Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doh.mullvad.net doesn't seem to work #123

Closed
stangri opened this issue Jul 15, 2021 · 5 comments
Closed

doh.mullvad.net doesn't seem to work #123

stangri opened this issue Jul 15, 2021 · 5 comments

Comments

@stangri
Copy link
Contributor

stangri commented Jul 15, 2021

I'm wondering if @baranyaib90 and @aarond10 have any insight into this:

~ # /usr/sbin/https-dns-proxy -r https://doh.mullvad.net/dns-query -a 127.0.0.1 -p 5055 -b 8.8.8.8,1.1.1.1 -u nobody -g nogroup -4 -x -vvvvvvv
[I] 1626385338.986755 main.c:207 Built Jun 15 2021 11:16:10.
[I] 1626385338.986791 main.c:208 System c-ares: 1.17.1
[I] 1626385338.986849 main.c:209 System libcurl: libcurl/7.77.0 wolfSSL/4.7.0
[I] 1626385338.987217 dns_server.c:50 Listening on 127.0.0.1:5055
[D] 1626385338.987264 logging.c:39 starting periodic log flush timer
[D] 1626385338.987457 dns_poller.c:177 Nameservers count: 2
[I] 1626385338.987478 main.c:272 DNS polling initialized for 'doh.mullvad.net'
[D] 1626385338.987508 dns_poller.c:113 Starting DNS query
[D] 1626385338.987593 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385338.987723 dns_poller.c:125 DNS poll interval changed to: 0.699
[D] 1626385339.051165 main.c:173 Received new DNS server IP '193.19.108.2,194.242.2.2'
[D] 1626385339.051334 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385339.051373 dns_poller.c:31 Released used io event: 0x40bf60
[D] 1626385342.749818 main.c:101 Received request for id: 0f21, len: 27
[D] 1626385342.749893 https_client.c:111 Requesting HTTP/1.1: 1

[D] 1626385342.750076 https_client.c:55 curl opened socket: 8
[D] 1626385342.750246 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385342.750282 main.c:101 Received request for id: 19ff, len: 27
[D] 1626385342.750320 https_client.c:111 Requesting HTTP/1.1: 1

[D] 1626385342.750477 https_client.c:55 curl opened socket: 9
[D] 1626385342.750630 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385342.907573 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385342.907608 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385342.923797 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385342.923834 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27

* Received HTTP/0.9 when not allowed
[D] 1626385343.210306 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385343.210339 https_client.c:87 curl closed socket: 8
[E] 1626385343.210372 https_client.c:205 No response
[D] 1626385343.210391 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385343.210404 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385343.210416 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385343.210429 https_client.c:321 Times: 0.000070, 0.141341, 0.459944, 0.460094, 0.460117, 0.460160
[I] 1626385343.210455 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385343.210470 main.c:81 buflen 0

> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27

* Received HTTP/0.9 when not allowed
[D] 1626385343.227416 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385343.227448 https_client.c:87 curl closed socket: 9
[E] 1626385343.227476 https_client.c:205 No response
[D] 1626385343.227490 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385343.227503 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385343.227515 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385343.227532 https_client.c:321 Times: 0.000058, 0.157255, 0.476638, 0.476782, 0.476802, 0.476851
[I] 1626385343.227562 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385343.227575 main.c:81 buflen 0

[D] 1626385345.252210 main.c:101 Received request for id: 0f21, len: 27
[D] 1626385345.252255 https_client.c:111 Requesting HTTP/1.1: 1

[D] 1626385345.252438 https_client.c:55 curl opened socket: 10
[D] 1626385345.252635 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385345.252672 main.c:101 Received request for id: 19ff, len: 27
[D] 1626385345.252695 https_client.c:111 Requesting HTTP/1.1: 1

[D] 1626385345.252831 https_client.c:55 curl opened socket: 11
[D] 1626385345.252967 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385345.409672 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385345.409705 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385345.425524 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385345.425556 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27

* Received HTTP/0.9 when not allowed
[D] 1626385345.712343 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385345.712375 https_client.c:87 curl closed socket: 11
[E] 1626385345.712402 https_client.c:205 No response
[D] 1626385345.712421 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385345.712438 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385345.712451 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385345.712463 https_client.c:321 Times: 0.000056, 0.141417, 0.459229, 0.459375, 0.459397, 0.459423
[I] 1626385345.712489 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385345.712501 main.c:81 buflen 0

> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27

* Received HTTP/0.9 when not allowed
[D] 1626385345.729734 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385345.729766 https_client.c:87 curl closed socket: 10
[E] 1626385345.729794 https_client.c:205 No response
[D] 1626385345.729809 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385345.729821 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385345.729834 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385345.729847 https_client.c:321 Times: 0.000070, 0.157410, 0.477005, 0.477156, 0.477182, 0.477225
[I] 1626385345.729877 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385345.729890 main.c:81 buflen 0

[D] 1626385459.051435 dns_poller.c:113 Starting DNS query
[D] 1626385459.051570 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385459.051679 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626385459.062644 main.c:166 DNS server IP address unchanged (193.19.108.2,194.242.2.2).
[D] 1626385459.062668 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385459.062690 dns_poller.c:31 Released used io event: 0x40bf60
[D] 1626385579.063453 dns_poller.c:113 Starting DNS query
[D] 1626385579.063582 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385579.063689 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626385579.205699 main.c:166 DNS server IP address unchanged (193.19.108.2,194.242.2.2).
[D] 1626385579.205730 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385579.205754 dns_poller.c:31 Released used io event: 0x40bf60

According to the instructions they provide, their DoH server works with Firefox and Android native resolution, howcome the https_dns_proxy rejects their reply?
@stangri stangri mentioned this issue Jul 16, 2021
Closed
@baranyaib90
Copy link
Contributor

Hi,
I have checked with HTTP/2 and it is working fine.
But with "-x" option (HTTP/1.1) it does not.
Only the curl error message is different for me: * Empty reply from server
So for me it seems like, they only support HTTP/2 protocol or something else is wrong.
I suggest to contact mullvad support in this case.
For now it does not seems like this proxys fault.
My logs:

[I] 1626420703.803850 main.c:217 Version 2021.07.02-6908457
[I] 1626420703.803981 main.c:218 Built Jul  4 2021 15:17:16.
[I] 1626420703.804017 main.c:219 System c-ares: 1.14.0
[I] 1626420703.804222 main.c:220 System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
[I] 1626420703.807359 dns_server.c:50 Listening on 127.0.0.1:5553
[D] 1626420703.807428 logging.c:39 starting periodic log flush timer
[D] 1626420703.807918 dns_poller.c:177 Nameservers count: 1
[I] 1626420703.807965 main.c:283 DNS polling initialized for 'doh.mullvad.net'
[D] 1626420703.809091 dns_poller.c:113 Starting DNS query
[D] 1626420703.809240 dns_poller.c:41 Reserved new io event: 0x1a2d218
[D] 1626420703.809326 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626420704.509253 dns_poller.c:110 Processing DNS queries
[D] 1626420704.509390 dns_poller.c:125 DNS poll interval changed to: 1.311
[D] 1626420704.534989 main.c:183 Received new DNS server IP '193.19.108.2,194.242.2.2'
[D] 1626420704.535143 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626420704.535196 dns_poller.c:31 Released used io event: 0x1a2d218

