From 25b89e57aed22263504f118f352c514402204aa1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 25 Mar 2020 18:11:16 +0100 Subject: [PATCH] Add Quad9 back to the list of servers with broken padding --- dnscrypt-proxy/config.go | 2 +- dnscrypt-proxy/example-dnscrypt-proxy.toml | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index b1994cb2..5179c2c3 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -134,7 +134,7 @@ func newConfig() Config { LBEstimator: true, BlockedQueryResponse: "hinfo", BrokenImplementations: BrokenImplementationsConfig{ - BrokenQueryPadding: []string{"cisco", "cisco-ipv6", "cisco-familyshield"}, + BrokenQueryPadding: []string{"cisco", "cisco-ipv6", "cisco-familyshield", "quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri"}, }, } } diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index 778de5ce..ec7a4067 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -624,12 +624,14 @@ cache_neg_max_ttl = 600 # Cisco servers currently cannot handle queries larger than 1472 bytes, and don't # truncate reponses larger than questions as expected by the DNSCrypt protocol. -# This prevents large responses from being received, and breaks relaying. +# Quad9 ignores the query instead of sending a truncated response when the +# response is larger than the question. +# This prevents large responses from being received over UDP, and breaks relaying. # A workaround for the first issue will be applied to servers in list below. -# Quad9 appears to be dropping fragmented UDP queries, but only for some networks. +# Relaying cannot be reliable until the servers are fixed. # Do not change that list until the bugs are fixed server-side. -broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield'] +broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri']