bhanupratapys / dnswarden

Adblocking dns, Uncensored dns server and Adult-filter dns. Supports Dns-over-QUIC , Dns-over-HTTPS and Dns-over-TLS with DNSSEC enabled and no logging.
https://dnswarden.com/
MIT License
146 stars 4 forks source link

All DoH endpoint return NXDOMAIN for pretty much any domain, DoT & DoQ works normally #38

Open tina-hello opened 5 months ago

tina-hello commented 5 months ago
dnslookup google.com https://dns.dnswarden.com/g
dnslookup 1.10.1-11687
Server: https://dns.dnswarden.com/g

dnslookup result (elapsed 272.164527ms):
;; opcode: QUERY, status: NXDOMAIN, id: 57709
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
                                                                                                                        ;; QUESTION SECTION:
;google.com.    IN       A
bhanupratapys commented 5 months ago

It works fine at my end. Can you re-check it?

 .\dnslookup.exe google.com https://dns.dnswarden.com/g
dnslookup v1.10.1
Server: https://dns.dnswarden.com/g

dnslookup result (elapsed 114.2265ms):
;; opcode: QUERY, status: NOERROR, id: 11108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.    IN       A

;; ANSWER SECTION:
google.com.     165     IN      A       142.250.185.174
tina-hello commented 5 months ago

Still failing here, I've tried from my local ISP, Warp, and my VPS in Japan. Curl also fail

ubuntu@arm:~$ curl -I https://google.com --doh-url https://dns.dnswarden.com/g -v
* Found bundle for host dns.dnswarden.com: 0xaaaace510580 [serially]
* Server doesn't support multiplex (yet)
*   Trying 2a09:8280:1::1:da1b:443...
* TCP_NODELAY set
* Hostname 'dns.dnswarden.com' was found in DNS cache
*   Trying 2a09:8280:1::1:da1b:443...
* TCP_NODELAY set
* Connected to dns.dnswarden.com (2a09:8280:1::1:da1b) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* Connected to dns.dnswarden.com (2a09:8280:1::1:da1b) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=dns.dnswarden.com
*  start date: Mar 21 04:11:56 2024 GMT
*  expire date: Jun 19 04:11:55 2024 GMT
*  subjectAltName: host "dns.dnswarden.com" matched cert's "dns.dnswarden.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaace53e5a0)
> POST /g HTTP/2
Host: dns.dnswarden.com
accept: */*
content-type: application/dns-message
content-length: 28

* We are completely uploaded and fine
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=dns.dnswarden.com
*  start date: Mar 21 04:11:56 2024 GMT
*  expire date: Jun 19 04:11:55 2024 GMT
*  subjectAltName: host "dns.dnswarden.com" matched cert's "dns.dnswarden.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaace538df0)
> POST /g HTTP/2
Host: dns.dnswarden.com
accept: */*
content-type: application/dns-message
content-length: 28

* We are completely uploaded and fine
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< date: Sun, 19 May 2024 07:13:42 GMT
< content-length: 39
< server: dnswarden-sin
< content-type: application/dns-message
< strict-transport-security: max-age=31536000; includesubdomains; preload
<
* Connection #1 to host dns.dnswarden.com left intact
* a DOH request is completed, 1 to go
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< date: Sun, 19 May 2024 07:13:42 GMT
< content-length: 39
< server: dnswarden-sin
< content-type: application/dns-message
< strict-transport-security: max-age=31536000; includesubdomains; preload
<
* Connection #0 to host dns.dnswarden.com left intact
* a DOH request is completed, 0 to go
* DOH: Bad RCODE type A for google.com
* DOH: Bad RCODE type AAAA for google.com
* Closing connection 0
curl: (6) Couldn't resolve host name
tina-hello commented 5 months ago

Seems to work fine currently

h1toru commented 1 month ago

I have the same problem. I've tried it on Chrome built-in DNS settings and PersonalDNSFilter (Android). image

tina-hello commented 1 month ago

@h1toru No, it's different from this issue. It has been weeks now since it returned 502, I've given up

image

bhanupratapys commented 1 month ago

@tina-hello @h1toru , something is really wrong with DoH and I didn't notice it until now. 502 error is new, let me see what is happening as i haven't touched or tweaked anything in a while.

tina-hello commented 1 month ago

@bhanupratapys This is most likely a dupe of #41