Discussed in #2215
Originally posted by TonyDC October 7, 2022
I've observed an interesting behaviour when using Google Chrome for cloaked domain names. I use cloaking rules for hardcoding names on my LAN. Whenever a page for a cloaked domain is visited, an additional query for an HTTPS record is triggered.
For example, this is one of the entries in cloaking-rules.txt:
example.foo.bar 192.168.6.3
192.168.6.3 is a machine that exposes a server with Docker using the image assemblyline/ok. When the query logs are checked after visiting the page, the following entries are present:
[2022-10-07 19:42:38] 192.168.6.1 example.foo.bar A CLOAK 0ms -
[2022-10-07 19:42:38] 192.168.6.1 example.foo.bar HTTPS NXDOMAIN 97ms dnscrypt.eu-nl
The resolver will always return NXDOMAIN since the domain does not exist.
Is this an expected behaviour? According to the documentation (https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Cloaking), no queries are send to the DNS resolver. Should the same thing also happen to HTTPS records?
Interestingly enough, if one uses Firefox to visit the same page, it does not perform the lookup for the HTTPS record.
dnscrypt-proxy version: 2.1.2
Google Chrome version: 106.0.5249.103
Firefox version: 105.0.2
Discussed in #2215
Originally posted by TonyDC October 7, 2022
I've observed an interesting behaviour when using Google Chrome for cloaked domain names. I use cloaking rules for hardcoding names on my LAN. Whenever a page for a cloaked domain is visited, an additional query for an HTTPS record is triggered.
For example, this is one of the entries in
cloaking-rules.txt:192.168.6.3is a machine that exposes a server with Docker using the imageassemblyline/ok. When the query logs are checked after visiting the page, the following entries are present:The resolver will always return
NXDOMAINsince the domain does not exist.Is this an expected behaviour? According to the documentation (https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Cloaking), no queries are send to the DNS resolver. Should the same thing also happen to HTTPS records?
Interestingly enough, if one uses Firefox to visit the same page, it does not perform the lookup for the HTTPS record.
dnscrypt-proxy version: 2.1.2
Google Chrome version: 106.0.5249.103
Firefox version: 105.0.2