ameshkov
commented
2 years ago Well, both AGH and dnslookup use the dnscrypt internally so the problem must be there.
Closed HellboyPI closed 2 years ago
ameshkov
commented
2 years ago Well, both AGH and dnslookup use the dnscrypt internally so the problem must be there.
ameshkov
commented
2 years ago A quick test shows that Quad9 works over TCP only and this is what's causing the issue.
ameshkov
commented
2 years ago I've opened a bug report, but fixing this on our side may take some time.
Meanwhile, I've also contacted Quad9. Maybe this is a mistake on their side, having DNSCrypt work over TCP-only is rather strange.
ameshkov
commented
2 years ago I am in contact with Quad9, it's confirmed that the problem is on their side.
HellboyPI
commented
2 years ago Ok. Thank You! Did they say, when this problem will be fixed?
sauceress
commented
2 years ago We have a fix being deployed out to the network right now. We had an incomplete roll out of the firewall rule that allowed DNSCrypt over UDP traffic. This should be corrected within the hour. Thanks for getting touch with our support team on this!
lordraiden
commented
1 year ago Are this quad9 servers still working?
sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ
my log is full of these:
27/10/2023
15:22:27
2023/10/27 13:22:27.984343 [error] upstream sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;prda.aadg.msidentity.com. IN A in 13.467269ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:22:51
2023/10/27 13:22:51.556515 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 13.58772ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:22:51
2023/10/27 13:22:51.568549 [error] upstream sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 12.012534ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:23:52
2023/10/27 13:23:52.983815 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN AAAA in 15.281039ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:24:24
2023/10/27 13:24:24.321491 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN AAAA in 24.525986ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:28:18
2023/10/27 13:28:18.864441 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 12.479532ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:31:22
2023/10/27 13:31:22.786324 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;tf-presigned-url-eu-central-1-prod-firewall-bucket.s3.eu-central-1.amazonaws.com. IN AAAA in 31.973152ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:33:18
2023/10/27 13:33:18.884234 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 35.095955ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:34:43
2023/10/27 13:34:43.984917 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 13.735802ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:35:08
2023/10/27 13:35:08.399283 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;displaycatalog-rp.md.mp.microsoft.com.akadns.net. IN A in 11.83526ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:39:18
2023/10/27 13:39:18.858514 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN AAAA in 12.779417ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:39:41
2023/10/27 13:39:41.507154 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;www.youtube-nocookie.com. IN A in 41.175667ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:39:54
2023/10/27 13:39:54.164559 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 14.005667ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:44:02
2023/10/27 13:44:02.332513 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN AAAA in 12.507892ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:44:41
2023/10/27 13:44:41.124662 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;storeedgefd.xbetservices.akadns.net. IN A in 63.408543ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:50:38
2023/10/27 13:50:38.565092 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;login.mso.msidentity.com. IN A in 12.140777ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:52:21
2023/10/27 13:52:21.001923 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;update.code.visualstudio.com. IN A in 92.532157ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:52:21
2023/10/27 13:52:21.034621 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;update.code.visualstudio.com. IN A in 32.668567ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:52:21
2023/10/27 13:52:21.046504 [error] upstream sdns://AQMAAAAAAAAAEjE0OS4xMTIuMTEyLjk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;update.code.visualstudio.com. IN A in 11.858162ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:55:18
2023/10/27 13:55:18.844564 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 12.060826ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:56:45
2023/10/27 13:56:45.472222 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;owamail.public.cdn.office.net.edgekey.net. IN A in 13.834996ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
15:57:01
2023/10/27 13:57:01.527667 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;a.privatelink.msidentity.com. IN A in 11.919412ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
16:00:06
2023/10/27 14:00:06.904279 [error] upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;utm-cloudstation-eu-central-1.prod.hydra.sophos.com. IN A in 13.895316ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
27/10/2023
16:03:36
2023/10/27 14:03:36.210426 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;youtube-ui.l.google.com. IN A in 13.365737ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
renatoyamane
commented
7 months ago I have similar records in my logs, as the previous comment above from lordraiden, but not only on Quad9 servers.
Adguard Home Version: v0.107.48
user.notice AdGuardHome[8137]: 2024/04/06 06:28:30.763031 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;login.microsoftonline.com. IN A in 10.037173ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
user.notice AdGuardHome[8137]: 2024/04/06 10:26:44.824948 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;r.bing.com. IN A in 65.852113ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
user.notice AdGuardHome[8137]: 2024/04/06 10:42:36.986852 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;nxdomain-dw48hllhj5b.ca. IN A in 21.547306ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
user.notice AdGuardHome[8137]: 2024/04/06 10:42:38.598967 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;nxdomain-hfqtsxkct7s.uk. IN A in 11.852266ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
ghost
commented
7 months ago @renatoyamane please create a new issue. This has already been resolved.
renatoyamane
commented
6 months ago 2023/10/27 14:03:36.210426 [error] upstream sdns://AQMAAAAAAAAAFDE0OS4xMTIuMTEyLjExMjo4NDQzIGfIR7jIdYzRICRVQ751Z0bfNN8dhMALjEcDaN-CHYY-GTIuZG5zY3J5cHQtY2VydC5xdWFkOS5uZXQ failed to exchange ;youtube-ui.l.google.com. IN A in 13.365737ms. Cause: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted
Are you still having this problem? I'm noticing the same errors, in all DNSCrypt servers.
I reported the issue below, but looks like I'm the only one with this problem: https://github.com/AdguardTeam/AdGuardHome/issues/6897
Prerequisites
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
Issue Details
Expected Behavior
A working connection via DNSCrypt protocol to Quad9 servers.
Actual Behavior
I went to: https://raw.githubusercontent.com/Quad9DNS/dnscrypt-settings/main/dnscrypt/quad9-resolvers.md
I selected an Quad9 ipv4 DNS stamp (for DNSCrypt protocol). Example: sdns://AQYAAAAAAAAAEzE0OS4xMTIuMTEyLjEwOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA
I pasted the DNS stamp into AdGuard Home, clicked on "Test upstreams" and got this error message: Server "sdns://AQYAAAAAAAAAEzE0OS4xMTIuMTEyLjEwOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA": could not be used, please check that you've written it correctly.
I have tried with other Quad9 ipv4 DNS Stamps (for DNSCrypt protocol). I always get the same error.
Unencrypted DNS, DoH and DoT to Quad9 DNS servers work just fine in AdGuard Home.
I downloaded ameshkov's dnslookup programm and I get the same results:
./dnslookup google.com sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 dnslookup v. v1.5.1 2021/12/14 13:32:39 Cannot make the DNS request: failed to fetch certificate info from sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0, cause: read udp 192.168.6.6:46228->9.9.9.9:8443: read: no route to host
With dnscrypt-proxy v2.x I can establish the connection to Quad9 via dnscrypt protocol.