Closed HellboyPI closed 1 year ago
ShreyasZare
commented
1 year ago Thanks for the post. I checked the NextDNS URL and it does not seems to support HTTP/3. It only supports HTTP/1.1 and HTTP/2. There is no alt-svc: h3=":443"; ma=86400 header seen with HTTP/1.1 or HTTP/2 requests.
HellboyPI
commented
1 year ago This is strange. I tested this also in AdGuard Home. In AGH NextDNS over DoH3 works. In my firewall I can see that the connection goes over UDP port 443.
Test with dnslookup utility: root@localhost:/opt/linux-amd64# ./dnslookup google.com h3://dns.nextdns.io/xxxxxxx dnslookup v1.9.1 dnslookup result (elapsed 107.751934ms): ;; opcode: QUERY, status: NOERROR, id: 65529 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 300 IN A 142.250.180.206
ShreyasZare
commented
1 year ago It seems I did not test that properly. I just checked it again and there is HTTP/3 service confirmed with packet capture. However, I am getting HTTP/3 error code 'H3_GENERAL_PROTOCOL_ERROR' (0x101) error when trying using h3://dns.nextdns.io/dns-query as the server.
However, using h3://cloudflare-dns.com/dns-query is working fine with the DNS server. So does not seem to be an issue with code. You can test this with dnsclient.net too which uses the same code base.
HellboyPI
commented
1 year ago Yes, the code is alright. It seems that there are differences in the DoH3 implementation and how the clients are handling these differences.
Other examples:
The dns0.eu DNS resolver runs on NextDNS infrastructure. They also support DoH3.
https://dns0.eu/dns-query -> DoH works. h3://dns0.eu/dns-query -> DoH3 doesn't work (because of the same infrastructure).
AdGuard public DNS https://dns.adguard-dns.com/dns-query -> DoH works. h3://dns.adguard-dns.com/dns-query -> DoH3 doesn't work.
In AdguardHome both (dns0.eu, AdGuardDNS) work.
ShreyasZare
commented
1 year ago Ya, I too think its some subtle issue with how HTTP/3 is being implemented. Since HTTP/3 is quite a new protocol it may take a while for things to settle.
Technitium DNS Server is using HTTP/3 client which is Microsoft's implementation and it works with a lot of HTTP/3 websites too without issues. The DoH implementation is using it and its working with Google and Cloudflare, but not with dns0 and Adguard.
However, since HTTP/3 uses QUIC transport protocol, which is the same being using with DNS-over-QUIC, you can switch your config to use DNS-over-QUIC which dns0, NextDNS and Adguard supports and is working fine with Technitium DNS Server.
Hello! NextDNS supports DoH3. Wenn I write "h3://dns.nextdns.io/xxxxxxxx" into Forwarders, it doesn't work.
"xxxxxxxx" is my profile ID. NextDNS doesn't have "/dns-query" at the end of url. Technitium DNS is installed on Debian 11. Libmsquic library and openssl are also installed.