search

DNSCrypt / dnscrypt-proxy

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
https://dnscrypt.info
ISC License
11.44k stars 1.01k forks source link

=domain.tld is the same as *.domain.tld in cloaking-rules.txt file #1431

Closed techmagus closed 4 years ago

techmagus commented 4 years ago

Who is the bug affecting?

Me, and maybe other people? I haven't asked anyone.

What is affected by this bug?

cloaking-rules.txt file and possibly other similar lists/files

When does this occur?

All the time.

Where does it happen?

When setting =domain.tld

How do we replicate the issue?

  1. enable cloaking-rules.txt in dnscrypt-proxy.toml
  2. edit cloaking-rules.txt
  3. add, for example: =duckduckgo.com safe.duckduckgo.com
  4. restart dnscrypt-proxy
  5. visit https://help.duckduckgo.com --> it will load duckduckgo.com search instead of the help website

Expected behavior (i.e. solution)

=domain.tld should only apply to the specific domain name itself and should not affect any other subdomains.

In the example above, help.duckduckgo.com should load the correct website.

Other Comments

Current workaround is to manually add all other subdomains which should not be affected by the mapping.

Thank you.

jedisct1 commented 4 years ago

help.duckduckgo.com is another name for duckduckgo.com:

$ dig help.duckduckgo.com

help.duckduckgo.com.    2399    IN  CNAME   duckduckgo.com.
duckduckgo.com.     2399    IN  A   40.114.177.156

With =duckduckgo.com cloaking, this is a different IP than duckduckgo:

$ dig  duckduckgo.com @127.0.0.1
duckduckgo.com. 543 IN  A   40.114.177.246

If you try something else:

$ dig somethingelse.duckduckgo.com @127.0.0.1

;somethingelse.duckduckgo.com.  IN  A

;; AUTHORITY SECTION:
duckduckgo.com.     490 IN  SOA dns1.p05.nsone.net. hostmaster.nsone.net. 1596035296 7200 7200 1209600 10800

You don't get the same response as duckduckgo.com

Cloaking matches patterns the same way as other plugins.

jedisct1 commented 4 years ago

And in a web browser, help.duckduckgo.com properly loads the help page for me.

Query log:

127.0.0.1   duckduckgo.com  AAAA    CLOAK   0ms -
127.0.0.1   duckduckgo.com  A   CLOAK   0ms -
127.0.0.1   help.duckduckgo.com A   PASS    0ms -
127.0.0.1   help.duckduckgo.com AAAA    PASS    17ms    acsacsar-ams-ipv4