search

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!
MIT License
1.08k stars 262 forks source link

unbound (no doh support?) - maybe this isn't the right place.. #325

Closed bcookatpcsd closed 1 year ago

bcookatpcsd commented 1 year ago

I was migrating a server to a new Alpine 3.18 server.. using unbound

I couldn't figure out why doh was not working..

then I enabled more logs.. 

[I] root@chromedns /e/unbound (master)# ss -nlp | grep 443 | grep unbound
udp   UNCONN 0      0                                                                              10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=17))
udp   UNCONN 0      0                                                                              10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=13))
udp   UNCONN 0      0                                                                              10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=9))
udp   UNCONN 0      0                                                                              10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=5))
tcp   LISTEN 0      256                                                                            10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=18))
tcp   LISTEN 0      256                                                                            10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=14))
tcp   LISTEN 0      256                                                                            10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=10))
tcp   LISTEN 0      256                                                                            10.20.1.15:443             0.0.0.0:*    users:(("unbound",pid=11760,fd=6))
[I] root@chromedns /e/unbound (master)# grep 11760 /var/log/messages
May 19 16:02:27 chromedns daemon.notice unbound: [11760:0] notice: init module 0: iterator
May 19 16:02:28 chromedns daemon.warn unbound: [11760:2] warning: Unbound is not compiled with nghttp2. This is required to use DNS-over-HTTPS.
May 19 16:02:28 chromedns daemon.warn unbound: [11760:1] warning: Unbound is not compiled with nghttp2. This is required to use DNS-over-HTTPS.
May 19 16:02:28 chromedns daemon.warn unbound: [11760:3] warning: Unbound is not compiled with nghttp2. This is required to use DNS-over-HTTPS.
May 19 16:02:28 chromedns daemon.warn unbound: [11760:0] warning: Unbound is not compiled with nghttp2. This is required to use DNS-over-HTTPS.
May 19 16:02:28 chromedns daemon.info unbound: [11760:0] info: start of service (unbound 1.17.1).

(side note.. of course everyone is upset as we had to revert back.. )

1.15 is alpine 0.15 is void (glibc)

q is natesales/q a go dns util (fwiw) 

[I] testenv@void-vmdns ~/g/q (main) [1]> ./q -i www.google.com @https://10.20.1.15/dns-query
FATA[0000] requesting https://10.20.1.15:443/dns-query?dns=Eh0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: Get "https://10.20.1.15:443/dns-query?dns=Eh0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE": EOF

[I] testenv@void-vmdns ~/g/q (main) [1]> ./q -i www.google.com @https://10.20.0.15/dns-query
www.google.com. 1m0s A 216.239.38.120
www.google.com. 3m12s AAAA 2607:f8b0:4006:820::2004

(rhetorical) what is even running on 443 if it's not doh..

I'm getting alpine-sdk going on another machine..

Is there a reason that unbound is not built with doh support?

Thank you for listening..

ncopa commented 1 year ago

please report this at https://gitlab.alpinelinux.org/alpine/aports/-/issues