[Wireshark-bugs] [Bug 14456] Wrong interpretation related to the most specific dissector regarding DNS traffic encrypted by DNScrypt.

Sat, 24 Feb 2018 13:37:05 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14456

--- Comment #3 from ricky.t...@gmail.com ---
Created attachment 16163
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16163&action=edit
cases 1 2 – Traffic encrypted by DNScrypt

In Fedora distribution of Linux, file
/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv, contains Tier 2 DNS resolvers
that support DNScrypt; Among them a few do not keep logs (are supposed to do as
advertised) and are and DNSSEC enabled. Opennic infrastructure has at best Tier
2 DNS resolvers with support for DNScrypt and do not keep logs.

For the test purpose I choosed resolver named dnscrypt.eu-dk, whose server
specifications are in .csv format:

"dnscrypt.eu-dk,DNSCrypt.eu Denmark,"Free, non-logged, uncensored. Hosted by
Netgroup.",Denmark,,https://dnscrypt.eu,1,yes,yes,no,77.66.84.233,2.dnscrypt-cert.resolver2.dnscrypt.eu,3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955,pubkey.resolver2.dnscrypt.eu";
 

where '1,yes,yes,no' stands respectively for DNScrypt protocol version, DNSSEC
validation, no logs, namecoin; which means that DNScrypt protocol version is 1,
there is support for DNSSEC-validation, there is no logs, and no support for
namecoin.  

In both cases traffic has to be captured from Ethernet interface, which makes
sense since in my DNScrypt configuration the DNScrypt built-in cache service is
used, and therefore capturing from the loopback interface (IPv4 and IPv6
addresses respectively 127.0.0.1 and :1) shoes as expected a non-encrypted DNS
traffic in which traffic does not quit the loopback interface (indeed the
client asks from itself regarding cached DNS entries).

Test-case: Empty both computer's and your favourite web browser caches before
running any captures. For desired results of sample captures, visit only site
page at https://www.dnsleaktest.com/ then click on 'Standard test' button. Run
Wireshark before visiting the page and close the page before ending the
captures.

As noticeable from both captures, Wireshark analyse makes no mention regarding
above mentioned characteristics related to current resolver regardless the
dissector elected as the most specific one for the traffic captured.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to