Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Match CNAME records against the blocklists #1185

Closed
3 tasks done
ameshkov opened this issue Nov 20, 2019 · 3 comments
Closed
3 tasks done

Match CNAME records against the blocklists #1185

ameshkov opened this issue Nov 20, 2019 · 3 comments
Assignees
@IldarKamalov @szolin
Labels
enhancement P3: Medium
Milestone
v0.100

Comments

@ameshkov
Copy link
Member

ameshkov commented Nov 20, 2019
edited

Check out the original issue:
uBlockOrigin/uBlock-issues#780

Here's what we should do:

  1. Match CNAME records against the blocklists
  2. Indicate in the query log that the response was blocked by matching a CNAME. It'd be ideal if we print the original response there as well.
  3. Please note, that if there's an exception rule matching the DNS query's question, you should not check the CNAME.

Additionally to implementing this in AdGuard Home, we should do the following:

  1. Update the dnsproxy's mobile API
  2. Update AdGuard DNS to do this as well
  3. File a feature request to github.com/AdguardTeam/DnsLibs
@ameshkov ameshkov added this to the v0.100 milestone Nov 20, 2019
@ameshkov ameshkov modified the milestones: v0.100, v0.101 Nov 20, 2019
@szolin szolin mentioned this issue Nov 21, 2019
Closed
@hoshsadiq
Copy link

Just in case the following is overlooked.. It would be good if this goes through the whole CNAME chain. I.e.

ad.firstparty.com cname unblocked.company2.com
unblocked.company2.com cname blocked.adcompany.com
blocked.adcompany.com

This request should be blocked if either unblocked.company2.com or blocked.adcompany.com is blocked.

@ameshkov
Copy link
Member Author

@hoshsadiq all CNAME records in the chain will be present in the recursor's response so this is not a problem:

$ nslookup test2.meshkov.info
Server:		2001:db8:7c02:1::1
Address:	2001:db8:7c02:1::1#53

Non-authoritative answer:
test2.meshkov.info	canonical name = test1.meshkov.info.
test1.meshkov.info	canonical name = example.org.
Name:	example.org
Address: 93.184.216.34

@hoshsadiq
Copy link

Aah! Perfect!

@ameshkov ameshkov mentioned this issue Nov 26, 2019
Closed
@adguard adguard closed this as completed in 07a9c3b Dec 3, 2019
@hoshsadiq hoshsadiq mentioned this issue Feb 24, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IldarKamalov IldarKamalov

@szolin szolin

Labels
enhancement P3: Medium
Projects
None yet
Milestone
v0.100
Development

No branches or pull requests
4 participants
@hoshsadiq @IldarKamalov @ameshkov @szolin