mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 02:14:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Trim unneeded entries

Browse source 
These servers never supported the DNSCrypt v2 protocol, and have
been a pain to maintain compatibility with. But the main issue
is that in some countries, they are now lying resolvers, *except*
for the certificate.

That makes it difficult to reliably detect that they are lying
resolvers. From a user perspective in these countries, it appears
that DNS queries randomly fail, when they are hitting these servers.

I tried to think of different ways to detect this, but couldn't
find anything satisfactory.

Maybe if they properly implement the DNSCrypt protocol some day,
they will take it as an opportunity to also fix that bug, and
return consistent error codes, even for the certificates.
This commit is contained in:
Frank Denis 2025-01-10 12:10:20 +01:00
parent 8987906653
commit c4879a21f7
2 changed files with 1 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
dnscrypt-proxy/config.go
View file

@ -154,7 +154,6 @@ func newConfig() Config {
BlockedQueryResponse: "hinfo",
BrokenImplementations: BrokenImplementationsConfig{
FragmentsBlocked: []string{
"cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6",
"cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6",
},
},

6
dnscrypt-proxy/example-dnscrypt-proxy.toml
View file

@ -774,10 +774,6 @@ format = 'tsv'
[broken_implementations]
## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
## truncate responses larger than questions as expected by the DNSCrypt protocol.
## This prevents large responses from being received over UDP and over relays.
##
## Older versions of the `dnsdist` server software had a bug with queries larger
## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
## some server may still run an outdated version.
@ -785,7 +781,7 @@ format = 'tsv'
## The list below enables workarounds to make non-relayed usage more reliable
## until the servers are fixed.
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cisco-sandbox', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
fragments_blocked = ['cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']