NxFilter not responding to "NAPTR" request types
68 views
Skip to first unread message
DreDay
Apr 14, 2020, 8:36:17 PM4/14/20
to nxfil...@googlegroups.com
NxFilter is not responding correctly to "NAPTR" queries.
=====================Query to NxFilter Node=====================
user@nxslave1:~$ dig @192.xxx.xxx.11 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.xxx.xxx.11 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17032
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 802583315e6575cb (echoed)
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN NAPTR
;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 103 IN A 216.239.36.131
;; Query time: 53 msec
;; SERVER: 192.xxx.xxx.11#53(192.xxx.xxx.11)
;; WHEN: Tue Apr 14 20:21:53 EDT 2020
;; MSG SIZE rcvd: 86
=====================Query to Google=====================
user@nxslave1:~$ dig @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46269
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN NAPTR
;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 173 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
;; Query time: 23 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 14 20:29:11 EDT
=====================Query to Cloud Flare=====================
user@nxslave1:~$ dig @1.1.1.1 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @1.1.1.1 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN NAPTR
;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 154 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
;; Query time: 27 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Apr 14 20:26:57 EDT 2020
;; MSG SIZE rcvd: 157
Jahastech
Apr 14, 2020, 8:45:09 PM4/14/20
to NxFilter
This is the result from mine,
; <<>> DiG 9.15.6 <<>> @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61440
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;us.tmobile.rcs.telephony.goog. IN NAPTR
;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 299 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
Jahastech
Apr 14, 2020, 8:46:09 PM4/14/20
to NxFilter
What's 216.239.36.131? Do you know anything about this IP?
DreDay
Apr 14, 2020, 8:54:21 PM4/14/20
to NxFilter
The IP is operated by Google. The provider of the service.
Jahastech
Apr 14, 2020, 8:57:53 PM4/14/20
to NxFilter
If you didn't set the IP somewhere then it's the response from NxFilter gets from its upstream server. What's your upstream server? Mine is 8.8.8.8 and as you see I get the same as your correct one.
DreDay
Apr 14, 2020, 9:13:54 PM4/14/20
to NxFilter
My upstreams are 1.1.1.1, 8.8.8.8 and 1.0.0.1
But based on your test I noticed that your didn't have the cookie option included.
So I disabled "DNS OVER HTTPS" and it worked. So with "DNS OVER HTTPS" enabled it only returns an A record answer.
Jahastech
Apr 14, 2020, 10:15:43 PM4/14/20
to NxFilter
OK. We will see if we can fix the problem.
DreDay
Apr 14, 2020, 11:36:33 PM4/14/20
to NxFilter
Awesome, thanks.
Jahastech
Apr 15, 2020, 1:15:22 AM4/15/20
to NxFilter
Do you have more examples for naptr queries? Yours doesn't have regex. I want to see if there are other cases for missing parts.
DreDay
Apr 19, 2020, 12:48:20 AM4/19/20
to NxFilter
Sorry for the delayed response. No, I do not currently have any other examples. I checked back through my logs and this was the only example I found.
Jahastech
Apr 19, 2020, 8:37:32 PM4/19/20
to NxFilter
OK. We can try to fix it anyway.
Jahastech
Apr 23, 2020, 12:29:29 AM4/23/20
to NxFilter
It's fixed with v4.3.6.3. However, your first result having 216.239.36.131 was the response from Cloudflare server. If you use Google server for DoH, you will get the correct answer but with Cloudflare server, you get the wrong one anyway.
DreDay
Apr 24, 2020, 11:50:58 PM4/24/20
to NxFilter
I just tested before updating using Google DoH and it also has an issue. It does not give an answer records.
I held off updating incase you want any logs or screenshot otherwise I will proceed with the update and let you know if it works.
Jahastech
Apr 24, 2020, 11:57:41 PM4/24/20
to NxFilter
OK. We will look into it.
Jahastech
Apr 25, 2020, 12:20:26 AM4/25/20
to NxFilter
Not so sure about what happens. I get this from 8.8.8.8,
------------------------------------------------------------------------------
; <<>> DiG 9.15.6 <<>> @8.8.8.8 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Jahastech
Apr 25, 2020, 12:34:55 AM4/25/20
to NxFilter
Sorry, that was my firewall problem. I tried DoH with Google DNS from my NxFilter,
-------------------------------------------------------------------------------------
dig @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.15.6 <<>> @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.15.6 <<>> @192.168.0.104 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47518
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47518
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fe03277b85e2ca2f (echoed)
us.tmobile.rcs.telephony.goog. 299 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
;; Query time: 81 msec
;; SERVER: 192.168.0.104#53(192.168.0.104)
;; Query time: 81 msec
;; SERVER: 192.168.0.104#53(192.168.0.104)
-------------------------------------------------------------------------------------
Don't know why you get nothing. Try to enable debugging and see if there's any error.
DreDay
May 2, 2020, 11:44:27 PM5/2/20
to NxFilter
QUERY:
dig @192.xxx.xxx.12 -t naptr us.tmobile.rcs.telephony.goog
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.xxx.xxx.12 -t naptr us.tmobile.rcs.telephony.goog
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8352
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e1aa8f3c95690131 (echoed)
;; Query time: 240 msec
;; SERVER: 192.xxx.xxx.12#53(192.xxx.xxx.12)
;; WHEN: Sat May 02 23:26:30 EDT 2020
;; MSG SIZE rcvd: 70
DEBUG:
DEBUG [05-02 23:26:29] - RHr, RH #6, us.tmobile.rcs.telephony.goog, rqSize= 0, rDc = 1, rTtl = 0, rType = 35, cltIp = 192.xxx.xxx.11.
DEBUG [05-02 23:26:29] - NTpL, /FU 192.xxx.xxx.11
DEBUG [05-02 23:26:29] - NTrL, home
DEBUG [05-02 23:26:29] - LiOI, 192.xxx.xxx.11 added into ipMap, size = 6
DEBUG [05-02 23:26:29] - HttpsLookup.run, url = https://dns.google/resolve?name=us.tmobile.rcs.telephony.goog&type=35
DEBUG [05-02 23:26:30] - HttpsLookup.run, text = {"Status": 0,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "us.tmobile.rcs.telephony.goog.","type": 35}],"Answer":[ {"name": "us.tmobile.rcs.telephony.goog.","type": 35,"TTL": 191,"data": "100 100 s SIPS+D2T _sips._tcp.us.tmobile.rcs.telephony.goog."}]}
ERROR [05-02 23:26:30] - HttpsLookup.JsonToRecord, org.xbill.DNS.Tokenizer$TokenizerException: <none>:1: expected a name
INFO [05-02 23:26:31] - ClusterSync.run, Data sync done for 0 domains.
DEBUG [05-02 23:26:34] - NTpL, /GND
DEBUG [05-02 23:26:34] - NTpL, /GND
DEBUG [05-02 23:26:34] - NTpL, /GND
DEBUG [05-02 23:26:34] - NTpL, /GND
DEBUG [05-02 23:26:34] - NTpL, /AL 0|us.tmobile.rcs.telephony.goog|192.xxx.xxx.11|home|Default|Unclassified|anon-grp|0|35||
DreDay
May 3, 2020, 12:40:31 AM5/3/20
to NxFilter
I also noticed there appears to be a "system block" for Google's DNS service. I verified I have no blocks for it configured in the system via Whitelist:Domain, Keyword or Common Bypass. Even with filtering disabled in policy it still gets blocked.
QUERY:
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32155
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;; ANSWER SECTION:
;; Query time: 414 msec
;; SERVER: 192.xxx.xxx.12#53(192.xxx.xxx.12)
;; WHEN: Sun May 3 00:29:31 2020
;; MSG SIZE rcvd: 44
DEBUG:
DEBUG [05-03 00:29:30] - RHr, RH #4, dns.google, rqSize= 0, rDc = 1, rTtl = 0, rType = 1, cltIp = 192.xxx.xxx.119.
INFO [05-03 00:29:30] - RHr, System block domain found, 192.xxx.xxx.119, dns.google.
Jahastech
May 3, 2020, 2:14:39 AM5/3/20
to NxFilter
We block some DoH servers intenally.
Jahastech
May 3, 2020, 2:15:32 AM5/3/20
to NxFilter
Are you sure that you use the latest version? I get this from mine,
; (1 server found)
;; global options: +cmd
;; Got answer:
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8050
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; ANSWER SECTION:
us.tmobile.rcs.telephony.goog. 299 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
us.tmobile.rcs.telephony.goog. 299 IN NAPTR 100 100 "s" "SIPS+D2T" "" _sips._tcp.us.tmobile.rcs.telephony.goog.
DreDay
May 3, 2020, 10:32:03 AM5/3/20
to nxfil...@googlegroups.com
Okay, understood on DoH blocking.
No, I am not running the latest version. I am still running 4.3.6.2 to test Google DoH since you said it worked for you before the fix in the latest version.
DreDay
May 7, 2020, 9:13:47 PM5/7/20
to NxFilter
Should I go ahead and update to the latest and report back?
Jahastech
May 7, 2020, 9:16:58 PM5/7/20
to NxFilter
Did you not reat this message on April 23?
-------------------------------------------------------------
It's fixed with v4.3.6.3. However, your first result having
216.239.36.131 was the response from Cloudflare server. If you use
Google server for DoH, you will get the correct answer but with
Cloudflare server, you get the wrong one anyway.
-------------------------------------------------------------
Yes. You have to update it. At the moment, the latest one is v4.3.6.4.
DreDay
May 7, 2020, 11:08:03 PM5/7/20
to nxfil...@googlegroups.com
I did read it. I think I just misunderstood what you were saying.
I thought you were saying that Google DoH was working before the fix and only Cloudflare had an issue. That was the reason for my response on the 24th.
I just tested before updating using Google DoH and it also has an issue. It does not give an answer records.
I held off updating incase you want any logs or screenshot otherwise I will proceed with the update and let you know if it works.
I have updated and can confirm that Google DoH works now but Cloudflare is still broken and only returns an IP.
Jahastech
May 8, 2020, 1:47:36 AM5/8/20
to NxFilter
Yeah, that's the response from Cloudflare as it is. They may not support NAPTR queries.
Reply all
Reply to author
Forward
0 new messages