ainar-g
commented
8 months ago I'm not sure I fully understand your request, sorry. Please provide an example of a dig command that should or should not succeed.
Closed bcookatpcsd closed 6 months ago
ainar-g
commented
8 months ago I'm not sure I fully understand your request, sorry. Please provide an example of a dig command that should or should not succeed.
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to request a feature or enhancement and not ask a question
The problem
docker hosts, chrome browser at least do dns probes looking for nodes or test dns return values.. while you are at it.. you could also add the microsoft ncsi domains.. and answer them locally.. (bonus request)
https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-captive-portals.txt
https://learn.microsoft.com/en-us/windows-server/networking/ncsi/ncsi-overview
https://github.com/AdguardTeam/AdGuardHome/issues/1705 is related to this request
Proposed solution
dnscrypt-proxy has a plugin which handles this..
https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_block_unqualified.go
and in relation to
https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_block_undelegated.go
Alternatives considered and additional information
possibly a regex .. before forwarding.. but that comes with its own problems/issues.
Thank you in advance.