miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cloak plugin: reject uncloaked records, except NS & SOA 

Fixes #2220
This commit is contained in:
Frank Denis 2023-02-02 19:59:00 +01:00
parent 5f88a9146c
commit 9e208e6090
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dnscrypt-proxy/plugin_cloak.go
View File

@ -138,6 +138,10 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error
question := msg.Question[0]
if question.Qclass != dns.ClassINET ||
(question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR) {
if question.Qclass != dns.ClassINET || (question.Qtype != dns.TypeNS || question.Qtype == dns.TypeSOA) {
pluginsState.action = PluginsActionReject
pluginsState.returnCode = PluginsReturnCodeCloak
}
return nil
}
now := time.Now()