[D] 1626420709.849735 main.c:111 Received request for id: 381C, len: 51
[D] 1626420709.849829 https_client.c:211 381C: Requesting HTTP/1.1: 0
[D] 1626420709.851048 https_client.c:185 381C: * Added doh.mullvad.net:443:193.19.108.2,194.242.2.2 to DNS cache
[D] 1626420709.851209 https_client.c:185 381C: * Hostname doh.mullvad.net was found in DNS cache
[D] 1626420709.851275 https_client.c:65 curl opened socket: 6
[D] 1626420709.851322 https_client.c:185 381C: *   Trying 193.19.108.2...
[D] 1626420709.851350 https_client.c:185 381C: * TCP_NODELAY set
[D] 1626420709.851527 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.888917 https_client.c:185 381C: * Connected to doh.mullvad.net (193.19.108.2) port 443 (#0)
[D] 1626420709.891659 https_client.c:185 381C: * ALPN, offering h2
[D] 1626420709.891699 https_client.c:185 381C: * ALPN, offering http/1.1
[D] 1626420709.891775 https_client.c:185 381C: * successfully set certificate verify locations:
[D] 1626420709.892104 https_client.c:185 381C: *   CAfile: none
[D] 1626420709.892172 https_client.c:185 381C: *   CApath: /etc/ssl/certs
[D] 1626420709.892945 https_client.c:185 381C: * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[D] 1626420709.893122 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.893181 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.932538 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Server hello (2):
[D] 1626420709.933740 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[D] 1626420709.938102 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Certificate (11):
[D] 1626420709.941079 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[D] 1626420709.941853 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Finished (20):
[D] 1626420709.942151 https_client.c:185 381C: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[D] 1626420709.942421 https_client.c:185 381C: * TLSv1.3 (OUT), TLS handshake, Finished (20):
[D] 1626420709.942748 https_client.c:185 381C: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
[D] 1626420709.942835 https_client.c:185 381C: * ALPN, server accepted to use h2
[D] 1626420709.942940 https_client.c:185 381C: * Server certificate:
[D] 1626420709.943049 https_client.c:185 381C: *  subject: OU=Domain Control Validated; CN=doh.mullvad.net
[D] 1626420709.943138 https_client.c:185 381C: *  start date: Jan 11 06:24:17 2021 GMT
[D] 1626420709.943217 https_client.c:185 381C: *  expire date: Jan 11 06:24:17 2022 GMT
[D] 1626420709.943321 https_client.c:185 381C: *  subjectAltName: host "doh.mullvad.net" matched cert's "doh.mullvad.net"
[D] 1626420709.943460 https_client.c:185 381C: *  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
[D] 1626420709.943535 https_client.c:185 381C: *  SSL certificate verify ok.
[D] 1626420709.943722 https_client.c:185 381C: * Using HTTP2, server supports multi-use
[D] 1626420709.943801 https_client.c:185 381C: * Connection state changed (HTTP/2 confirmed)
[D] 1626420709.943881 https_client.c:185 381C: * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
[D] 1626420709.944256 https_client.c:185 381C: * Using Stream ID: 1 (easy handle 0x1a3fcd0)
[D] 1626420709.944487 https_client.c:185 381C: > POST /dns-query HTTP/2
[D] 1626420709.944571 https_client.c:185 381C: > Host: doh.mullvad.net
[D] 1626420709.944636 https_client.c:185 381C: > User-Agent: dns-to-https-proxy/0.2
[D] 1626420709.944699 https_client.c:185 381C: > Accept: application/dns-message
[D] 1626420709.944762 https_client.c:185 381C: > Content-Type: application/dns-message
[D] 1626420709.944826 https_client.c:185 381C: > Content-Length: 51
[D] 1626420709.944953 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.945025 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.945342 https_client.c:185 381C: * We are completely uploaded and fine
[D] 1626420709.945452 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.945517 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.977753 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420709.978063 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420709.978203 https_client.c:185 381C: * old SSL session ID is stale, removing
[D] 1626420709.978836 https_client.c:185 381C: * Connection state changed (MAX_CONCURRENT_STREAMS == 400)!
[D] 1626420709.994423 https_client.c:185 381C: < HTTP/2 200
[D] 1626420709.994540 https_client.c:185 381C: < content-type: application/dns-message
[D] 1626420709.994615 https_client.c:185 381C: < content-length: 55
[D] 1626420709.994910 https_client.c:185 381C: * Connection #0 to host doh.mullvad.net left intact
[D] 1626420709.995025 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.995116 https_client.c:341 381C: CURLINFO_NUM_CONNECTS: 1
[D] 1626420709.995183 https_client.c:353 381C: CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626420709.995247 https_client.c:367 381C: CURLINFO_HTTP_VERSION: 2
[D] 1626420709.995313 https_client.c:402 381C: Times: 0.000152, 0.037803, 0.092513, 0.093805, 0.094046, 0.143767
[D] 1626420709.995399 main.c:82 Received response for id: 381C, len: 55

^C[I] 1626420711.352110 main.c:70 Shutting down gracefully. To force exit, send signal again.
[D] 1626420711.352170 main.c:291 loop breaked
[D] 1626420711.352270 main.c:304 re-entering loop
[D] 1626420711.352311 main.c:306 loop finished all events
[D] 1626420711.353028 https_client.c:98 curl closed socket: 6
[D] 1626420711.353267 main.c:313 loop destroyed

