feature request : disable query type 65

[cattyhouse]

macOS and iOS, especially Safari, sends query type=65 along with type A and AAAA on each request, this can some times leads to safari can't find the server error, because right now dnsproxy can't handle that kind of query, maybe i am wrong saying this.

right now i use iptables method to drop such query

iptables -t mangle -I PREROUTING -p udp --dport 53 -m string --from 40 --algo bm --hex-string '|000041|' -j DROP

000041 is a hex form of decimal 65

https://en.wikipedia.org/wiki/List_of_DNS_record_types

is it possible to add an option to disable that query type?

thanks

some reference

https://github.com/blinkseb/dnsmasq-patched/blob/main/ignore_https_rr_queries.patch

[ameshkov]

Why, dnsproxy actually can handle any query, it just forwards it further to the upstream DNS server which should be able to do that.

dnsproxy is supposed to be a simple forwarder, all kinds of filtering can be done by AdGuard Home that uses dnsproxy as a library.

[cattyhouse]

Thanks, since dnsproxy is able to --disable-ipv6, would you mind adding an option like --disable-type65?

[ameshkov]

I knew we shouldn't have added disable-ipv6 in the first place :)

But the point still stands, we don't want it to be a "filter", this just a forwarder.