search

AdguardTeam / dnsproxy

Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
Apache License 2.0
2.44k stars 247 forks source link

IPv6 DoH not working #216

Closed IrineSistiana closed 2 years ago

IrineSistiana commented 2 years ago

after 8e93531cd26a1a476bd99e1afb23af4bf4396d45

IPv6 DoH cannot be set as a bootstrap 

.\dnsproxy.exe -u https://dns.google/dns-query -b https://[2400:3200::1]/dns-query
2022/03/13 10:03:12 [info] Starting dnsproxy v0.41.4
2022/03/13 10:03:12 [error] Resolver https://[2400:3200::1]/dns-query is not eligible to be a bootstrap DNS server
2022/03/13 10:03:12 [fatal] error while parsing upstreams configuration: cannot prepare the upstream https://dns.google/dns-query ([https://[2400:3200::1]/dns-query]): creating https bootstrapper: Resolver https://[2400:3200::1]/dns-query is not eligible to be a bootstrap DNS server
Lanius-collaris commented 2 years ago

Certificate is valid for 223.5.5.5, 223.6.6.6, not 2400:3200::1

user@localhost ~$ ./dnslookup cnnic.cn https://[2400:3200::1]/dns-query                 
dnslookup v1.4.9                               
2022/03/13 20:12:55 Cannot make the DNS request: couldn't do a GET request to 'https://[2400:3200::1]:443/dns-query', cause: Get "https://[2400:3200::1]:443/dns-query?dns=jUsBAAABAAAAAAAABWNubmljAmNuAAABAAE": x509: certificate is valid for 223.5.5.5, 223.6.6.6, not 2400:3200::1

You can use -u https://[2001:4860:4860::8888]/dns-query.

IrineSistiana commented 2 years ago

@Lanius-collaris Thanks for the advice. I didn't notice the certificate issue. But that might not the issue.

.\dnsproxy.exe -u https://dns.google/dns-query -b https://[2001:4860:4860::8888]/dns-query.
2022/03/13 20:49:10 [info] Starting dnsproxy v0.41.4
2022/03/13 20:49:10 [error] Resolver https://[2001:4860:4860::8888]/dns-query. is not eligible to be a bootstrap DNS server
2022/03/13 20:49:10 [fatal] error while parsing upstreams configuration: cannot prepare the upstream https://dns.google/dns-query ([https://[2001:4860:4860::8888]/dns-query.]): creating https bootstrapper: Resolver https://[2001:4860:4860::8888]/dns-query. is not eligible to be a bootstrap DNS server

I also found that IPv6 DoH upstream is not working.

.\dnsproxy.exe -u https://[2001:4860:4860::8888]/dns-query -v
2022/03/13 22:03:29 20340#1 [info] Starting dnsproxy v0.41.4
2022/03/13 22:03:29 20340#1 [debug] Upstream 0: https://[[2001:4860:4860::8888]]:443/dns-query
2022/03/13 22:03:29 20340#1 [info] Starting the DNS proxy server
2022/03/13 22:03:29 20340#1 [info] Creating the UDP server socket
2022/03/13 22:03:29 20340#1 [info] Listening to udp://[::]:53
2022/03/13 22:03:29 20340#1 [info] Creating a TCP server socket
2022/03/13 22:03:29 20340#1 [info] Listening to tcp://[::]:53
2022/03/13 22:03:29 20340#6 [info] Entering the UDP listener loop on [::]:53
2022/03/13 22:03:29 20340#7 [info] Entering the tcp listener loop on [::]:53
2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).udpHandlePacket(): Start handling new UDP packet from 127.0.0.1:61112
2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 5669
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com.        IN       A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1232
; COOKIE: 369596913ed679c0

2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.exchangeWithUpstream(): upstream https://[[2001:4860:4860::8888]]:443/dns-query failed to exchange ;www.google.com.  IN       A in 0s. Cause: initializing http client: initializing http transport: bootstrapping https://[[2001:4860:4860::8888]]:443/dns-query: bootstrapper requires port in address https://[[2001:4860:4860::8888]]:443/dns-query
2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).replyFromUpstream(): RTT: 0s
2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: SERVFAIL, id: 5669
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.        IN       A

2022/03/13 22:03:32 20340#18 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).udpHandlePacket(): error handling DNS (udp) request: talking to dns upstream: initializing http client: initializing http transport: bootstrapping https://[[2001:4860:4860::8888]]:443/dns-query: bootstrapper requires port in address https://[[2001:4860:4860::8888]]:443/dns-query

The problem is here.

https://github.com/AdguardTeam/dnsproxy/blob/e2fba4e244bf0c3f651a937b3d59dd1bd704c80c/upstream/upstream.go#L196

[2001:4860:4860::8888] joins 443 = [[2001:4860:4860::8888]]:443

Lanius-collaris commented 2 years ago

Sorry. A temporary solution: -u https://[2001:4860:4860::8888]:443/dns-query