Log the original qName when a CNAME pointer is blocked

dnscrypt-proxy/plugin_block_name.go

@@ -24,11 +24,11 @@ const aliasesLimit = 8
 
 var blockedNames *BlockedNames
 
-func (blockedNames *BlockedNames) check(pluginsState *PluginsState, qName string, indirect bool) (bool, error) {
+func (blockedNames *BlockedNames) check(pluginsState *PluginsState, qName string, aliasFor *string) (bool, error) {
 	qName = strings.ToLower(StripTrailingDot(qName))
 	reject, reason, xweeklyRanges := blockedNames.patternMatcher.Eval(qName)
-	if indirect {
-		reason = reason + " (indirect)"
+	if aliasFor != nil {
+		reason = reason + " (alias for [" + StripTrailingDot(*aliasFor) + "])"
 	}
 	var weeklyRanges *WeeklyRanges
 	if xweeklyRanges != nil {
@@ -148,7 +148,7 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
 	if len(questions) != 1 {
 		return nil
 	}
-	_, err := blockedNames.check(pluginsState, questions[0].Name, false)
+	_, err := blockedNames.check(pluginsState, questions[0].Name, nil)
 	return err
 }
 
@@ -181,6 +181,11 @@ func (plugin *PluginBlockNameResponse) Eval(pluginsState *PluginsState, msg *dns
 	if blockedNames == nil || pluginsState.sessionData["whitelisted"] != nil {
 		return nil
 	}
+	questions := msg.Question
+	if len(questions) != 1 {
+		return nil
+	}
+	aliasFor := questions[0].Name
 	aliasesLeft := aliasesLimit
 	answers := msg.Answer
 	for _, answer := range answers {
@@ -188,7 +193,7 @@ func (plugin *PluginBlockNameResponse) Eval(pluginsState *PluginsState, msg *dns
 		if header.Class != dns.ClassINET || header.Rrtype != dns.TypeCNAME {
 			continue
 		}
-		if blocked, err := blockedNames.check(pluginsState, answer.(*dns.CNAME).Target, true); blocked || err != nil {
+		if blocked, err := blockedNames.check(pluginsState, answer.(*dns.CNAME).Target, &aliasFor); blocked || err != nil {
 			return err
 		}
 		aliasesLeft--