-
-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
block domain rules being marked/highlighted as allowed in DNS log? #1022
Comments
We are aware of and have fixed the 2nd case in |
ah ok, dont know how to categorize this issue. |
sometimes, the base64 blockstamp actually represents blocklists themselves (when summaries are populated from caches or the alg transport), and in those cases, fallback onto local blocklists to see if the answer must be blocked, that is, IPs set to 0.0.0.0 or :: as the incoming answer might be a resolved answer (that is, not 0.0.0.0 or ::). This answer when sent to the client, results in a TCP/UDP connection to IPs in the resolved answer. The firewall must then decide (depending on presence of blocklists against that domain) whether to allow / block the request. In cases where TCP/UDP firewall must decide whether to block a domain or not, for example when a domain is trusted by one or two apps but blocked globally, this "may be blocked [by the firewall]" behaviour is fine. In other cases, it is more efficient to simply block at the DNS layer with 0.0.0.0 or :: Falling back onto local blocklists helps mitigate cases where the base64 blockstamp is set but is invalid AND the resolved answer is also left unmodified by whoever sent the blockstamp (usually, caches), resulting in an undesirable and avoidable "may be blocked [by the firewall]" behaviour.
it's fixed now thanks. I was waiting for f-droid vers to be updated but reinstalled with github vers instead. |
Thanks for the update. Closing this as fixed. |
Setting custom blocked domain rules, it still being marked/highlighted as allowed in DNS log. If I tap on the DNS domain log, its says resolved, but drop down option shows its Block, instead of No Rule or Trust.
Is this normal?
I dont know if this is related, but custom blocked domain rules is for system app.
I dont know if someone already brought this up or this is already known. And sorry if its confusing
The text was updated successfully, but these errors were encountered: