feat(webconnectivitylte): handle ghost DNS censorship #1457
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit modifies webconnectivitylte to handle ghost DNS censorship. We define ghost DNS censorship the case where the original domain does not exist anymore but the censor continues to return an IP address for the original domain nonetheless. We used to have null-null handling for this case in the "orig" engine and a reference issue as ooni/probe#2307. With this commit, we modify the "classic" engine to correctly handle this case. In doing this, we notice that we should probably start departing from strict v0.4 orthodoxy and instead produce better results in the following cases: 1. mark DNS inconsistency when we have successful probe lookups and no IP address has been resolved by the test helper; 2. specific handling on the case in which the website seems down where we also ask ourselves the question of whether the culprit could be the DNS. These two changes are required to handle ghost DNS censorship. Additionally, let's recognize that always setting HTTPExprimentFailure is probably for the greater good anyway, given that we're stopping to be very compatible with v0.4 anyway. Part of ooni/probe#2652.
bassosimone
commented
Jan 22, 2024
bassosimone
commented
Jan 22, 2024
Murphy-OrangeMud
pushed a commit
to Murphy-OrangeMud/probe-cli
that referenced
this pull request
Feb 13, 2024
## Checklist - [x] I have read the [contribution guidelines](https://github.com/ooni/probe-cli/blob/master/CONTRIBUTING.md) - [x] reference issue for this pull request: ooni/probe#2652 - [x] if you changed anything related to how experiments work and you need to reflect these changes in the ooni/spec repository, please link to the related ooni/spec pull request: no need - [x] if you changed code inside an experiment, make sure you bump its version number: already bumped for 3.21.x ## Description This commit modifies webconnectivitylte to handle ghost DNS censorship. We define ghost DNS censorship the case where the original domain does not exist anymore but the censor continues to return an IP address for the original domain nonetheless. We used to have null-null handling for this case in the "orig" engine and a reference issue as ooni/probe#2307. With this commit, we modify the "classic" engine to correctly handle this case. To this end, we need to: 1. mark DNS inconsistency when we have successful probe lookups and no IP address has been resolved by the test helper, which is indeed the case of ghost DNS censorship. 2. specific handling on the case in which the website seems down where we also ask ourselves the question of whether the culprit could be the DNS and otherwise set accessible = false and blocking = false. Note that, with those two changes, we depart from strict v0.4-is-always-right orthodoxy. So, while there, let's recognize that always setting HTTPExprimentFailure is probably for the greater good.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
Description
This commit modifies webconnectivitylte to handle ghost DNS censorship.
We define ghost DNS censorship the case where the original domain does not exist anymore but the censor continues to return an IP address for the original domain nonetheless.
We used to have null-null handling for this case in the "orig" engine and a reference issue as ooni/probe#2307.
With this commit, we modify the "classic" engine to correctly handle this case.
To this end, we need to:
mark DNS inconsistency when we have successful probe lookups and no IP address has been resolved by the test helper, which is indeed the case of ghost DNS censorship.
specific handling on the case in which the website seems down where we also ask ourselves the question of whether the culprit could be the DNS and otherwise set accessible = false and blocking = false.
Note that, with those two changes, we depart from strict v0.4-is-always-right orthodoxy.
So, while there, let's recognize that always setting HTTPExprimentFailure is probably for the greater good.