search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.66k stars 358 forks source link

Feature request: DNS Over TLS Unblock/Bypass for specific domains #243

Closed reece146 closed 4 years ago

reece146 commented 4 years ago
  1. What's the feature?

Bypass DOT for some domains

  1. Why do you need this feature?

Some web links embedded in marketing emails route through spammy-mcspam metrics/surveillance gathering sites like rs6.net which breaks the link. It would be good to be able to turn off domain routing over tls for specific domains if the user is comfortable with that.

  1. Extra information?

Bring a Trailer daily emails show the latest cars up for auction and all the links to view the auction landing page route through rs6.net. In the container configuration toggling DOT=off lets the URL at rs6.net to work. DOT=on blocks it (rs6.net not participating somehow?).

Example email:

bat_sample

The link for the Mercedes is:

http://r20.rs6.net/tn.jsp?f=0015PKB535iiVjdGYCdQ48agaH24NSGYgfTSgthePwP1QZz59kLV6ITp6yxod9M7qutzR___hQndzK5jwqdhLeZ8KekzYJ94Fqbc0bGOl87W1RSH9TRDJJjBHciRaiN8OwKBh5MeX8UzVRbAm6jTP5FB1DqU0wVh9KbffIeAQH8MW36JjiTmCIaWBgjmtK76KcnAcjVtjxWYRWOu9F6Z0j1LHLpsfemnxs-K2a0CXi4NctTVVcQoak52P8m7T7ciLcILViVkv7YYfZMgsDdjn0IOMQBOMHPcPl8xQD7ztDbch_b6ECqoQ_5cS2_g2kE-YUPy0f27K93EYQ=&c=6D4Z9Kcp2FFS8t_L8kU4WChUCHn-pYdO0HPSuxTTaaVWFJwM4jz_ug==&ch=lFlmR9kQImVa8xLix8YiC3sxeOw4IIueiZFJ1quoTaizxV6lXxtvOw==

In my experience BAT always routes through r20.rs6.net but wildcarding similar to *.rs6.net would be a good thing to have also.

Thanks.

qdm12 commented 4 years ago

You can already do that with the UNBLOCK environment variable. Not sure if it works for all subdomains if you specify a domain but have a try πŸ˜‰ It might.

reece146 commented 4 years ago

Yeah, I tried that. Should have said above - sorry.

I thought it might have been the malicious site blocking but no combination of on/off or unblock allowed that domain to work. I think it's DOT not working with that specific domain versus the malicious site code blocking it.

:sad_panda:

qdm12 commented 4 years ago

Just tested it, setting -e UNBLOCK=rs6.net unblocks the weblink you sent above. If that doesn't work which DOT provider(s) are you using?

reece146 commented 4 years ago

Ugh, sorry, my testing is suspect. It works now - I must have fat-fingered something because I basically just uncommented the unblock and restarted script that starts the container.

Thanks for the help/patience.

:)

qdm12 commented 4 years ago

Glad it worked out for you πŸ‘ That was fun looking at cars, an original issue I have to admin πŸ˜„ Enjoy!