Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocking ISSUES & Two Requests #7

Closed
iWARR opened this issue Jan 18, 2018 · 6 comments
Closed

Blocking ISSUES & Two Requests #7

iWARR opened this issue Jan 18, 2018 · 6 comments
Labels
windows

Comments

@iWARR
Copy link

iWARR commented Jan 18, 2018
edited

Very strange behaviour compared to the DNSCrypt v1.9.5 (same blocking list)

Legend:

[blacklist]
blacklist_file = 'C:\Program Files\dnscrypt-proxy\block\Blacklisted-Domains.txt'
log_file = 'C:\Program Files\dnscrypt-proxy\log\Restricted.log'

[query_log]
file = 'C:\Program Files\dnscrypt-proxy\log\DNS.log'
  1. Blocking works only for the first entry from the list of "Blacklisted-Domains.txt". Seems like all other entries (one per line) doesn't work. All the same outputs in the "Restricted.log" :

tsg format:

[2018-01-18 23:04:03]	127.0.0.1		*my-some-rule-1*
[2018-01-18 23:04:03]	127.0.0.1		*my-some-rule-1*
[2018-01-18 23:04:03]	127.0.0.1		*my-some-rule-1*
[2018-01-18 23:04:03]	127.0.0.1		*my-some-rule-1*
...

ltsv format:

time:1516309968	host:127.0.0.1	qname:	message:*my-some-rule-1*
time:1516309968	host:127.0.0.1	qname:	message:*my-some-rule-1*
time:1516309968	host:127.0.0.1	qname:	message:*my-some-rule-1*
time:1516309968	host:127.0.0.1	qname:	message:*my-some-rule-1*
...

• All the same, only my first rule works, nothing more
• Missed any info about domain names
• What wrong with time in the ltsv format?

  1. Very strange, weird DNSKEY outputs in the "DNS.log". For Example:

tsg format:

[2018-01-18 23:04:03]	127.0.0.1	github.com	A
...
[2018-01-18 23:04:03]	127.0.0.1		DNSKEY
[2018-01-18 23:04:03]	127.0.0.1		DNSKEY
[2018-01-18 23:04:03]	127.0.0.1		DNSKEY
[2018-01-18 23:04:03]	127.0.0.1		DNSKEY
...

ltsv format:

time:1516309755	host:127.0.0.1	message:www.google.com	type:A
...
time:1516309755	host:127.0.0.1	message:	type:DNSKEY
time:1516309755	host:127.0.0.1	message:	type:DNSKEY
time:1516309755	host:127.0.0.1	message:	type:DNSKEY
time:1516309755	host:127.0.0.1	message:	type:DNSKEY
...

• What are DNSKEY enties? Never seen them before...
• What's wrong with time: in the ltsv format?

  1. Remember our talking about heavy multiple inputs in the DNS.log ?

Dear author

Can you add an option to skip Logs output for selective blocking entries? For example:

example1.com
- SkipLog: example2.com (per 100+ entries at once)
example3.com

Logs for "example2.com" will not be present in the DNS.log , but in the "Restricted.log" only.
(Per 100+ same unstoppable entries in "DNS.log" at once, so many garbage, hard to troubleshoot other entries, heavy Log-files, my eyes can't searching quickly and effectivly to shoot the new suspicious links)

About "example2.com" : I'm sure and I'm remember, that this domain will be blocked, and I don't wanna see his multiple entries in my "DNS.log" at all (Leave it in the "Restricted.log" only).
M-m-m... Hope, you understand, what I mean... My liveable English is in my future forever :(

Would implementing this feature with "GO" programming will look a bit easier?
Just asking... No pressure :)

  1. Can you implement Logs auto-cleaning in the *.toml after some defined time, in hours? For example, 24h? Good software often have features like this, as well. Would be nice and useful.

Thanks!
@iWARR iWARR changed the title Blocking ISSUES & One Request Blocking ISSUES & Two Requests Jan 18, 2018
@ghost
Copy link

ghost commented Jan 19, 2018

Which beta/alpha version are you using? Not having this problem on Linux.

@jedisct1
Copy link
Member

Could you open one ticket per issue? That would be way easier to track.

DNSKEY is a record used to verify DNSSEC signatures. It's normal to see it if your clients support DNSSEC.
Maybe it did show up as a number instead of a name in the 1.x version. Or maybe it didn't work.

@jedisct1
Copy link
Member

[empty domain names with DNSKEY queries]

Do you have a DNS cache between your clients and dnscrypt-proxy? Something like Unbound or dnsmasq?

What shows up as empty are queries for the root zone ("."). There's no domain name. Your caching resolver is trying to bubble up the DNS hierarchy to validate DNSSEC signatures, starting from the root.
So, this is a cosmetic issue. It should display a "." instead of something empty.

@jedisct1
Copy link
Member

What wrong with time in the ltsv format?

Can you clarify what is wrong?

1516309968 corresponds to 2018-01-18 21:12:48 which doesn't look off.

This is a Unix timestamp. LTSV structured files are designed to be parsed by scripts, or by log processing applications.

@jedisct1
Copy link
Member

Log management... after 2.0.0 is released.

@jedisct1
Copy link
Member

I added a logged_qtypes filter, that you can use to choose what query types you want to see logged.

So you can log only A records if you want, and not see DNSKEY, NS and other records if you consider this is too verbose.

@iWARR iWARR mentioned this issue Jan 20, 2018
Closed
@DNSCrypt DNSCrypt locked and limited conversation to collaborators Mar 28, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jedisct1 @iWARR