mirror of
https://github.com/Control-D-Inc/ctrld.git
synced 2026-03-13 10:26:06 +00:00
132 lines
5.2 KiB
PowerShell
132 lines
5.2 KiB
PowerShell
# diag-intercept.ps1 — Windows DNS Intercept Mode Diagnostic
|
|
# Run as Administrator in the same elevated prompt as ctrld
|
|
# Usage: .\diag-intercept.ps1
|
|
|
|
Write-Host "=== CTRLD INTERCEPT MODE DIAGNOSTIC ===" -ForegroundColor Cyan
|
|
Write-Host "Timestamp: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
|
|
Write-Host ""
|
|
|
|
# 1. Check NRPT rules
|
|
Write-Host "--- 1. NRPT Rules ---" -ForegroundColor Yellow
|
|
try {
|
|
$nrptRules = Get-DnsClientNrptRule -ErrorAction Stop
|
|
if ($nrptRules) {
|
|
$nrptRules | Format-Table Namespace, NameServers, DisplayName -AutoSize
|
|
} else {
|
|
Write-Host " NO NRPT RULES FOUND — this is the problem!" -ForegroundColor Red
|
|
}
|
|
} catch {
|
|
Write-Host " Get-DnsClientNrptRule failed: $_" -ForegroundColor Red
|
|
}
|
|
Write-Host ""
|
|
|
|
# 2. Check NRPT registry directly
|
|
Write-Host "--- 2. NRPT Registry ---" -ForegroundColor Yellow
|
|
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig\CtrldCatchAll"
|
|
if (Test-Path $regPath) {
|
|
Write-Host " Registry key EXISTS" -ForegroundColor Green
|
|
Get-ItemProperty $regPath | Format-List Name, GenericDNSServers, ConfigOptions, Version
|
|
} else {
|
|
Write-Host " Registry key MISSING at $regPath" -ForegroundColor Red
|
|
# Check parent
|
|
$parentPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig"
|
|
if (Test-Path $parentPath) {
|
|
Write-Host " Parent key exists. Children:"
|
|
Get-ChildItem $parentPath | ForEach-Object { Write-Host " $($_.PSChildName)" }
|
|
} else {
|
|
Write-Host " Parent DnsPolicyConfig key also missing" -ForegroundColor Red
|
|
}
|
|
}
|
|
Write-Host ""
|
|
|
|
# 3. DNS Client service status
|
|
Write-Host "--- 3. DNS Client Service ---" -ForegroundColor Yellow
|
|
$dnsSvc = Get-Service Dnscache
|
|
Write-Host " Status: $($dnsSvc.Status) StartType: $($dnsSvc.StartType)"
|
|
Write-Host ""
|
|
|
|
# 4. Interface DNS servers
|
|
Write-Host "--- 4. Interface DNS Servers ---" -ForegroundColor Yellow
|
|
Get-DnsClientServerAddress | Format-Table InterfaceAlias, InterfaceIndex, AddressFamily, ServerAddresses -AutoSize
|
|
Write-Host ""
|
|
|
|
# 5. WFP filters check
|
|
Write-Host "--- 5. WFP Filters (ctrld sublayer) ---" -ForegroundColor Yellow
|
|
try {
|
|
$wfpOutput = netsh wfp show filters
|
|
if (Test-Path "filters.xml") {
|
|
$xml = [xml](Get-Content "filters.xml")
|
|
$ctrldFilters = $xml.wfpdiag.filters.item | Where-Object {
|
|
$_.displayData.name -like "ctrld:*"
|
|
}
|
|
if ($ctrldFilters) {
|
|
Write-Host " Found $($ctrldFilters.Count) ctrld WFP filter(s):" -ForegroundColor Green
|
|
$ctrldFilters | ForEach-Object {
|
|
Write-Host " $($_.displayData.name) — action: $($_.action.type)"
|
|
}
|
|
} else {
|
|
Write-Host " NO ctrld WFP filters found" -ForegroundColor Red
|
|
}
|
|
Remove-Item "filters.xml" -ErrorAction SilentlyContinue
|
|
}
|
|
} catch {
|
|
Write-Host " WFP check failed: $_" -ForegroundColor Red
|
|
}
|
|
Write-Host ""
|
|
|
|
# 6. DNS resolution tests
|
|
Write-Host "--- 6. DNS Resolution Tests ---" -ForegroundColor Yellow
|
|
|
|
# Test A: Resolve-DnsName (uses DNS Client = respects NRPT)
|
|
Write-Host " Test A: Resolve-DnsName google.com (DNS Client path)" -ForegroundColor White
|
|
try {
|
|
$result = Resolve-DnsName google.com -Type A -DnsOnly -ErrorAction Stop
|
|
Write-Host " OK: $($result.IPAddress -join ', ')" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " FAILED: $_" -ForegroundColor Red
|
|
}
|
|
|
|
# Test B: Resolve-DnsName to specific server (127.0.0.1)
|
|
Write-Host " Test B: Resolve-DnsName google.com -Server 127.0.0.1" -ForegroundColor White
|
|
try {
|
|
$result = Resolve-DnsName google.com -Type A -Server 127.0.0.1 -DnsOnly -ErrorAction Stop
|
|
Write-Host " OK: $($result.IPAddress -join ', ')" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " FAILED: $_" -ForegroundColor Red
|
|
}
|
|
|
|
# Test C: Resolve-DnsName blocked domain (should return 0.0.0.0 or NXDOMAIN via Control D)
|
|
Write-Host " Test C: Resolve-DnsName popads.net (should be blocked by Control D)" -ForegroundColor White
|
|
try {
|
|
$result = Resolve-DnsName popads.net -Type A -DnsOnly -ErrorAction Stop
|
|
Write-Host " Result: $($result.IPAddress -join ', ')" -ForegroundColor Yellow
|
|
} catch {
|
|
Write-Host " FAILED/Blocked: $_" -ForegroundColor Yellow
|
|
}
|
|
|
|
# Test D: nslookup (bypasses NRPT - expected to fail with intercept)
|
|
Write-Host " Test D: nslookup google.com 127.0.0.1 (direct, bypasses NRPT)" -ForegroundColor White
|
|
$nslookup = & nslookup google.com 127.0.0.1 2>&1
|
|
Write-Host " $($nslookup -join "`n ")"
|
|
|
|
Write-Host ""
|
|
|
|
# 7. Try forcing NRPT reload
|
|
Write-Host "--- 7. Force NRPT Reload ---" -ForegroundColor Yellow
|
|
Write-Host " Running: gpupdate /target:computer /force" -ForegroundColor White
|
|
& gpupdate /target:computer /force 2>&1 | ForEach-Object { Write-Host " $_" }
|
|
Write-Host ""
|
|
|
|
# Re-test after gpupdate
|
|
Write-Host " Re-test: Resolve-DnsName google.com" -ForegroundColor White
|
|
try {
|
|
$result = Resolve-DnsName google.com -Type A -DnsOnly -ErrorAction Stop
|
|
Write-Host " OK: $($result.IPAddress -join ', ')" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " STILL FAILED: $_" -ForegroundColor Red
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== DIAGNOSTIC COMPLETE ===" -ForegroundColor Cyan
|
|
Write-Host "Copy all output above and send it back."
|