$ ./https_dns_proxy -b 1.1.1.1 -p 5553 -4 -r https://doh.mullvad.net/dns-query -v -v -v -x
[I] 1626420714.943437 main.c:217 Version 2021.07.02-6908457
[I] 1626420714.943551 main.c:218 Built Jul  4 2021 15:17:16.
[I] 1626420714.943588 main.c:219 System c-ares: 1.14.0
[I] 1626420714.943806 main.c:220 System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
[I] 1626420714.946886 dns_server.c:50 Listening on 127.0.0.1:5553
[D] 1626420714.946962 logging.c:39 starting periodic log flush timer
[D] 1626420714.947478 dns_poller.c:177 Nameservers count: 1
[I] 1626420714.947526 main.c:283 DNS polling initialized for 'doh.mullvad.net'
[D] 1626420714.948655 dns_poller.c:113 Starting DNS query
[D] 1626420714.948817 dns_poller.c:41 Reserved new io event: 0x8cf218
[D] 1626420714.948924 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626420714.957812 main.c:183 Received new DNS server IP '194.242.2.2,193.19.108.2'
[D] 1626420714.957939 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626420714.957995 dns_poller.c:31 Released used io event: 0x8cf218

[D] 1626420719.366972 main.c:111 Received request for id: B443, len: 51
[D] 1626420719.367088 https_client.c:211 B443: Requesting HTTP/1.1: 1
[D] 1626420719.368321 https_client.c:185 B443: * Added doh.mullvad.net:443:194.242.2.2,193.19.108.2 to DNS cache
[D] 1626420719.368495 https_client.c:185 B443: * Hostname doh.mullvad.net was found in DNS cache
[D] 1626420719.368561 https_client.c:65 curl opened socket: 6
[D] 1626420719.368609 https_client.c:185 B443: *   Trying 194.242.2.2...
[D] 1626420719.368640 https_client.c:185 B443: * TCP_NODELAY set
[D] 1626420719.368872 https_client.c:519 Reserved new io event: 0xbea42358
[D] 1626420719.419565 https_client.c:185 B443: * Connected to doh.mullvad.net (194.242.2.2) port 443 (#0)
[D] 1626420719.421498 https_client.c:185 B443: * ALPN, offering http/1.1
[D] 1626420719.421533 https_client.c:185 B443: * successfully set certificate verify locations:
[D] 1626420719.421550 https_client.c:185 B443: *   CAfile: none
[D] 1626420719.421585 https_client.c:185 B443: *   CApath: /etc/ssl/certs
[D] 1626420719.422124 https_client.c:185 B443: * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[D] 1626420719.422230 https_client.c:509 Released used io event: 0xbea42358
[D] 1626420719.422247 https_client.c:519 Reserved new io event: 0xbea42358
[D] 1626420719.462130 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Server hello (2):
[D] 1626420719.462893 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[D] 1626420719.465708 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Certificate (11):
[D] 1626420719.467403 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[D] 1626420719.467784 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Finished (20):
[D] 1626420719.467905 https_client.c:185 B443: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[D] 1626420719.468011 https_client.c:185 B443: * TLSv1.3 (OUT), TLS handshake, Finished (20):
[D] 1626420719.468154 https_client.c:185 B443: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
[D] 1626420719.468173 https_client.c:185 B443: * ALPN, server accepted to use http/1.1
[D] 1626420719.468206 https_client.c:185 B443: * Server certificate:
[D] 1626420719.468239 https_client.c:185 B443: *  subject: OU=Domain Control Validated; CN=doh.mullvad.net
[D] 1626420719.468264 https_client.c:185 B443: *  start date: Jan 11 06:24:17 2021 GMT
[D] 1626420719.468282 https_client.c:185 B443: *  expire date: Jan 11 06:24:17 2022 GMT
[D] 1626420719.468314 https_client.c:185 B443: *  subjectAltName: host "doh.mullvad.net" matched cert's "doh.mullvad.net"
[D] 1626420719.468363 https_client.c:185 B443: *  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
[D] 1626420719.468380 https_client.c:185 B443: *  SSL certificate verify ok.
[D] 1626420719.468489 https_client.c:185 B443: > POST /dns-query HTTP/1.1
[D] 1626420719.468506 https_client.c:185 B443: > Host: doh.mullvad.net
[D] 1626420719.468518 https_client.c:185 B443: > User-Agent: dns-to-https-proxy/0.2
[D] 1626420719.468529 https_client.c:185 B443: > Accept: application/dns-message
[D] 1626420719.468543 https_client.c:185 B443: > Content-Type: application/dns-message
[D] 1626420719.468556 https_client.c:185 B443: > Content-Length: 51
[D] 1626420719.468582 https_client.c:185 B443: * upload completely sent off: 51 out of 51 bytes
[D] 1626420719.516311 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420719.516469 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420719.516518 https_client.c:185 B443: * old SSL session ID is stale, removing
[D] 1626420719.517589 https_client.c:185 B443: * TLSv1.3 (IN), TLS alert, close notify (256):
[D] 1626420719.517628 https_client.c:185 B443: * Empty reply from server
[D] 1626420719.517651 https_client.c:185 B443: * Connection #0 to host doh.mullvad.net left intact
[D] 1626420719.517670 https_client.c:509 Released used io event: 0xbea42358
[W] 1626420719.517700 https_client.c:286 B443: No response (probably connection has been closed or timed out)
[D] 1626420719.517716 https_client.c:341 B443: CURLINFO_NUM_CONNECTS: 1
[D] 1626420719.517730 https_client.c:353 B443: CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626420719.517744 https_client.c:370 B443: CURLINFO_HTTP_VERSION: 0
[D] 1626420719.517758 https_client.c:402 B443: Times: 0.000146, 0.051165, 0.100016, 0.100219, 0.149234, 0.149268
[I] 1626420719.517784 https_client.c:420 B443: Response was faulty, skipping DNS reply.
[D] 1626420719.517799 main.c:82 Received response for id: B443, len: 0

