ignoramous
commented
1 month ago Will you share the address of the DoT server, please?
Open capmlbpkel opened 1 month ago
ignoramous
commented
1 month ago Will you share the address of the DoT server, please?
capmlbpkel
commented
1 month ago Sure. For the pre-configured Mullvad service, it is tls://extended.dns.mullvad.net. The custom DoT server I tried (both with and without the tls protocoll prefix) is tls://dns3.digitalcourage.de.
capmlbpkel
commented
1 month ago One more thing, I noticed that only one version of the custom server was part of the backup file (I do not remember if it was with or without the tls prefix). Don't know it this is related or not.
ignoramous
commented
1 month ago I just tried the two DoT servers you shared (Mullvad Extended and Digital Courage), and both worked. Unsure what's going on your end. Configure -> Settings -> Log level -> Very verbose logs may have clues as to what's going on (if you know how to capture those using adb logcat)?
capmlbpkel
commented
1 month ago Thank you, I will try to debug and report back.
capmlbpkel
commented
1 month ago Phew, that took me a couple of hours...here is the relevant part:
D/DnsManager( 4084): on dot change - Mullvad Extended, tls://extended.dns.mullvad.net, false
D/VpnLifecycle( 4084): on pref change, key: dns_type
D/VpnLifecycle( 4084): on pref change, key: connected_dns_name
D/VpnLifecycle( 4084): handle transport change
V/VpnLifecycle( 4084): GoVpnAdapter addTransport
V/VpnLifecycle( 4084): GoVpnAdapter addDotTransport, id: Preferred
I/GoLog ( 4084): ipmap.go:217: D ipmap: renew: extended.dns.mullvad.net / seed: [] / typ: Auto
I/GoLog ( 4084): ipmap.go:237: D ipmap: makeIPSet: extended.dns.mullvad.net, seed: [], typ: Regular
I/GoLog ( 4084): dot.go:83: I dot: (Preferred) setup: tls://extended.dns.mullvad.net; relay? false; resolved? false
I/GoLog ( 4084): cacher.go:120: I cache: (CachePreferred) setup: cached.extended.dns.mullvad.net:853; opts: ttl=10m0s;bumps=10;size=256
I/GoLog ( 4084): transport.go:211: I dns: add transport Preferred@extended.dns.mullvad.net:853; cache? true
V/VpnLifecycle( 4084): onDNSAdded: Preferred
I/VpnLifecycle( 4084): new dot: Preferred (Mullvad Extended), url: tls://extended.dns.mullvad.net, ips:
V/VpnLifecycle( 4084): GoVpnAdapter addDotTransport done
V/VpnLifecycle( 4084): GoVpnAdapter addTransport doneand then repeated messages like this one
I/GoLog ( 4084): transport.go:585: D dns: udp: done; tot: 1, t: 120000ms, err: read udp 10.111.222.3:53: i/o timeout
I am wondering if this might have to do with an DoT / NTP deadlock.
At least I am seeing blocked connections in the log by "Dynamic System Updates + 15 other app(s)" to time.android.com, despite have set those apps to isolate mode and trusting the domain.
ignoramous
commented
1 month ago Phew, that took me a couple of hours...here is the relevant part:
Sorry :( For this reason, we're adding ability to view and share debug logs from within the app in v055o.
I/GoLog ( 4084): transport.go:585: D dns: udp: done; tot: 1, t: 120000ms, err: read udp 10.111.222.3:53: i/o timeout
This isn't error, but expected. Look / grep for "dot:" or "dot.go:" logs.
I am wondering if this might have to do with an DoT / NTP deadlock.
Should happen with DoH, too?
capmlbpkel
commented
1 month ago Sorry :( For this reason, we're adding ability to view and share debug logs from within the app in
v055o.
No problem, I learned something new.
This isn't error, but expected. Look / grep for "dot:" or "dot.go:" logs.
There are no entries containing "dot" besides the ones I just posted.
Should happen with DoH, too?
I am really no expert here, if DoH certificates are also checked for validity date, probably yes. But DoH works without any issues.
DoT does not work for me. Neither for pre-configured services such as Mullvad nor for custom services. In the DoT menu, it first says "Starting" and then "No internet", instead of "Connected".
System DNS, pre-configured DoH, custom DoH and RDNS services work as expected.