From f332394c4b60709d6ec0c6d07fc2cf967f71f7d1 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 11 Jan 2025 15:17:11 +0100
Subject: [PATCH] More heuristics to detect lying resolvers

---
 dnscrypt-proxy/serversInfo.go | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
index 3b63eb0b..442000c3 100644
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@@ -621,11 +621,26 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 			false,
 		)
 		if err == nil {
-			if msg.Rcode != dns.RcodeNameError && msg.Id == 0xcafe {
-				dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
-				return ServerInfo{}, fmt.Errorf("[%s] unexpected catchall response", name)
+			if msg.Id != 0xcafe {
+				dlog.Infof("[%s] handling of DNS message identifiers is broken", name)
+			}
+			for _, rr := range msg.Answer {
+				if rr.Header().Rrtype == dns.TypeA || rr.Header().Rrtype == dns.TypeAAAA {
+					dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
+					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
+				}
+			}
+			for _, rr := range msg.Extra {
+				if rr.Header().Rrtype == dns.TypeTXT {
+					dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
+					txts := rr.(*dns.TXT).Txt
+					cause := ""
+					if len(txts) > 0 {
+						cause = txts[0]
+					}
+					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
+				}
 			}
-			dlog.Debugf("[%s] seems to be also accessible over plain DNS", name)
 		}
 	}