Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dns.google is not compatible with "cloudflared" #113

Closed
bigdargon opened this issue Jun 28, 2019 · 17 comments
Closed

dns.google is not compatible with "cloudflared" #113

bigdargon opened this issue Jun 28, 2019 · 17 comments

Comments

@bigdargon
Copy link

@bigdargon bigdargon commented Jun 28, 2019

Hi,
I am using debian and ubuntu operating systems, and I run cloudflared to use dns-over-https.

Previously I used https://dns.google.com/experimental address, everything works normally. But I switched to using a new address according to google's notification, I received an error message:

What do I have to do to fix this problem? Thank you!

@bigdargon
Copy link
Author

@bigdargon bigdargon commented Jul 2, 2019

I created the issue here https://issuetracker.google.com/issues/136198937 and got the answer:

https://dns.google/dns-query is the right endpoint to use.

The problem is that (your version of) cloudflared is apparently still using the MIME type application/dns-udpwireformat rather than application/dns-message for the Content-Type header

From what I can tell, cloudflared is using the CoreDNS modular DNS server to implement its DNS to DoH proxy. The current version of CoreDNS DoH support (https://github.com/coredns/coredns/blob/master/plugin/pkg/doh/doh.go) uses application/dns-message, but the DoH support in CoreDNS was reconfigured and it is possible that cloudflared might need changes to work with the current CoreDNS architecture.

If you have been using the same version of cloudflared for a year or more, you should download a new copy and see if it still has this problem.

If the latest cloudflared still gives a 415 error, you might want to open an issue or request support on the Cloudflare community forum. If you are familiar with compiling Go programs, you could try to build cloudflared yourself and see what version of CoreDNS or the doh plugin it is using.

In the meantime, you can continue to use the https://dns.google.com/experimental endpoint, at least for another few weeks until you get the software issues sorted.

Can Cloudflared update for compatibility?

@rezaxdi
Copy link

@rezaxdi rezaxdi commented Jul 2, 2019

Ok, due to today's cloudlfare outage suddenly I was not able to visit any site because dns was down. I tried to use google dns in cloudflared client and it was not working. So I had to uninstall cloudflared and get back to dnscrypt. I think cloudflared needs to update it's client to be compatible with other DoH servers.

@sssilver
Copy link
Collaborator

@sssilver sssilver commented Jul 10, 2019

We've merged #108, and will release it soon -- does this help resolve the problem?

@ndrwy
Copy link

@ndrwy ndrwy commented Jul 12, 2019

Thanks @sssilver for looking into this, I've done some testing and below are my results:

# cloudflared --version
cloudflared version 2019.7.0 (built 2019-07-11-1656 UTC)
cloudflared[27174]: time="2019-07-11T22:48:42-04:00" level=error msg="failed to connect to an HTTPS backend \"https://dns.google/dns-query\"" error="failed to perform an HTTPS request: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
cloudflared[27316]: time="2019-07-11T22:50:11-04:00" level=error msg="failed to connect to an HTTPS backend \"https://dns.google/resolve\"" error="failed to perform an HTTPS request: Post https://dns.google/resolve: dial tcp: lookup dns.google on 127.0.0.1:53: read udp 127.0.0.1:53349->127.0.0.1:53: i/o timeout"
cloudflared[27256]: time="2019-07-11T22:49:01-04:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.8.8/dns-query\"" error="returned status code 404"

@bigdargon
Copy link
Author

@bigdargon bigdargon commented Jul 14, 2019

Thanks @sssilver but still not working!

@sssilver
Copy link
Collaborator

@sssilver sssilver commented Jul 15, 2019

2019.7.0 is right. Can you confirm that the Content-Type is set to what's expected? If so, then the issue must be something else.

