp820927