search

aarond10 / https_dns_proxy

A lightweight DNS-over-HTTPS proxy.
MIT License
779 stars 114 forks source link

can't make it work with Cloudflare Family resolvers (OpenWrt) #86

Closed stangri closed 4 years ago

stangri commented 4 years ago

I've tried both security and family resolvers from https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families/setup-instructions/dns-over-https/ and:

WRT3200 in ~ # /usr/sbin/https-dns-proxy -a 127.0.0.1 -p 5063 -b 1.1.1.1,1.0.0.1 -r https://security.cloudflare-dns.com/dns-query/ -u nobody -g nogroup -4 &

WRT3200 in ~ # nslookup google.com 127.0.0.1#6053
;; connection timed out; no servers could be reached

Any idea why @aarond10 ?

aarond10 commented 4 years ago

127.0.0.1#6053

https-dns-proxy -a 127.0.0.1 -p 5063

The port looks different. Is that right?

On Wed, 6 May 2020, 8:58 am Stan, notifications@github.com wrote:

I've tried both security and family resolvers from https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families/setup-instructions/dns-over-https/ and:

WRT3200 in ~ # /usr/sbin/https-dns-proxy -a 127.0.0.1 -p 5063 -b 1.1.1.1,1.0.0.1 -r https://security.cloudflare-dns.com/dns-query/ -u nobody -g nogroup -4 &

WRT3200 in ~ # nslookup google.com 127.0.0.1#6053;; connection timed out; no servers could be reached

Any idea why @aarond10 https://github.com/aarond10 ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aarond10/https_dns_proxy/issues/86, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTOXW7DU4D5GYUKPEIYYLRQCKYTANCNFSM4MZ7BFAA .

stangri commented 4 years ago

Oh, sorry, same result with the correct port tho:

/usr/sbin/https-dns-proxy -a 127.0.0.1 -p 5063 -b 1.1.1.1,1.0.0.1 -r https://security.cloudflare-dns.com/dns-query/ -u nobody -g nogroup -4
WRT3200 in ~ # nslookup google.fr 127.0.0.1#5063
;; connection timed out; no servers could be reached
aarond10 commented 4 years ago

If you add a few -v, you get this:

[D] 1588941445.785327 https_client.c:105 CURLINFO_EFFECTIVE_URL: https://security.cloudflare-dns.com/dns-query/ [D] 1588941445.785334 https_client.c:111 CURLINFO_REDIRECT_URL: https://one.one.one.one/family/ [D] 1588941445.785338 https_client.c:117 CURLINFO_RESPONSE_CODE: 302

That is a webpage redirect to a marketing page. Where did you find that URL?

On Fri, 8 May 2020 at 18:53, Stan notifications@github.com wrote:

Oh, sorry, same result with the correct port tho:

/usr/sbin/https-dns-proxy -a 127.0.0.1 -p 5063 -b 1.1.1.1,1.0.0.1 -r https://security.cloudflare-dns.com/dns-query/ -u nobody -g nogroup -4 WRT3200 in ~ # nslookup google.fr 127.0.0.1#5063;; connection timed out; no servers could be reached

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aarond10/https_dns_proxy/issues/86#issuecomment-625713737, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTOXWQQTYEMQG46MP5AVTRQPB6ZANCNFSM4MZ7BFAA .

stangri commented 4 years ago

https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families/setup-instructions/dns-over-https/

Posted on Cloudflare forum: https://community.cloudflare.com/t/dns-over-https-not-working-for-new-family-urls/173783.

stangri commented 4 years ago

URLs posted at cloudflare were wrong, they shouldn't have included the trailing slash, https-dns-proxy works fine as long as correct URLs are used and I'll be posting an update to the OpenWrt luci app soon.