Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All DoH endpoint return NXDOMAIN for pretty much any domain, DoT & DoQ works normally #38

Open
tina-hello opened this issue May 19, 2024 · 7 comments
Open

All DoH endpoint return NXDOMAIN for pretty much any domain, DoT & DoQ works normally #38

tina-hello opened this issue May 19, 2024 · 7 comments

Comments

@tina-hello
Copy link 

dnslookup google.com https://dns.dnswarden.com/g
dnslookup 1.10.1-11687
Server: https://dns.dnswarden.com/g

dnslookup result (elapsed 272.164527ms):
;; opcode: QUERY, status: NXDOMAIN, id: 57709
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
                                                                                                                        ;; QUESTION SECTION:
;google.com.    IN       A
@bhanupratapys
Copy link
Owner

bhanupratapys commented May 19, 2024
edited
Loading

It works fine at my end. Can you re-check it?

 .\dnslookup.exe google.com https://dns.dnswarden.com/g
dnslookup v1.10.1
Server: https://dns.dnswarden.com/g

dnslookup result (elapsed 114.2265ms):
;; opcode: QUERY, status: NOERROR, id: 11108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.    IN       A

;; ANSWER SECTION:
google.com.     165     IN      A       142.250.185.174

@tina-hello
Copy link
Author

Still failing here, I've tried from my local ISP, Warp, and my VPS in Japan. Curl also fail

ubuntu@arm:~$ curl -I https://google.com --doh-url https://dns.dnswarden.com/g -v
* Found bundle for host dns.dnswarden.com: 0xaaaace510580 [serially]
* Server doesn't support multiplex (yet)
*   Trying 2a09:8280:1::1:da1b:443...
* TCP_NODELAY set
* Hostname 'dns.dnswarden.com' was found in DNS cache
*   Trying 2a09:8280:1::1:da1b:443...
* TCP_NODELAY set
* Connected to dns.dnswarden.com (2a09:8280:1::1:da1b) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* Connected to dns.dnswarden.com (2a09:8280:1::1:da1b) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=dns.dnswarden.com
*  start date: Mar 21 04:11:56 2024 GMT
*  expire date: Jun 19 04:11:55 2024 GMT
*  subjectAltName: host "dns.dnswarden.com" matched cert's "dns.dnswarden.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaace53e5a0)
> POST /g HTTP/2
Host: dns.dnswarden.com
accept: */*
content-type: application/dns-message
content-length: 28

* We are completely uploaded and fine
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=dns.dnswarden.com
*  start date: Mar 21 04:11:56 2024 GMT
*  expire date: Jun 19 04:11:55 2024 GMT
*  subjectAltName: host "dns.dnswarden.com" matched cert's "dns.dnswarden.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaace538df0)
> POST /g HTTP/2
Host: dns.dnswarden.com
accept: */*
content-type: application/dns-message
content-length: 28

* We are completely uploaded and fine
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< date: Sun, 19 May 2024 07:13:42 GMT
< content-length: 39
< server: dnswarden-sin
< content-type: application/dns-message
< strict-transport-security: max-age=31536000; includesubdomains; preload
<
* Connection #1 to host dns.dnswarden.com left intact
* a DOH request is completed, 1 to go
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< date: Sun, 19 May 2024 07:13:42 GMT
< content-length: 39
< server: dnswarden-sin
< content-type: application/dns-message
< strict-transport-security: max-age=31536000; includesubdomains; preload
<
* Connection #0 to host dns.dnswarden.com left intact
* a DOH request is completed, 0 to go
* DOH: Bad RCODE type A for google.com
* DOH: Bad RCODE type AAAA for google.com
* Closing connection 0
curl: (6) Couldn't resolve host name

@tina-hello
Copy link
Author

Seems to work fine currently

@h1toru
Copy link

h1toru commented Sep 28, 2024

I have the same problem. I've tried it on Chrome built-in DNS settings and PersonalDNSFilter (Android).
image

@tina-hello
Copy link
Author

@h1toru No, it's different from this issue. It has been weeks now since it returned 502, I've given up

image

@bhanupratapys
Copy link
Owner

@tina-hello @h1toru , something is really wrong with DoH and I didn't notice it until now. 502 error is new, let me see what is happening as i haven't touched or tweaked anything in a while.

@bhanupratapys bhanupratapys reopened this Sep 28, 2024
@tina-hello
Copy link
Author

@bhanupratapys This is most likely a dupe of #41

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bhanupratapys @tina-hello @h1toru