^C[I] 1626420724.127346 main.c:70 Shutting down gracefully. To force exit, send signal again.
[D] 1626420724.127415 main.c:291 loop breaked
[D] 1626420724.127585 main.c:304 re-entering loop
[D] 1626420724.127631 main.c:306 loop finished all events
[D] 1626420724.128332 https_client.c:98 curl closed socket: 6
[D] 1626420724.128564 main.c:313 loop destroyed```

@baranyaib90
Copy link
Contributor

Also simple curl request shows the same sympthom:

  1. HTTP/1.1: no reply at all
  2. HTTP/2: at least 400 Bad request was sent back
$ curl -v --http1.1  https://doh.mullvad.net/dns-query
...
* Empty reply from server
* Connection #0 to host doh.mullvad.net left intact
curl: (52) Empty reply from server

$ curl -v --http2  https://doh.mullvad.net/dns-query
...
* Connection state changed (MAX_CONCURRENT_STREAMS == 400)!
< HTTP/2 400
<
* Connection #0 to host doh.mullvad.net left intact
Bad Request

@x4e
Copy link

x4e commented Jul 16, 2021
edited

I got a reply from Mullvad support about this:

Hi,

This is how unbound (the DNS software) works.

https://blog.nlnetlabs.nl/dns-over-https-in-unbound/

"The DoH implementation in Unbound requires TLS, and only works over
HTTP/2. The query pipelining and out-of-order processing functionality
that is provided by HTTP/2 streams is needed to be able to provide
performance that is on par with DoT. The HTTP/2 capability is negotiated using Application-Layer Protocol Negotiation (ALPN) TLS extension, which is supported in OpenSSL from version 1.0.2 onward."

Regards
/Eric

Unfortunately it seems they require HTTP/2.

@baranyaib90
Copy link
Contributor

baranyaib90 commented Jul 16, 2021
edited

Yes, and sadly that is mostly not supported by OpenWRT libcurl: System libcurl: libcurl/7.77.0 wolfSSL/4.7.0
(But in my Raspberry PI it was (nghttp2 present): System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3)

@aarond10 I think this issue can be closed from our side.

@stangri stangri closed this as completed Jul 16, 2021
@baranyaib90
Copy link
Contributor

@x4e actually it's funny, that in the logs above I see: ALPN, server accepted to use http/1.1
And it's actually not working. You could report that to the support, that only http/2 should be accepted.

@baranyaib90 baranyaib90 mentioned this issue Jul 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stangri @baranyaib90 @x4e