From 551ddcf19977334918f90ee16cd8b6b60cf49b3d Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 20 Oct 2019 19:11:54 +0200
Subject: [PATCH] Improve logging

---
 dnscrypt-proxy/dnscrypt_certs.go | 9 ++++++---
 dnscrypt-proxy/serversInfo.go    | 7 +++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/dnscrypt-proxy/dnscrypt_certs.go b/dnscrypt-proxy/dnscrypt_certs.go
index 4d1228c0..4a65f42b 100644
--- a/dnscrypt-proxy/dnscrypt_certs.go
+++ b/dnscrypt-proxy/dnscrypt_certs.go
@@ -33,7 +33,7 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk
 	}
 	query := new(dns.Msg)
 	query.SetQuestion(providerName, dns.TypeTXT)
-	in, rtt, err := dnsExchange(proxy, proto, query, serverAddress, relayUDPAddr, relayTCPAddr)
+	in, rtt, err := dnsExchange(proxy, proto, query, serverAddress, relayUDPAddr, relayTCPAddr, serverName)
 	if err != nil {
 		dlog.Noticef("[%s] TIMEOUT", *serverName)
 		return CertInfo{}, 0, err
@@ -179,11 +179,14 @@ func packTxtString(s string) ([]byte, error) {
 	return msg, nil
 }
 
-func dnsExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress string, relayUDPAddr *net.UDPAddr, relayTCPAddr *net.TCPAddr) (*dns.Msg, time.Duration, error) {
+func dnsExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress string, relayUDPAddr *net.UDPAddr, relayTCPAddr *net.TCPAddr, serverName *string) (*dns.Msg, time.Duration, error) {
 	response, ttl, err := _dnsExchange(proxy, proto, query, serverAddress, relayUDPAddr, relayTCPAddr)
 	if err != nil && relayUDPAddr != nil {
-		dlog.Warnf("Unable to get a certificate via relay [%v], retrying over a direct connection", relayUDPAddr.IP)
+		dlog.Debugf("Unable to get a certificate for [%v] via relay [%v], retrying over a direct connection", *serverName, relayUDPAddr.IP)
 		response, ttl, err = _dnsExchange(proxy, proto, query, serverAddress, nil, nil)
+		if err == nil {
+			dlog.Infof("Direct certificate retrieval for [%v] succeeded", *serverName)
+		}
 	}
 	return response, ttl, err
 }
diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
index 3e8c3143..8bcd4161 100644
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@@ -225,7 +225,10 @@ func fetchServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew
 	return ServerInfo{}, errors.New("Unsupported protocol")
 }
 
-func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
+func route(proxy *Proxy, name string, stamp *stamps.ServerStamp) (*net.UDPAddr, *net.TCPAddr, error) {
+	if !strings.HasPrefix(stamp.ProviderName, "2.dnscrypt-cert.") {
+		return nil, nil, fmt.Errorf("[%v] uses a non-standard provider name - anonymized DNS will not work with this server", name)
+	}
 	routes := proxy.routes
 	if routes == nil {
 		return nil, nil, nil
@@ -293,7 +296,7 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 		dlog.Warnf("Public key [%s] shouldn't be hex-encoded any more", string(stamp.ServerPk))
 		stamp.ServerPk = serverPk
 	}
-	relayUDPAddr, relayTCPAddr, err := route(proxy, name)
+	relayUDPAddr, relayTCPAddr, err := route(proxy, name, &stamp)
 	if err != nil {
 		return ServerInfo{}, err
 	}