Strip EDNS0 options in responses

dnscrypt-proxy/dnsutils.go

@@ -209,7 +209,7 @@ func updateTTL(msg *dns.Msg, expiration time.Time) {
 	}
 }
 
-func addPaddingIfNoneFound(packet *[]byte, paddingLen int) *[]byte {
+func addEDNS0PaddingIfNoneFound(packet *[]byte, paddingLen int) *[]byte {
 	msg := dns.Msg{Compress: true}
 	if msg.Unpack(*packet) != nil {
 		return packet
@@ -237,3 +237,12 @@ func addPaddingIfNoneFound(packet *[]byte, paddingLen int) *[]byte {
 	}
 	return &paddedPacket
 }
+
+func removeEDNS0Options(msg *dns.Msg) bool {
+	edns0 := msg.IsEdns0()
+	if edns0 == nil {
+		return false
+	}
+	edns0.Option = []dns.EDNS0{}
+	return true
+}

dnscrypt-proxy/plugins.go

@@ -284,9 +284,6 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 }
 
 func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGlobals, packet []byte, ttl *uint32) ([]byte, error) {
-	if len(*pluginsGlobals.responsePlugins) == 0 && len(*pluginsGlobals.loggingPlugins) == 0 {
-		return packet, nil
-	}
 	msg := dns.Msg{Compress: true}
 	if err := msg.Unpack(packet); err != nil {
 		if len(packet) >= MinDNSPacketSize && HasTCFlag(packet) {
@@ -304,6 +301,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
 	default:
 		pluginsState.returnCode = PluginsReturnCodeResponseError
 	}
+	removeEDNS0Options(&msg)
 	pluginsGlobals.RLock()
 	defer pluginsGlobals.RUnlock()
 	for _, plugin := range *pluginsGlobals.responsePlugins {

dnscrypt-proxy/xtransport.go

@@ -373,7 +373,7 @@ func (xTransport *XTransport) Post(url *url.URL, accept string, contentType stri
 func (xTransport *XTransport) DoHQuery(useGet bool, url *url.URL, body []byte, timeout time.Duration) (*http.Response, time.Duration, error) {
 	padLen := 63 - (len(body)+63)&63
 	dataType := "application/dns-message"
-	paddedBody := addPaddingIfNoneFound(&body, padLen)
+	paddedBody := addEDNS0PaddingIfNoneFound(&body, padLen)
 	if useGet {
 		qs := url.Query()
 		qs.Add("ct", "")