search

DNSCrypt / doh-server

Fast, mature, secure DoH and ODoH server proxy written in Rust. Previously known as doh-proxy and rust-doh.
MIT License
762 stars 63 forks source link

odohrelay-crypto-sx: Malformed response #61

Closed pengelana closed 3 years ago

pengelana commented 3 years ago

Tested with dnscrypt-proxy: 2.0.46-beta1

dnscrypt-proxy.toml configuration:

server_names = ['jp.tiarap.org-odoh']

[anonymized_dns]
  routes = [
     { server_name='*', via=['odohrelay-crypto-sx'] },
]

[static]
   [static.'jp.tiarap.org-odoh']
   stamp = 'sdns://BQcAAAAAAAAADWpwLnRpYXJhcC5vcmcFL29kb2g'

env DEBUG=1 ./dnscrypt-proxy

[2021-06-08 19:34:39] [NOTICE] Firefox workaround initialized
[2021-06-08 19:34:39] [DEBUG] Refreshing certificates
[2021-06-08 19:34:39] [DEBUG] Resolving [jp.tiarap.org] using bootstrap resolvers over udp
[2021-06-08 19:34:39] [DEBUG] [jp.tiarap.org] IP address [104.21.65.60] added to the cache, valid for 12h0m0s
[2021-06-08 19:34:40] [NOTICE] Anonymizing queries for [jp.tiarap.org-odoh] via [odohrelay-crypto-sx]
[2021-06-08 19:34:40] [DEBUG] Pausing after ODoH configuration retrieval
[2021-06-08 19:34:44] [DEBUG] Pausing done
[2021-06-08 19:34:44] [DEBUG] Resolving [odoh-relay.edgecompute.app] using bootstrap resolvers over udp
[2021-06-08 19:34:45] [DEBUG] [odoh-relay.edgecompute.app] IP address [199.232.45.51] added to the cache, valid for 12h0m0s
[2021-06-08 19:34:45] [WARNING] Unable to decrypt response from [jp.tiarap.org-odoh]: [Malformed response]
[2021-06-08 19:34:45] [INFO] Trying to fetch the [jp.tiarap.org-odoh] configuration again
[2021-06-08 19:34:45] [NOTICE] Anonymizing queries for [jp.tiarap.org-odoh] via [odohrelay-crypto-sx]
[2021-06-08 19:34:45] [DEBUG] Pausing after ODoH configuration retrieval
[2021-06-08 19:34:46] [DEBUG] Pausing done
[2021-06-08 19:34:46] [WARNING] Unable to decrypt response from [jp.tiarap.org-odoh]: [Malformed response]

Working fine with other relays:

[anonymized_dns]
  routes = [
    { server_name='*', via=['odohrelay-surf', 'odohrelay-bcn'] },
]

[2021-06-08 19:39:22] [NOTICE] Anonymized DNS: routing everything via [odohrelay-surf odohrelay-bcn]
[2021-06-08 19:39:22] [NOTICE] Firefox workaround initialized
[2021-06-08 19:39:22] [DEBUG] Refreshing certificates
[2021-06-08 19:39:22] [DEBUG] Resolving [jp.tiarap.org] using bootstrap resolvers over udp
[2021-06-08 19:39:22] [DEBUG] [jp.tiarap.org] IP address [172.67.158.198] added to the cache, valid for 12h0m0s
[2021-06-08 19:39:23] [NOTICE] Anonymizing queries for [jp.tiarap.org-odoh] via [odohrelay-surf]
[2021-06-08 19:39:23] [DEBUG] Pausing after ODoH configuration retrieval
[2021-06-08 19:39:26] [DEBUG] Pausing done
[2021-06-08 19:39:28] [INFO] [jp.tiarap.org-odoh] TLS version: 304 - Protocol: h2 - Cipher suite: 4865
[2021-06-08 19:39:28] [DEBUG] Advertised relay cert: [CN=odoh1.surfdomeinen.nl] [39388d8e34076afa433b7e4742d75ca03ec927e33ebe4864047db96f227c2896]
[2021-06-08 19:39:28] [DEBUG] Advertised relay cert: [CN=R3,O=Let's Encrypt,C=US] [444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce]
[2021-06-08 19:39:28] [DEBUG] Advertised relay cert: [CN=ISRG Root X1,O=Internet Security Research Group,C=US] [11b102e6b1f63e528984d6025f32b138241fc88bbd7519574d70c9832d53e1e8]
[2021-06-08 19:39:28] [NOTICE] [jp.tiarap.org-odoh] OK (ODoH) - rtt: 548ms
[2021-06-08 19:39:28] [NOTICE] Server with the lowest initial latency: jp.tiarap.org-odoh (rtt: 548ms)
[2021-06-08 19:39:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
jedisct1 commented 3 years ago

Yes, odohrelay-crypto-sx can only relay to servers already present in the public list.

An ODoH relay is essentially an open HTTP proxy, so running this is way more risky than DNSCrypt relays.

pengelana commented 3 years ago

Thanks, close the issue.