Trim unneeded entries

jedisct1 · jedisct1 · commit c4879a21f7f6 · 2025-01-10T12:10:20.000+01:00
These servers never supported the DNSCrypt v2 protocol, and have
been a pain to maintain compatibility with. But the main issue
is that in some countries, they are now lying resolvers, *except*
for the certificate.

That makes it difficult to reliably detect that they are lying
resolvers. From a user perspective in these countries, it appears
that DNS queries randomly fail, when they are hitting these servers.

I tried to think of different ways to detect this, but couldn't
find anything satisfactory.

Maybe if they properly implement the DNSCrypt protocol some day,
they will take it as an opportunity to also fix that bug, and
return consistent error codes, even for the certificates.
diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go
@@ -154,7 +154,6 @@ func newConfig() Config {
 		BlockedQueryResponse:     "hinfo",
 		BrokenImplementations: BrokenImplementationsConfig{
 			FragmentsBlocked: []string{
-				"cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6",
 				"cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6",
 			},
 		},
diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@@ -774,18 +774,14 @@ format = 'tsv'
 
 [broken_implementations]
 
-## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
-## truncate responses larger than questions as expected by the DNSCrypt protocol.
-## This prevents large responses from being received over UDP and over relays.
-##
 ## Older versions of the `dnsdist` server software had a bug with queries larger
 ## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
 ## some server may still run an outdated version.
 ##
 ## The list below enables workarounds to make non-relayed usage more reliable
 ## until the servers are fixed.
 
-fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cisco-sandbox', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
+fragments_blocked = ['cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
 
 
 
