Workaround for ODoH relays not properly forwarding the status code

Some ODoH relays return a 200 status code even when the upstream server returns something different. This is an issue after a key update, where a 401 code is expected. Handle empty responses with a 200 status code as a response with a 401 code as a workaround until these relays are fixed.
2021-07-31 12:54:23 +02:00 · 2021-07-31 12:54:23 +02:00 · 026c42424f
parent cedd4f3b54
commit 026c42424f
1 changed files with 5 additions and 1 deletions
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -702,7 +702,10 @@ func (proxy *Proxy) processIncomingQuery(clientProto string, serverProto string,
 						dlog.Warnf("Failed to decrypt response from [%v]", serverName)
 						response = nil
 					}
-				} else if responseCode == 401 {
+				} else if responseCode == 401 || (responseCode == 200 && len(responseBody) == 0) {
+					if responseCode == 200 {
+						dlog.Warnf("ODoH relay for [%v] is buggy and returns a 200 status code instead of 401 after a key update", serverInfo.Name)
+					}
 					dlog.Infof("Forcing key update for [%v]", serverInfo.Name)
 					for _, registeredServer := range proxy.serversInfo.registeredServers {
 						if registeredServer.name == serverInfo.Name {
@ -710,6 +713,7 @@ func (proxy *Proxy) processIncomingQuery(clientProto string, serverProto string,
 								// Failed to refresh the proxy server information.
 								dlog.Noticef("Key update failed for [%v]", serverName)
 								serverInfo.noticeFailure(proxy)
+								clocksmith.Sleep(10 * time.Second)
 							}
 							break
 						}