NxFilter not responding to "NAPTR" request types

68 views
Skip to first unread message

DreDay

unread,
Apr 14, 2020, 8:36:17 PM4/14/20
to nxfil...@googlegroups.com
NxFilter is not responding correctly to "NAPTR" queries.

=====================Query to NxFilter Node=====================
user@nxslave1:~$ dig @192.xxx.xxx.11 -t naptr us.tmobile.rcs.telephony.goog

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.xxx.xxx.11 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17032
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 802583315e6575cb (echoed)
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 103 IN   A       216.239.36.131

;; Query time: 53 msec
;; SERVER: 192.xxx.xxx.11#53(192.xxx.xxx.11)
;; WHEN: Tue Apr 14 20:21:53 EDT 2020
;; MSG SIZE  rcvd: 86


=====================Query to Google=====================
user@nxslave1:~$ dig @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46269
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 173 IN   NAPTR   100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.

;; Query time: 23 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 14 20:29:11 EDT

=====================Query to Cloud Flare=====================
user@nxslave1:~$ dig @1.1.1.1 -t naptr us.tmobile.rcs.telephony.goog

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @1.1.1.1 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 154 IN   NAPTR   100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.

;; Query time: 27 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Apr 14 20:26:57 EDT 2020
;; MSG SIZE  rcvd: 157

Jahastech

unread,
Apr 14, 2020, 8:45:09 PM4/14/20
to NxFilter
This is the result from mine,

; <<>> DiG 9.15.6 <<>> @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61440

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 299 IN   NAPTR   100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.

Jahastech

unread,
Apr 14, 2020, 8:46:09 PM4/14/20
to NxFilter
What's 216.239.36.131? Do you know anything about this IP?

DreDay

unread,
Apr 14, 2020, 8:54:21 PM4/14/20
to NxFilter
The IP is operated by Google. The provider of the service.

Jahastech

unread,
Apr 14, 2020, 8:57:53 PM4/14/20
to NxFilter
If you didn't set the IP somewhere then it's the response from NxFilter gets from its upstream server. What's your upstream server? Mine is 8.8.8.8 and as you see I get the same as your correct one.

DreDay

unread,
Apr 14, 2020, 9:13:54 PM4/14/20
to NxFilter
My upstreams are 1.1.1.1, 8.8.8.8 and 1.0.0.1

But based on your test I noticed that your didn't have the cookie option included.

So I disabled "DNS OVER HTTPS" and it worked. So with "DNS OVER HTTPS" enabled it only returns an A record answer.

Jahastech

unread,
Apr 14, 2020, 10:15:43 PM4/14/20
to NxFilter
OK. We will see if we can fix the problem.

DreDay

unread,
Apr 14, 2020, 11:36:33 PM4/14/20
to NxFilter
Awesome, thanks.

Jahastech

unread,
Apr 15, 2020, 1:15:22 AM4/15/20
to NxFilter
Do you have more examples for naptr queries? Yours doesn't have regex. I want to see if there are other cases for missing parts.

DreDay

unread,
Apr 19, 2020, 12:48:20 AM4/19/20
to NxFilter
Sorry for the delayed response. No, I do not currently have any other examples. I checked back through my logs and this was the only example I found.

Jahastech

unread,
Apr 19, 2020, 8:37:32 PM4/19/20
to NxFilter
OK. We can try to fix it anyway.

Jahastech

unread,
Apr 23, 2020, 12:29:29 AM4/23/20
to NxFilter
It's fixed with v4.3.6.3. However, your first result having 216.239.36.131 was the response from Cloudflare server. If you use Google server for DoH, you will get the correct answer but with Cloudflare server, you get the wrong one anyway.

DreDay

unread,
Apr 24, 2020, 11:50:58 PM4/24/20
to NxFilter
I just tested before updating using Google DoH and it also has an issue. It does not give an answer records.

I held off updating incase you want any logs or screenshot otherwise I will proceed with the update and let you know if it works.

Jahastech

unread,
Apr 24, 2020, 11:57:41 PM4/24/20
to NxFilter
OK. We will look into it.

Jahastech

unread,
Apr 25, 2020, 12:20:26 AM4/25/20
to NxFilter
Not so sure about what happens. I get this from 8.8.8.8,

------------------------------------------------------------------------------
; <<>> DiG 9.15.6 <<>> @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog

; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Jahastech

unread,
Apr 25, 2020, 12:34:55 AM4/25/20
to NxFilter
Sorry, that was my firewall problem. I tried DoH with Google DNS from my NxFilter,

-------------------------------------------------------------------------------------

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47518

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fe03277b85e2ca2f (echoed)

;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 299 IN   NAPTR   100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.

;; Query time: 81 msec
;; SERVER: 192.168.0.104#53(192.168.0.104)
-------------------------------------------------------------------------------------

Don't know why you get nothing. Try to enable debugging and see if there's any error.

