From 6dd22becac486a5abeee6e1ddfd54c6f966f2e3f Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 11 Jan 2025 15:29:49 +0100
Subject: [PATCH] More heuristics to detect valid plain DNS responses

---
 dnscrypt-proxy/serversInfo.go | 38 +++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
index 442000c3f3..5f9161b7d4 100644
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@@ -620,25 +620,29 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 			&name,
 			false,
 		)
-		if err == nil {
-			if msg.Id != 0xcafe {
-				dlog.Infof("[%s] handling of DNS message identifiers is broken", name)
-			}
-			for _, rr := range msg.Answer {
-				if rr.Header().Rrtype == dns.TypeA || rr.Header().Rrtype == dns.TypeAAAA {
-					dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
-					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
+		if err == nil && len(msg.Question) > 0 {
+			question := msg.Question[0]
+			if question.Qtype == query.Question[0].Qtype && strings.EqualFold(question.Name, query.Question[0].Name) {
+				dlog.Debugf("[%s] also serves plaintext DNS", name)
+				if msg.Id != 0xcafe {
+					dlog.Infof("[%s] handling of DNS message identifiers is broken", name)
 				}
-			}
-			for _, rr := range msg.Extra {
-				if rr.Header().Rrtype == dns.TypeTXT {
-					dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
-					txts := rr.(*dns.TXT).Txt
-					cause := ""
-					if len(txts) > 0 {
-						cause = txts[0]
+				for _, rr := range msg.Answer {
+					if rr.Header().Rrtype == dns.TypeA || rr.Header().Rrtype == dns.TypeAAAA {
+						dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
+						return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, rr.String())
+					}
+				}
+				for _, rr := range msg.Extra {
+					if rr.Header().Rrtype == dns.TypeTXT {
+						dlog.Warnf("[%s] may be a dummy resolver -- skipping", name)
+						txts := rr.(*dns.TXT).Txt
+						cause := ""
+						if len(txts) > 0 {
+							cause = txts[0]
+						}
+						return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
 					}
-					return ServerInfo{}, fmt.Errorf("[%s] unexpected record: [%s]", name, cause)
 				}
 			}
 		}