DNS response is sent back (and possibly leaked) to the resolver within ICMP error when querying process stops waiting for response #1734
Assignees
Labels
bug
TYPE: a report on something that isn't working
Comments
|
Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:
|
|
Hey @AdamJedl, thanks for your report. It seems that the process stopped waiting for the DNS response, triggering a ICMP error message - including the DNS response - back to the resolver. Unfortunately, there is no immediate fix we can apply here.
|
dhaavi
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened:
I was capturing network traffic in Wireshark with display filter "dns" and saw packets with ICMP protocol that had unencrypted DNS data in them and additional records with the name "inf.portmaster".
It happens only when Windows Defender Firewall is disabled.
It doesn't happen on linux.
This can also be seen on router when doing sshdump capture in Wireshark.
What did you expect to happen?:
That Pormaster send dns queries with DNS over HTTPS and redirect all plain dns queries.
How did you reproduce it?:
download "Top 1000000 domains" from cloudflare https://radar.cloudflare.com/domains
run nslookup on random domains from the list
run wireshark with display filter "dns"
some dns queries are visible in wireshark
example packet:
Frame 291105: 355 bytes on wire (2840 bits), 355 bytes captured (2840 bits) on interface \Device\NPF_{xxxxxxxxxxxxx}, id 0
Ethernet II, Src: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx)
Internet Protocol Version 4, Src: 192.168.x.xxx (192.168.x.xxx), Dst: dns9.quad9.net (9.9.9.9)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0xxxxx [correct]
[Checksum Status: Good]
Unused: 00000000
Internet Protocol Version 4, Src: dns9.quad9.net (9.9.9.9), Dst: 192.168.x.xxx (192.168.x.xxx)
User Datagram Protocol, Src Port: 53, Dst Port: 59904
Source Port: 53
Destination Port: 59904
Length: 293
Checksum: 0xd720 [unverified]
[Checksum Status: Unverified]
[Stream index: 1512]
UDP payload (285 bytes)
Domain Name System (response)
Transaction ID: 0x0002
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 3
Queries
mall.com: type A, class IN
Name: mall.com
[Name Length: 8]
[Label Count: 2]
Type: A (1) (Host Address)
Class: IN (0x0001)
Answers
mall.com: type CNAME, class IN, cname cname.mall.com
Name: mall.com
Type: CNAME (5) (Canonical NAME for an alias)
Class: IN (0x0001)
Time to live: 17 (17 seconds)
Data length: 16
CNAME: cname.mall.com
cname.mall.com: type A, class IN, addr 116.63.177.106
Name: cname.mall.com
Type: A (1) (Host Address)
Class: IN (0x0001)
Time to live: 17 (17 seconds)
Data length: 4
Address: cname.mall.com (116.63.177.106)
Additional records
inf.portmaster: type TXT, class IN
Name: inf.portmaster
Type: TXT (16) (Text strings)
Class: IN (0x0001)
Time to live: 0 (0 seconds)
Data length: 31
TXT Length: 30
TXT: accepted: allowing dns request
inf.portmaster: type TXT, class IN
Name: inf.portmaster
Type: TXT (16) (Text strings)
Class: IN (0x0001)
Time to live: 0 (0 seconds)
Data length: 61
TXT Length: 60
TXT: freshly resolved by Quad9 (https://dns.quad9.net:443#config)
inf.portmaster: type TXT, class IN
Name: inf.portmaster
Type: TXT (16) (Text strings)
Class: IN (0x0001)
Time to live: 0 (0 seconds)
Data length: 23
TXT Length: 22
TXT: record valid for 10m0s
[Unsolicited: True]
Debug Information:
debug_info.txt
debug info is from beta channel but it also happens on stable
The text was updated successfully, but these errors were encountered: