search

DNSCrypt / doh-server

Fast, mature, secure DoH and ODoH server proxy written in Rust. Previously known as doh-proxy and rust-doh.
MIT License
739 stars 63 forks source link

Some domains cannot be resolved (timeout). Behavior different depending on the DoH client used #96

Closed neowutran closed 10 months ago

neowutran commented 10 months ago

Some domains cannot be resolved, it end up with a timeout.

The behavior is different depending on the DoH client used. The tool "https://github.com/ameshkov/dnslookup" seems to always work The tool "https://github.com/curl/doh" seems to always work "curl" doesn't always work "firefox" doesn't always work

Tests

Resolving the domain "forum.qubes-os.org"

Using https://github.com/ameshkov/dnslookup

./go/bin/dnslookup forum.qubes-os.org https://doh.neowutran.ovh:8443/doh

It work

Configuring firefox GUI to force using this DOH

it work

Using curl

curl --doh-url "https://doh.neowutran.ovh:8443/doh" https://forum.qubes-os.org

It work

Using https://github.com/curl/doh

./doh forum.qubes-os.org https://doh.neowutran.ovh:8443/doh

It work

Resolving the domain "github.com"

Using https://github.com/ameshkov/dnslookup

 ./go/bin/dnslookup github.com https://doh.neowutran.ovh:8443/doh

It work

Configuring firefox GUI to force using this DOH

it doesn't work (timeout)

Using curl

curl --doh-url "https://doh.neowutran.ovh:8443/doh" https://github.com

It doesn't work (timeout)

Using https://github.com/curl/doh

./doh github.com https://doh.neowutran.ovh:8443/doh

It work

jedisct1 commented 10 months ago

This proxy doesn't resolve nor cache anything, it doesn't even try to parse DNS packets. It blindly forwards everything upstream.

So, if something doesn't resolve, it's likely an issue with the resolver itself.

Maybe an intermittent network issue, or broken DNSSEC records?

curl --doh-url "https://doh.neowutran.ovh:8443/doh" https://github.com

works fine here :)

Also, if you're looking for a nice command-line client, try doggo.

neowutran commented 10 months ago

Thanks ! :)

After some more investigations, https://doh.neowutran.ovh:8443/doh resolve "github.com" by the IP 20.201.28.151 (microsoft github server in brasil).
And my current IP address seems to be blacklisted by the microsoft server in brasil.

Using another DNS provider, "github.com" is resolved with 140.82.121.3 (microsoft github server in germany), and this server didn't blacklisted my IP.

firefox and curl try to get the webpage hosted by github, but the microsoft server in brasil refused to answer and I got a timeout.