search

ooni / probe

OONI Probe network measurement tool for detecting internet censorship
https://ooni.org/install
BSD 3-Clause "New" or "Revised" License
760 stars 142 forks source link

Feature: Record the user's resolver #2442

Open fortuna opened 1 year ago

fortuna commented 1 year ago

Please record the user's recursive resolver, since that's important information to determine censorship.

It's not easy to implement, but it's possible. It requires a special authoritative resolver that maps special domain names to recursive resolvers, then makes the information available via an API. It's probably easier if both the resolve and the API run on the same server.

Steps:

  1. Pick a domain to use. For example *.recursivelookup.ooni.org
  2. Run an authoritative DNS resolver, and configure it as the authoritative for the subdomain
  3. In the web probe, generate a long unique id, and use it to fetch https://<random_id>.recursivelookup.ooni.org/ from the client's browser.
  4. This will first trigger a client-side domain resolution that will hit your authoritative via the recursive. Store the recursive AS information under the "random_id" key. Return the server's own IP as the DNS question answer.
  5. The client will follow up with the HTTPS request to https://<random_id>.recursivelookup.ooni.org/. Return the recursive IP information that you stored. Now the probe knows what resolver the user is using!
hellais commented 1 year ago

yeah this is a good idea, though there are quite a bit of moving pieces to get this to work.

Thanks for bringing it up!