DreDay

unread,
May 2, 2020, 11:44:27 PM5/2/20
to NxFilter
QUERY:

dig @192.xxx.xxx.12 -t naptr us.tmobile.rcs.telephony.goog


; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.xxx.xxx.12 -t naptr us.tmobile.rcs.telephony.goog

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8352

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: e1aa8f3c95690131 (echoed)

;; QUESTION SECTION:

;us.tmobile.rcs.telephony.goog. IN NAPTR


;; Query time: 240 msec

;; SERVER: 192.xxx.xxx.12#53(192.xxx.xxx.12)

;; WHEN: Sat May 02 23:26:30 EDT 2020

;; MSG SIZE  rcvd: 70


DEBUG:

DEBUG [05-02 23:26:29] - RHr, RH #6, us.tmobile.rcs.telephony.goog, rqSize= 0, rDc = 1, rTtl = 0, rType = 35, cltIp = 192.xxx.xxx.11.

DEBUG [05-02 23:26:29] - NTpL, /FU 192.xxx.xxx.11

DEBUG [05-02 23:26:29] - NTrL, home

DEBUG [05-02 23:26:29] - LiOI, 192.xxx.xxx.11  added into ipMap, size = 6

DEBUG [05-02 23:26:29] - HttpsLookup.run, url = https://dns.google/resolve?name=us.tmobile.rcs.telephony.goog&type=35

DEBUG [05-02 23:26:30] - HttpsLookup.run, text = {"Status": 0,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "us.tmobile.rcs.telephony.goog.","type": 35}],"Answer":[ {"name": "us.tmobile.rcs.telephony.goog.","type": 35,"TTL": 191,"data": "100 100 s SIPS+D2T  _sips._tcp.us.tmobile.rcs.telephony.goog."}]}

ERROR [05-02 23:26:30] - HttpsLookup.JsonToRecord, org.xbill.DNS.Tokenizer$TokenizerException: <none>:1: expected a name

 INFO [05-02 23:26:31] - ClusterSync.run, Data sync done for 0 domains.

DEBUG [05-02 23:26:34] - NTpL, /GND

DEBUG [05-02 23:26:34] - NTpL, /GND

DEBUG [05-02 23:26:34] - NTpL, /GND

DEBUG [05-02 23:26:34] - NTpL, /GND

DEBUG [05-02 23:26:34] - NTpL, /AL 0|us.tmobile.rcs.telephony.goog|192.xxx.xxx.11|home|Default|Unclassified|anon-grp|0|35||

DreDay

unread,
May 3, 2020, 12:40:31 AM5/3/20
to NxFilter
I also noticed there appears to be a "system block" for Google's DNS service. I verified I have no blocks for it configured in the system via Whitelist:Domain, Keyword or Common Bypass. Even with filtering disabled in policy it still gets blocked.

QUERY:
dig @192.xxx.xxx.12 dns.google

; <<>> DiG 9.8.3-P1 <<>> @192.xxx.xxx.12 dns.google
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32155
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dns.google. IN A

;; ANSWER SECTION:
dns.google. 0 IN A 192.xxx.xxx.10

;; Query time: 414 msec
;; SERVER: 192.xxx.xxx.12#53(192.xxx.xxx.12)
;; WHEN: Sun May  3 00:29:31 2020
;; MSG SIZE  rcvd: 44

DEBUG:
DEBUG [05-03 00:29:30] - RHr, RH #4, dns.google, rqSize= 0, rDc = 1, rTtl = 0, rType = 1, cltIp = 192.xxx.xxx.119.
 INFO [05-03 00:29:30] - RHr, System block domain found, 192.xxx.xxx.119, dns.google.

Jahastech

unread,
May 3, 2020, 2:14:39 AM5/3/20
to NxFilter
We block some DoH servers intenally.

Jahastech

unread,
May 3, 2020, 2:15:32 AM5/3/20
to NxFilter
Are you sure that you use the latest version? I get this from mine,

; <<>> DiG 9.15.6 <<>> @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8050
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN      NAPTR

;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 299 IN   NAPTR   100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.

DreDay

unread,
May 3, 2020, 10:32:03 AM5/3/20
to nxfil...@googlegroups.com
Okay, understood on DoH blocking.

No, I am not running the latest version. I am still running 4.3.6.2 to test Google DoH since you said it worked for you before the fix in the latest version.

DreDay

unread,
May 7, 2020, 9:13:47 PM5/7/20
to NxFilter
Should I go ahead and update to the latest and report back?

Jahastech

unread,
May 7, 2020, 9:16:58 PM5/7/20
to NxFilter
Did you not reat this message on April 23?

-------------------------------------------------------------
It's fixed with v4.3.6.3. However, your first result having 216.239.36.131 was the response from Cloudflare server. If you use Google server for DoH, you will get the correct answer but with Cloudflare server, you get the wrong one anyway.
-------------------------------------------------------------

Yes. You have to update it. At the moment, the latest one is v4.3.6.4.

DreDay

unread,
May 7, 2020, 11:08:03 PM5/7/20
to nxfil...@googlegroups.com
I did read it. I think I just misunderstood what you were saying. 

I thought you were saying that Google DoH was working before the fix and only Cloudflare had an issue. That was the reason for my response on the 24th.
I just tested before updating using Google DoH and it also has an issue. It does not give an answer records.
I held off updating incase you want any logs or screenshot otherwise I will proceed with the update and let you know if it works.

I have updated and can confirm that Google DoH works now but Cloudflare is still broken and only returns an IP. 

Jahastech

unread,
May 8, 2020, 1:47:36 AM5/8/20
to NxFilter
Yeah, that's the response from Cloudflare as it is. They may not support NAPTR queries.
Reply all
Reply to author
Forward
0 new messages