Closed mdavids closed 4 years ago
Hello,
Thank you for your bug report.
I have the same configuration as you on macOS. But I can't reproduce your problem.
Do you use my packaged launchd scripts or other methods to start dns-over-https? Would you please double check whether your configuration is located at /usr/local/etc/dns-over-https/doh-client.conf
?
Hi,
Yes, I use it just like that, with the right configuration file (according to a 'ps -ef').
I saw this (with lsof -i ":53"):
doh-clien 16274 root 3u IPv4 0xa1da5fd24928be3 0t0 TCP localhost:domain (LISTEN) doh-clien 16274 root 4u IPv4 0xa1da5fd0a8076eb 0t0 UDP *:domain
I have just unloaded and loaded it with:
launchctl [un] load /Library/LaunchDaemons/doh-client.plist
Now I get this:
doh-clien 55099 root 3u IPv4 0xa1da5fd2492821b 0t0 TCP localhost:domain (LISTEN) doh-clien 55099 root 4u IPv4 0xa1da5fd0a7e9113 0t0 UDP localhost:domain
So, after a reload it looks okay (again). Weird... It was also a bit weird that suddenly the firewall alert popped up. I did't expect it, because usually that happens right after starting a program, and the doh-client was running for days already.
So, this is a bit unclear to me. I will keep an eye on this and report if this happens again, ok?
Thank you for your reply.
So, this is a bit clear to me. I will keep an eye on this and report if this happens again, ok?
That's OK. Please let me know if the bug happens again.
Assuming the problem is fixed. Please reopen if it occurs again.
I configured (on OSX):
listen = [ "127.0.0.1:53", "[::1]:53",
To listen on both 0.0.0.0:53 and [::]:53, use the following line
]
I then ran it and got a firewall warning which I accepted, but which also raised some suspicion.
So, I checked with
lsof -i ":53"
To my surprise doh-client is listening to 0.0.0.0:53 and [::]:53 and has therefore become an open resolver when I am on an unprotected network (such as the one where I am right now).
Am I missing something here?