mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-04 13:47:39 +03:00
Code Issues Projects Releases Packages Wiki Activity

Unbreak cloaking plugin

Browse source 
In version 2.1.3, when the cloaking pluging was enabled, a blocked
response was returned for records that were not A/AAAA/PTR, even
with names that were not in the cloaked list.
This commit is contained in:
Frank Denis 2023-02-07 09:56:12 +01:00
parent 2edfdc48b8
commit 68f3ab249c
2 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
dnscrypt-proxy/plugin_cloak.go
View file

@ -136,12 +136,7 @@ func (plugin *PluginCloak) Reload() error {
func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error {
question := msg.Question[0]
if question.Qclass != dns.ClassINET ||
(question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR) {
if question.Qclass != dns.ClassINET || (question.Qtype != dns.TypeNS || question.Qtype == dns.TypeSOA) {
pluginsState.action = PluginsActionReject
pluginsState.returnCode = PluginsReturnCodeCloak
}
if question.Qclass != dns.ClassINET || question.Qtype == dns.TypeNS || question.Qtype == dns.TypeSOA {
return nil
}
now := time.Now()
@ -151,6 +146,12 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error
plugin.RUnlock()
return nil
}
if question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR {
plugin.RUnlock()
pluginsState.action = PluginsActionReject
pluginsState.returnCode = PluginsReturnCodeCloak
return nil
}
cloakedName := xcloakedName.(*CloakedName)
ttl, expired := plugin.ttl, false
if cloakedName.lastUpdate != nil {