Open jedisct1 opened 9 years ago
Thank you for your input. I updated the library to handle multiple certificates and changed magic query to be extracted from certificates. The hardcoded value came from here: https://github.com/Cofyc/dnscrypt-wrapper - apparently all of the resolvers on the list use it, so I didn't noticed it may vary.
As for your last point, I'm not sure what is needed to be implemented here. Should I be checking for the TC flag in the response, and querying again?
Thanks for this pure Python implementation!
A few comments:
magic_query = '7PYqwfzt'
- I am not sure where this value comes from, but it probably shouldn't be hardcoded. The header is unique to a(provider,certificate)
pair, so that during a key rotation, the server knows what certificate the client is using. The value formagic_query
is part of the certificate.TC
flag is set in a response, the proxy increases the padding size for the following questions. That was implemented a long time ago in the client, and while this is not enforced in the server proxy yet, it will soon be by default.