Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 [CH, DE | DoT] Receiving responses from third-party servers #276

Open
3 tasks done
tplessas opened this issue Nov 28, 2022 · 0 comments
Open
3 tasks done

🐛 [CH, DE | DoT] Receiving responses from third-party servers #276

tplessas opened this issue Nov 28, 2022 · 0 comments
Assignees
@zoonderkins
Labels
help wanted question

Comments

@tplessas
Copy link

Checklist

Describe the issue
Wanna begin by thanking you @ookangzheng for the project.

Recently configured the BlahDNS CH DoT endpoint on my Android phone (using the native Private DNS option in settings). At some point today I visited https://dnscheck.tools to check for any leaks, finding out that according to it some of my DNS requests are resolved by servers not part of the BlahDNS project. The website also says that ECS is in action, which should not be the case according to https://blahdns.com.

After a bit of wallheadbanging I figured that the extra servers are actually Adguard's, as can be seen in the screenshots below. The only somewhat similar issue I could find on here was #129.

I also tested all other locales and found similar issues with DE. To be honest, no other DNS leak testing website such as those on the FAQ showed any leaks (tested only with CH DoT, no other servers), but they do test with a much smaller number of DNS requests compared to dnscheck.tools.

To Reproduce

  1. Use the DE or CH DoT BlahDNS endpoints while physically in Athens, Greece, on your Android phone.
  2. Visit https://dnscheck.tools.

Expected behavior
The results of leak testing should only include BlahDNS servers, as is the case on my computers (Linux/Windows/macOS, all configured with dnscrypt-proxy and using either the DNSCrypt or DoH endpoints. Using the DoH endpoint in the Bromite browser also comes without issues.)

Screenshot 2022-11-29 at 00 49 53

Logs

Starting with Switzerland, first screenshot is testing with dot-ch.blahdns.com, second with dns.adguard-dns.com – notice that IPs are the same (or under the same subnet) in both excluding BlahDNS in the first.

0152ba54c3dd72f232b22ee7ef53feeb154760d9e7a393d0ca771c9faaf7dca4

bdd07b3a66b302d4dfe0835f3646da2273122b182639421975ddcad045f3f609

Using Germany results in a whole lot of responding servers, some using IPs from as far as the US!

622d9eed3abd32aa74f61713d5167772f49022d567657e8a5e7922b5635b4764

b502805366009dbeb9cfdb7924c15f1483470d3c9c600743df0c5dd7c0b6c613

Here's Japan and Singapore, working fine.

363ad7337a4e45dc5dc6826b211a3ad577a6158b5173eed43c9363ccc896d765

e588d9055bfe1ccb607e943072c7246ab38ac00514736bb8e9b01932a893c34c

The Finland IPv6 address looks like it's allocated to someone in Germany, though I doubt it matters much if the server's going down anyway.

aa28ff3974ab9f927c381b77425c078d135731ff0043e1ffcc882519680e5100

Server if applicable):

  • Locale: CH, DE, FI (?)

Client (if applicable):

  • Device: BQ Aquaris X2 Pro
  • OS: Android 10
  • Client: Private DNS (OS)
  • Protocol: DoT

Additional context
Same behaviour both when connecting over my landline WiFi and over the mobile network, so I doubt it's caused by anything in my local network configuration.

I can do more testing if you think it'd be helpful and could provide directions – I guess I'm halfway competent at stuff like this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zoonderkins zoonderkins

Labels
help wanted question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zoonderkins @tplessas