search

robputt / Py-DNS-over-HTTPS-Proxy

Provides a simple Python based proxy for running DNS over HTTPS to Google's DNS over HTTPS service.
GNU General Public License v3.0
38 stars 6 forks source link

Now DNS opens only normal site and some site with https #5

Closed arminmacx closed 7 years ago

arminmacx commented 7 years ago

@robputt796 Hi,

Today I get this new problem which is dns cannot open site like youtube.com and too many others site with https. i can ping the site and getting reply but i cannot open it.

robputt commented 7 years ago

Hi @arminmacx

Do you get an IP returned when you do a DIG against these sites...

e.g.

dig @localhost youtube.com

if you get an IP address returned it is not the fault of the DNS. Please can you provide examples of your digs / sites which you cannot connect to.

Best Regards,

Rob

arminmacx commented 7 years ago

Hi @robputt796

Yes I get back IP address of the site when i use DIG here example of youtube.com :

armin@Armins-iMac  ~  dig @localhost youtube.com  ✓  577  02:37:03

; <<>> DiG 9.8.3-P1 <<>> @localhost youtube.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47606 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;youtube.com. IN A

;; ANSWER SECTION: youtube.com. 299 IN A 216.58.212.238

;; Query time: 963 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Mar 6 23:14:30 2017 ;; MSG SIZE rcvd: 45

here another site (plex.tv) :

armin@Armins-iMac  ~  dig @localhost plex.tv  ✓  581  23:18:33

; <<>> DiG 9.8.3-P1 <<>> @localhost plex.tv ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46411 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;plex.tv. IN A

;; ANSWER SECTION: plex.tv. 49 IN A 52.210.244.61 plex.tv. 49 IN A 54.77.213.127 plex.tv. 49 IN A 52.214.149.31 plex.tv. 49 IN A 52.210.223.97 plex.tv. 49 IN A 54.229.174.245 plex.tv. 49 IN A 52.210.15.168

;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Mar 6 23:18:36 2017 ;; MSG SIZE rcvd: 121

the interesting part is this when i try to open gamin.youtube.com the site is opening but videos are not playing. on other side youtube.com is not opening at all.

robputt commented 7 years ago

Sorry to be a little dissmisive here @arminmacx but the DNS proxy is doing it's job as valid results are being returned for your DNS queries.

I expect the website is probably being blocked in some other way, either it's down (unlikely), there is some firewall rule preventing you visiting said IPs, or there is some filtering proxy between you and the website that doesn't want you going there. DNS-over-HTTPS proxy doesn't help with these communication issues, it is only useful for securely sending DNS requests.

arminmacx commented 7 years ago

@robputt796 Hi,

Can you please update the SSL cert. It is again give an error about MITM Attack

robputt commented 7 years ago

Sorry @arminmacx I have been travelling... I will look at this now.

robputt commented 7 years ago

Ok @arminmacx I have replaced the base64 encoded pinning cert.