Closed yutayu closed 2 years ago
You mean you couldn't get a response from Japan Dot? But DoH can?
DoT dot-jp.blahdns.com
kdig yahoo.jp @dot-jp.blahdns.com +tls
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 41085
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR
;; PADDING: 379 B
;; QUESTION SECTION:
;; yahoo.jp. IN A
;; ANSWER SECTION:
yahoo.jp. 105 IN A 183.79.102.32
yahoo.jp. 105 IN A 182.22.2.15
;; Received 468 B
;; Time 2022-04-19 10:02:45 UTC
;; From 2400:8902::f03c:92ff:fe27:344b@853(TCP) in 0.5 ms
DoH doh-jp.blahdns.com
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"yahoo.jp.","type":1}],"Answer":[{"name":"yahoo.jp.","type":1,"TTL":293,"Expires":"Tue, 19 Apr 2022 10:09:34 UTC","data":"182.22.2.15"},{"name":"yahoo.jp.","type":1,"TTL":293,"Expires":"Tue, 19 Apr 2022 10:09:34 UTC","data":"183.79.102.32"}]}
curl
yahoo.jp site with DoH
curl -L --doh-url https://doh-jp.blahdns.com/dns-query https://yahoo.jp
<!DOCTYPE html><html lang="ja"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/><title>Yahoo! JAPAN</title><meta name="description" content="あなたの毎日をアップデートする情報ポータル。検索、ニュース、天気、スポーツ、メール、ショッピング、オークションなど便利なサービスを展開しています。"/>```
You mean you couldn't get a response from Japan Dot? But DoH can?
yes exactlly. I clicked links and redirected pages "rd.xxx" doesn't show.
and Please drill sukebei.nyaa.si dot and doh.
Hi,it seems like still work on my computer, please check it again.
kdig sukebei.nyaa.si +tls @dot-jp.blahdns.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 36867
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR
;; PADDING: 389 B
;; QUESTION SECTION:
;; sukebei.nyaa.si. IN A
;; ANSWER SECTION:
sukebei.nyaa.si. 3595 IN A 198.251.89.38
$ drill sukebei.nyaa.si ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 60706 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; sukebei.nyaa.si. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec ;; SERVER: 127.0.0.1 ;; WHEN: Thu Apr 21 13:31:41 2022 ;; MSG SIZE rcvd: 33
$ drill yahoo.jp
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9065 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; yahoo.jp. IN A
;; ANSWER SECTION: yahoo.jp. 21600 IN A 183.79.102.32 yahoo.jp. 21600 IN A 182.22.2.15
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 572 msec ;; SERVER: 127.0.0.1 ;; WHEN: Thu Apr 21 13:34:34 2022 ;; MSG SIZE rcvd: 58
I use unbound as dot resolver. I receive same result at swiss dot.
dig sukebei.nyaa.si
; <<>> DiG 9.18.1 <<>> sukebei.nyaa.si ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58963 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;sukebei.nyaa.si. IN A
;; Query time: 2455 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Thu Apr 21 21:34:46 JST 2022 ;; MSG SIZE rcvd: 44
Apr 22 02:50:17 unbound[3555:0] info: start of service (unbound 1.15.0).
Apr 22 02:50:19 unbound[3555:0] info: 127.0.0.1 sukebei.nyaa.si. A IN
Apr 22 02:50:19 unbound[3555:0] info: generate keytag query _ta-4f66-5811. NULL IN
Apr 22 02:50:19 unbound[3555:0] info: validation failure
I disabled DNSSEC and It works. Excuse me.
And Much Thanks :)
Question description I can see yahoo.jp's pages with japanese doh, not dot.