search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.27k stars 418 forks source link

Dashboard: A single query is represented as multiple types (Blocked+Auth, Recurse+Auth, Cached+Auth) #627

Closed ztheory closed 1 year ago

ztheory commented 1 year ago

When querying for a domain on a blocklist, it generates the following counts in the Dashboard:

Blocked: 1 Authoritative: 1 No Error: 2 Total: 2

When querying for a domain that recurses, it generates the following counts in the Dashboard:

Recursive: 1 Authoritative: 1 No Error: 2 Total: 2

When querying for a domain that is cached, it generates the following counts in the Dashboard:

Cached: 1 Authoritative: 1 No Error: 2 Total: 2

Essentially, a single query is represented twice; once as the expected type (Blocked, Recursive, Cached), and once as Authoritative resulting in 2x No Error and 2x Total.

Technically, indeed a Cached or Blocked response is an authoritative answer from the DNS server/proxy, but there is then no way to distinguish between an Authoritative answer which is in a local zone, and everything else.

Would it not be better to only count queries which are authoritative by way of being in a local zone as authoritative in the Dashboard so the total query count for all these other types is not duplicated?

ShreyasZare commented 1 year ago

Thanks for the post. I tried it on my test setup and its working as expected. Can you give steps on how did you test this to help reproduce it?

ztheory commented 1 year ago

The only option I changed/set after installation was setting Quad9 (DNS over TLS) in the Quick Setup section, added a test domain to the blocklist, and enabled full query logs.

If I run a simple nslookup for a blocked domain, I can replicate the issue, which goes for all the above cases (Cached, Recursive) Blocked domain: nslookup -type=a hello123.com. 127.0.0.1

ztheory commented 1 year ago

Sorry, false alarm. After looking at a packet capture of the loopback interface, it appears there's a PTR request for 1.0.0.127.in-addr.arpa sent to localhost as well for each request when querying from the Command Prompt. If I query from another host on the network, I cannot replicate this.

Closing this Issue.

image

ShreyasZare commented 1 year ago

Yes, nslookup will do PTR query to resolve name of the DNS server from its IP which will count as authoritative on the dashboard due to the 127.in-addr.arpa zone which answers it.