trinib / AdGuard-WireGuard-Unbound-DNScrypt

Linux ultimate self-hosted network security guide ║ Linux 终极自托管网络安全指南 ║ Guía definitiva de seguridad de red autohospedada de Linux ║ लिनक्स परम स्व-होस्टेड नेटवर्क सुरक्षा गाइड ║ Окончательное руководство по безопасности собственной сети Linux
MIT License
772 stars 60 forks source link

Unable to get cloudflare unbount DoT to work #5

Closed 26adriano closed 2 years ago

26adriano commented 2 years ago

I've come across a few things that occur when following this guide they are

  1. When unbound is installed you are then unable to get the root.hint file or any of the DoH files. However stopping the unbound service after installing it ,and restarting the service after step 4 as per the guide is a work around. (sudo service unbound stop)

  2. Downloading the cloudflared 32bit gives a 404 error. But is fixed by downloading from the officical github -> wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm .

  3. After cloudflared-linux-arm is downloaded it needs to be renamed to cloudflared before the copy step is carried out. (mv cloudflared-linux-arm cloudflared)

  4. After all of this I end with DoH working but not DoT (this is with or without alternative dns on pc) -> Capture I tried just having DoT configured and all I get is -> Capture2 At this point I have no idea what to do. ps. I have followed this guide 6 or so months ago and it was working. pps. I have tried the fix in the previous issue.

trinib commented 2 years ago

yes the link for 32bit is not working again 👎 .. ill will try 32bit cloudflared from github and re test everything...

ghost commented 2 years ago

Same problem for me .

Blistex77 commented 2 years ago

Have you tried to change the web's browser setting (cf. other current open issue)? It seems to help in some cases. For me, that did the trick at least.

trinib commented 2 years ago

Same problem for me .

i try and resolve issue before christams.. this week is a critical week in my work and once thats over ill get in this

trinib commented 2 years ago

Have you tried to change the web's browser setting (cf. other current open issue)? It seems to help in some cases. For me, that did the trick at least.

well that could be the issue but i guess i have to test for my self and see ..

trinib commented 2 years ago

I've come across a few things that occur when following this guide they are

1. When unbound is installed you are then unable to get the root.hint file or any of the DoH files. However stopping the unbound service after installing it ,and restarting the service after step 4 as per the guide is a work around. (sudo service unbound stop)

2. Downloading the cloudflared 32bit gives a 404 error. But is fixed by downloading from the officical github -> wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm .

3. After cloudflared-linux-arm is downloaded it needs to be renamed to cloudflared before the copy step is carried out. (mv cloudflared-linux-arm cloudflared)

4. After all of this I end with DoH working but not DoT (this is with or without alternative dns on pc) ->
   ![Capture](https://user-images.githubusercontent.com/15659183/144603760-7745702c-8d3c-416e-8491-3201c876c80f.PNG)
   I tried just having DoT configured and all I get is ->
   ![Capture2](https://user-images.githubusercontent.com/15659183/144604035-ea48c50a-415a-4a96-bcdc-13bd0c9f91c1.PNG)
   At this point I have no idea what to do.
   ps. I have followed this guide 6 or so months ago and it was working.
   pps. I have tried the fix in the previous issue.

same issue for me with https://1.1.1.1/help and i even tried older version unbound 1.13.1 and no luck.. But its confirmed unbound is working from https://dnssec.vs.uni-due.de/ and terminal commands test validation :

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53
dig sigok.verteiltesysteme.net @127.0.0.1 -p 53

The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an IP address. (From https://docs.pi-hole.net/guides/dns/unbound/#test-validation)

So i dont know if it could be the website https://1.1.1.1/help or browsers not showing TLS cause recently with firefox and chrome i see from https://www.cloudflare.com/ssl/encrypted-sni/ TLS 1.3 is on by default so i really can't tell..I'll try a whole different method for DOT and see but for now i guess unbound still works but ill find another way for DNS OVER TLS

trinib commented 2 years ago

created a help wanted issue for now so closing.. and i updated cloudflare 64bit setup guide