Adguardhome: Match CNAME records against the blocklists
Check out the original issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/780
Here's what we should do:
- Match CNAME records against the blocklists
- Indicate in the query log that the response was blocked by matching a CNAME. It'd be ideal if we print the original response there as well.
- Please note, that if there's an exception rule matching the DNS query's question, you should not check the CNAME.
Additionally to implementing this in AdGuard Home, we should do the following:
- [x] Update the
dnsproxy's mobile API - [x] Update AdGuard DNS to do this as well
- [x] File a feature request to github.com/AdguardTeam/DnsLibs
ameshkov
👍3
❤2
All 3 comments
Just in case the following is overlooked.. It would be good if this goes through the whole CNAME chain. I.e.
ad.firstparty.com cname unblocked.company2.com
unblocked.company2.com cname blocked.adcompany.com
blocked.adcompany.com
This request should be blocked if either unblocked.company2.com or blocked.adcompany.com is blocked.
hoshsadiq
on 22 Nov 2019
❤1
@hoshsadiq all CNAME records in the chain will be present in the recursor's response so this is not a problem:
$ nslookup test2.meshkov.info
Server: 2001:db8:7c02:1::1
Address: 2001:db8:7c02:1::1#53
Non-authoritative answer:
test2.meshkov.info canonical name = test1.meshkov.info.
test1.meshkov.info canonical name = example.org.
Name: example.org
Address: 93.184.216.34
👍2
Aah! Perfect!
hoshsadiq
on 22 Nov 2019
❤1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ghost
·
4Comments
ameshkov
·
3Comments
yanniedog
·
3Comments
ammnt
·
3Comments
s-timm
·
4Comments
Most helpful comment
@hoshsadiq all CNAME records in the chain will be present in the recursor's response so this is not a problem: