search

gpdm / DoH

A DNS-over-HTTP implementation
BSD 3-Clause "New" or "Revised" License
1 stars 1 forks source link

config parser issue: keys cannot contain : character #5

Open luckypoem opened 4 years ago

luckypoem commented 4 years ago

how to fix "While parsing config: (65, 13): keys cannot contain : character "

helllo. yudeMacBook-Air:~ brite$ sudo doh -configfile DoH.toml Password: INFO[0000] using config file from: DoH.toml
FATA[0000] While parsing config: (65, 13): keys cannot contain : character yudeMacBook-Air:~ brite$ cat DoH.toml [global]

default listen address.

set to "" to list to all addresses (default)

# listen = ""

default log level

#

these are Syslog-compatible log levels

 Emergency = 0

 Alert = 1

Crit = 2

Error = 3

Warn = 4

Notice = 5 # default for DoH daemon -- not chatty at all

Information = 6 # also controlled from cli using -verbose switch: add's some diagnostics information

Debug = 7 # also controlled from cli using -debug switch: very chatty and fully verbose

# loglevel = 5

http-only server

according to RFC8484, DoH must only be supported via TLS on HTTP/2

However, for development purposes, the http-plain mode can be helpful,

i.e. to capture wire format traffic.

When running in Docker, it may be also indiciated to expose the service

through plain-text HTTP, and run it behind a frontend load-balancer,

which does the TLS offloading.

# [http] enable = false port = 8080

settings for TLS HTTP/2 service (mandatory)

# [tls] enable = false port = 8443 pkey = "./conf/private.key" cert = "./conf/public.crt"

DNS resolver

#

at least one host must be specified in

URI format, as described in https://tools.ietf.org/html/rfc3986

#

multiple hosts can be specified as shown below,

both in FQDN format or using IP(v4|6) addresses.

use udp:// for standard DNS resolvers

- port number can be specified using ':' syntax, defaults to ':53'

use https:// for DoH servers

- port number can be specified using ':' syntax, defaults to ':443'

- DoH servers can support both POST or GET request methods,

append '#' to indicate preferred method (defaults to '#POST')

- use the FQDN only, do not append '/dns-query' URI to hostname (read: it will be ignored)

#

[ "udp://192.0.2.1:53", "udp://fully-qualified-host.local", "https://cloudflare-dns.com#POST", "https://cloudflare-dns.com#GET" ]

# [dns]

resolvers = [ "udp://192.0.2.1:53", "udp://localhost" ]

resolvers = [ https://mydomain.com/dns-query ]

Optional influxDB to report telemetry information

#

 Telemetry logging only includes counters for HTTP GET / POST requests,

and the number of DNS RR Type requests (e.g. TYPE A, TYPE NS) processed.

No additional information, e.g. queried hostnames, returned IP addresses,

source IPs, etc, is included in the telemetry.

# [influx] enable = false url = "" database = "" username = "" password = ""

Optional Redis cache support to perform application-level caching of DNS responses

This works side-by-side with any ordinary DNS query cache, but on the DoH frontend service,

saving extra round-trips and recursion through the DNS backends.

# [redis] enable = false addr = "localhost" port = "6379" password = "" yudeMacBook-Air:~ brite$

how to fix the error?

gpdm commented 4 years ago

@luckypoem

Sorry for the late response. Unfortunately, the config file you posted here is totally distorted, so it's hard to read out, what's wrong. It looks like a formatting or mising quotes error.

Can you please provide your config file again, maybe by uploading to pastebin?

I've provided you a sample config at https://pastebin.com/uF4sfKme

This one runs with HTTP-only, and TLS disabled. Using this config, you should get to see something like this:

$ ./DoH -configfile conf/DoH.toml INFO[0000] using config file from: conf/DoH.toml
INFO[0000] Runtime Configuration dump: { "dns": { "resolvers": [ "udp://192.0.2.1:53", "udp://localhost" ] }, "global": { "listen": "", "loglevel": 5 }, "http": { "enable": true, "port": 8080 }, "influx": { "database": "", "enable": false, "password": "", "url": "", "username": "" }, "redis": { "addr": "localhost", "enable": false, "password": "", "port": "6379" }, "tls": { "cert": "./conf/public.crt", "enable": false, "pkey": "./conf/private.key", "port": 8443 } } INFO[0000] Registered HTTP handler: method=GET, path=/
INFO[0000] Registered HTTP handler: method=GET, path=/status INFO[0000] Registered HTTP handler: method=GET, path=/dns-query INFO[0000] Registered HTTP handler: method=POST, path=/dns-query INFO[0000] HTTP Server started (listen :8080)

Please note: To run an actual DoH client/browser against this service, you will have to enable TLS mode, and provide proper certificates, or put a TLS-enabled proxy upfront the DoH service. Clients won't talk to HTTP-only DoH servers, because TLS is mandatory.

Plus you need to customize the DNS resolvers section and replace the sample entries by your actual DNS resolver.

[dns] resolvers = [ "udp://192.0.2.1:53", "udp://localhost" ]

The example given is just to get you started.

Hope this helps, -GP