github-actions[bot]
commented
2 days ago Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:
- 🗣️ Our community on Discord is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help.
- 📖 The Wiki answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing.
dhaavi
What happened: I was capturing network traffic in Wireshark with display filter "dns" and saw packets with ICMP protocol that had unencrypted DNS data in them and additional records with the name "inf.portmaster". It happens only when Windows Defender Firewall is disabled. It doesn't happen on linux. This can also be seen on router when doing sshdump capture in Wireshark.
What did you expect to happen?: That Pormaster send dns queries with DNS over HTTPS and redirect all plain dns queries.
How did you reproduce it?: download "Top 1000000 domains" from cloudflare https://radar.cloudflare.com/domains run nslookup on random domains from the list run wireshark with display filter "dns" some dns queries are visible in wireshark
example packet: Frame 291105: 355 bytes on wire (2840 bits), 355 bytes captured (2840 bits) on interface \Device\NPF_{xxxxxxxxxxxxx}, id 0 Ethernet II, Src: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx) Internet Protocol Version 4, Src: 192.168.x.xxx (192.168.x.xxx), Dst: dns9.quad9.net (9.9.9.9) Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0xxxxx [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: dns9.quad9.net (9.9.9.9), Dst: 192.168.x.xxx (192.168.x.xxx) User Datagram Protocol, Src Port: 53, Dst Port: 59904 Source Port: 53 Destination Port: 59904 Length: 293 Checksum: 0xd720 [unverified] [Checksum Status: Unverified] [Stream index: 1512] UDP payload (285 bytes) Domain Name System (response) Transaction ID: 0x0002 Flags: 0x8180 Standard query response, No error Questions: 1 Answer RRs: 2 Authority RRs: 0 Additional RRs: 3 Queries mall.com: type A, class IN Name: mall.com [Name Length: 8] [Label Count: 2] Type: A (1) (Host Address) Class: IN (0x0001) Answers mall.com: type CNAME, class IN, cname cname.mall.com Name: mall.com Type: CNAME (5) (Canonical NAME for an alias) Class: IN (0x0001) Time to live: 17 (17 seconds) Data length: 16 CNAME: cname.mall.com cname.mall.com: type A, class IN, addr 116.63.177.106 Name: cname.mall.com Type: A (1) (Host Address) Class: IN (0x0001) Time to live: 17 (17 seconds) Data length: 4 Address: cname.mall.com (116.63.177.106) Additional records inf.portmaster: type TXT, class IN Name: inf.portmaster Type: TXT (16) (Text strings) Class: IN (0x0001) Time to live: 0 (0 seconds) Data length: 31 TXT Length: 30 TXT: accepted: allowing dns request inf.portmaster: type TXT, class IN Name: inf.portmaster Type: TXT (16) (Text strings) Class: IN (0x0001) Time to live: 0 (0 seconds) Data length: 61 TXT Length: 60 TXT: freshly resolved by Quad9 (https://dns.quad9.net:443#config) inf.portmaster: type TXT, class IN Name: inf.portmaster Type: TXT (16) (Text strings) Class: IN (0x0001) Time to live: 0 (0 seconds) Data length: 23 TXT Length: 22 TXT: record valid for 10m0s [Unsolicited: True]
Debug Information: debug_info.txt debug info is from beta channel but it also happens on stable