search

zoonderkins / blahdns

A small hobby ads block dns project with doh, dot, dnscrypt support.
https://blahdns.com
GNU Affero General Public License v3.0
431 stars 25 forks source link

🤗It seems dot doesn't response different query . #249

Closed yutayu closed 2 years ago

yutayu commented 2 years ago

Question description I can see yahoo.jp's pages with japanese doh, not dot.

zoonderkins commented 2 years ago

You mean you couldn't get a response from Japan Dot? But DoH can?

zoonderkins commented 2 years ago

DoT dot-jp.blahdns.com

kdig yahoo.jp @dot-jp.blahdns.com +tls
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 41085
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR
;; PADDING: 379 B

;; QUESTION SECTION:
;; yahoo.jp.                IN  A

;; ANSWER SECTION:
yahoo.jp.               105 IN  A   183.79.102.32
yahoo.jp.               105 IN  A   182.22.2.15

;; Received 468 B
;; Time 2022-04-19 10:02:45 UTC
;; From 2400:8902::f03c:92ff:fe27:344b@853(TCP) in 0.5 ms

DoH doh-jp.blahdns.com


{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"yahoo.jp.","type":1}],"Answer":[{"name":"yahoo.jp.","type":1,"TTL":293,"Expires":"Tue, 19 Apr 2022 10:09:34 UTC","data":"182.22.2.15"},{"name":"yahoo.jp.","type":1,"TTL":293,"Expires":"Tue, 19 Apr 2022 10:09:34 UTC","data":"183.79.102.32"}]}

curl yahoo.jp site with DoH



curl -L --doh-url https://doh-jp.blahdns.com/dns-query https://yahoo.jp

<!DOCTYPE html><html lang="ja"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/><title>Yahoo! JAPAN</title><meta name="description" content="あなたの毎日をアップデートする情報ポータル。検索、ニュース、天気、スポーツ、メール、ショッピング、オークションなど便利なサービスを展開しています。"/>```
yutayu commented 2 years ago

You mean you couldn't get a response from Japan Dot? But DoH can?

yes exactlly. I clicked links and redirected pages "rd.xxx" doesn't show.

yutayu commented 2 years ago

and Please drill sukebei.nyaa.si dot and doh.

zoonderkins commented 2 years ago

Hi,it seems like still work on my computer, please check it again.

kdig sukebei.nyaa.si +tls @dot-jp.blahdns.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 36867
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR
;; PADDING: 389 B

;; QUESTION SECTION:
;; sukebei.nyaa.si.         IN  A

;; ANSWER SECTION:
sukebei.nyaa.si.        3595    IN  A   198.251.89.38
yutayu commented 2 years ago

$ drill sukebei.nyaa.si ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 60706 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; sukebei.nyaa.si. IN A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec ;; SERVER: 127.0.0.1 ;; WHEN: Thu Apr 21 13:31:41 2022 ;; MSG SIZE rcvd: 33

yutayu commented 2 years ago

$ drill yahoo.jp

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9065 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; yahoo.jp. IN A

;; ANSWER SECTION: yahoo.jp. 21600 IN A 183.79.102.32 yahoo.jp. 21600 IN A 182.22.2.15

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 572 msec ;; SERVER: 127.0.0.1 ;; WHEN: Thu Apr 21 13:34:34 2022 ;; MSG SIZE rcvd: 58

yutayu commented 2 years ago

I use unbound as dot resolver. I receive same result at swiss dot.

yutayu commented 2 years ago

dig sukebei.nyaa.si

; <<>> DiG 9.18.1 <<>> sukebei.nyaa.si ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58963 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;sukebei.nyaa.si. IN A

;; Query time: 2455 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Thu Apr 21 21:34:46 JST 2022 ;; MSG SIZE rcvd: 44

yutayu commented 2 years ago

Apr 22 02:50:17 unbound[3555:0] info: start of service (unbound 1.15.0). Apr 22 02:50:19 unbound[3555:0] info: 127.0.0.1 sukebei.nyaa.si. A IN Apr 22 02:50:19 unbound[3555:0] info: generate keytag query _ta-4f66-5811. NULL IN Apr 22 02:50:19 unbound[3555:0] info: validation failure : no signatures from 139.162.112.47 for key si. while building chain of trust Apr 22 02:50:19 unbound[3555:0] info: 127.0.0.1 sukebei.nyaa.si. A IN SERVFAIL 0.413252 0 33

yutayu commented 2 years ago

I disabled DNSSEC and It works. Excuse me.

yutayu commented 2 years ago

And Much Thanks :)