drill -p 5353 stats.pandora.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26782
;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; stats.pandora.com. IN A
;; ANSWER SECTION:
stats.pandora.com. 1 IN HINFO "This query has been locally blocked" "by dnscrypt-proxy"
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; EDNS: version 0; flags: ; udp: 4048
;; SERVER: 127.0.0.1
;; WHEN: Fri Jul 16 10:01:17 2021
;; MSG SIZE rcvd: 112
/sbin/dnscrypt-proxy -version
2.0.46-beta3
/sbin/dnscrypt-proxy -check -config /etc/dnscrypt-proxy.toml
[2021-07-16 09:55:16] [NOTICE] dnscrypt-proxy 2.0.46-beta3
[2021-07-16 09:55:16] [NOTICE] Source [relays] loaded
[2021-07-16 09:55:16] [NOTICE] Source [public-resolvers] loaded
[2021-07-16 09:55:16] [NOTICE] Configuration successfully checked
/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy.toml -resolve stats.pandora.com
Resolving [stats.pandora.com] using 127.0.0.1 port 5353
Resolver : 155.138.130.135 (dns.nextdns.io.)
Lying : no
DNSSEC : yes, the resolver supports DNSSEC
Canonical name: stats.pandora.com.
IPv4 addresses: -
IPv6 addresses: -
Name servers : no name servers found
DNSSEC signed : no
Mail servers : no mail servers found
HTTPS alias : -
HTTPS info : -
Host info : This query has been locally blocked by dnscrypt-proxy
TXT records : -
grep reject_ttl /etc/dnscrypt-proxy.toml
reject_ttl = 600
grep blocked_query_response /etc/dnscrypt-proxy.toml
blocked_query_response = 'refused'
If I enable refused..
/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy.toml -resolve stats.pandora.com
Resolving [stats.pandora.com] using 127.0.0.1 port 5353
Resolver : 155.138.130.135 (dns.nextdns.io.)
Lying : no
DNSSEC : yes, the resolver supports DNSSEC
Canonical name: stats.pandora.com.
IPv4 addresses: -
IPv6 addresses: -
Name servers : server returned REFUSEDDNSSEC signed : no
Mail servers : no mail servers found
HTTPS alias : -
HTTPS info : -
Host info : -
TXT records : -
drill -p 5353 stats.pandora.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 33743
;; flags: qr ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; stats.pandora.com. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; EDNS: version 0; flags: ; udp: 4048
;; SERVER: 127.0.0.1
;; WHEN: Fri Jul 16 10:00:39 2021
;; MSG SIZE rcvd: 46
plugins.go defines rejectTTL and uses proxy.rejectTTL but config.go defines RejectTTL but proxy.go uses rejectTTL
I am thinking that reject_ttl (defined in the config) should give me a 600 second TTL on blocked domains but I appear to only be getting 1 second of ttl..
As always, thanks in advance.
drill -p 5353 stats.pandora.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26782
;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; stats.pandora.com. IN A
;; ANSWER SECTION:
stats.pandora.com. 1 IN HINFO "This query has been locally blocked" "by dnscrypt-proxy"
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; EDNS: version 0; flags: ; udp: 4048
;; SERVER: 127.0.0.1
;; WHEN: Fri Jul 16 10:01:17 2021
;; MSG SIZE rcvd: 112
/sbin/dnscrypt-proxy -version
2.0.46-beta3
/sbin/dnscrypt-proxy -check -config /etc/dnscrypt-proxy.toml
[2021-07-16 09:55:16] [NOTICE] dnscrypt-proxy 2.0.46-beta3
[2021-07-16 09:55:16] [NOTICE] Source [relays] loaded
[2021-07-16 09:55:16] [NOTICE] Source [public-resolvers] loaded
[2021-07-16 09:55:16] [NOTICE] Configuration successfully checked
/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy.toml -resolve stats.pandora.com
Resolving [stats.pandora.com] using 127.0.0.1 port 5353
Resolver : 155.138.130.135 (dns.nextdns.io.)
Lying : no
DNSSEC : yes, the resolver supports DNSSEC
Canonical name: stats.pandora.com.
IPv4 addresses: -
IPv6 addresses: -
Name servers : no name servers found
DNSSEC signed : no
Mail servers : no mail servers found
HTTPS alias : -
HTTPS info : -
Host info : This query has been locally blocked by dnscrypt-proxy
TXT records : -
grep reject_ttl /etc/dnscrypt-proxy.toml
reject_ttl = 600
grep blocked_query_response /etc/dnscrypt-proxy.toml
blocked_query_response = 'refused'
If I enable refused..
/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy.toml -resolve stats.pandora.com
Resolving [stats.pandora.com] using 127.0.0.1 port 5353
Resolver : 155.138.130.135 (dns.nextdns.io.)
Lying : no
DNSSEC : yes, the resolver supports DNSSEC
Canonical name: stats.pandora.com.
IPv4 addresses: -
IPv6 addresses: -
Name servers : server returned REFUSEDDNSSEC signed : no
Mail servers : no mail servers found
HTTPS alias : -
HTTPS info : -
Host info : -
TXT records : -
drill -p 5353 stats.pandora.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 33743
;; flags: qr ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; stats.pandora.com. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; EDNS: version 0; flags: ; udp: 4048
;; SERVER: 127.0.0.1
;; WHEN: Fri Jul 16 10:00:39 2021
;; MSG SIZE rcvd: 46
plugins.go defines rejectTTL and uses proxy.rejectTTL but config.go defines RejectTTL but proxy.go uses rejectTTL
I am thinking that reject_ttl (defined in the config) should give me a 600 second TTL on blocked domains but I appear to only be getting 1 second of ttl..
As always, thanks in advance.