@lawliet89
Copy link

@lawliet89 lawliet89 commented Sep 8, 2019

I am using

pi@raspberrypi:~ $ cloudflared --version
cloudflared version 2019.9.0 (built 2019-09-06-0334 UTC)

When I set run cloudflared with proxy-dns --port 5053 --upstream https://8.8.4.4/dns-query --upstream https://8.8.8.8/dns-query, I get

Sep 08 10:04:21 raspberrypi systemd[1]: Started cloudflared DNS over HTTPS proxy.
Sep 08 10:04:21 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:21+08:00" level=info msg="Adding DNS upstream" url="https://8.8.4.4/dns-query"
Sep 08 10:04:21 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:21+08:00" level=info msg="Starting metrics server" addr="127.0.0.1:33133"
Sep 08 10:04:21 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:21+08:00" level=info msg="Adding DNS upstream" url="https://8.8.8.8/dns-query"
Sep 08 10:04:21 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:21+08:00" level=info msg="Starting DNS over HTTPS proxy server" addr="dns://localhost:5053"
Sep 08 10:04:56 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:56+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.4.4/dns-query\"" error="returned status code 404"
Sep 08 10:04:56 raspberrypi cloudflared[17317]: time="2019-09-08T10:04:56+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.8.8/dns-query\"" error="returned status code 404"
Sep 08 10:05:06 raspberrypi cloudflared[17317]: time="2019-09-08T10:05:06+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.4.4/dns-query\"" error="returned status code 404"
Sep 08 10:05:06 raspberrypi cloudflared[17317]: time="2019-09-08T10:05:06+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.8.8/dns-query\"" error="returned status code 404"
Sep 08 10:05:13 raspberrypi cloudflared[17317]: time="2019-09-08T10:05:13+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.4.4/dns-query\"" error="returned status code 404"
Sep 08 10:05:13 raspberrypi cloudflared[17317]: time="2019-09-08T10:05:13+08:00" level=error msg="failed to connect to an HTTPS backend \"https://8.8.8.8/dns-query\"" error="returned status code 404"

@mnordhoff
Copy link

@mnordhoff mnordhoff commented Sep 8, 2019

@lawliet89

Can you try using "https://dns.google/dns-query"?

I don't see https://8.8.4.4/dns-query or https://8.8.8.8/dns-query listed in Google's documentation.

Edit: Using IP address URLs is kind of in Google's documentation.

@lawliet89
Copy link

@lawliet89 lawliet89 commented Sep 8, 2019

Thanks @mnordhoff It works with https://dns.google/dns-query.

I was just wondering how cloudflared was going to resolve dns.google in the first place so I decided to "play it safe" with the IP address.

@bigdargon
Copy link
Author

@bigdargon bigdargon commented Sep 8, 2019

I confirmed to work with https://dns.google/dns-query in cloudflared version 2019.9.0 (built 2019-09-06-0334 UTC) (not work with https://8.8.8.8/dns-query & https://8.8.4.4/dns-query)

Thanks for the update!

@bigdargon bigdargon closed this Sep 8, 2019
@Tugzrida
Copy link
Contributor

@Tugzrida Tugzrida commented Sep 10, 2019

Just for future reference, this looks like an issue with Google's specific implementation.

Using some of the curl examples here, the IP addresses do not work directly unless the Host: dns.google HTTP header is added. The above-referenced docs mention SNI, but not the Host header.

If someone wants to flag this with Google, then they should be accepting Host: 8.8.8.8 and Host: 8.8.4.4 for queries in addition to Host: dns.google.

@dpanic
Copy link

@dpanic dpanic commented Jan 16, 2020

Hm, again not working with following opts set:

CLOUDFLARED_OPTS=--port 5053 --upstream https://dns.google/dns-query

@bigdargon bigdargon reopened this Jan 16, 2020
@Tugzrida
Copy link
Contributor

@Tugzrida Tugzrida commented Jan 26, 2020

I've raised this with Google: https://issuetracker.google.com/issues/148296114

@m4niacjp
Copy link

@m4niacjp m4niacjp commented Feb 5, 2020

Just tested today, dns.google not working with cloudflared.

@dpanic
Copy link

@dpanic dpanic commented Feb 5, 2020

I see no update from Google guys...

@Tugzrida
Copy link
Contributor

@Tugzrida Tugzrida commented Feb 5, 2020

Yeah, I'm not sure how interested in fixing this Google is. A long term fix and general improvement to cloudflared would be allowing the manual setting of the HTTP Host header, which would fix this problem and allow #107 to be worked around too.

In the meantime, the way to get dns.google working is by setting your upstream to https://dns.google/dns-query. You may still run into problems with this if you've set cloudflared as your only system resolver as there is a bootstrapping paradox. To work around that you need to add 8.8.8.8 dns.google to your hosts file.

@Tugzrida
Copy link
Contributor

@Tugzrida Tugzrida commented Apr 14, 2020

This was fixed by the introduction of bootstrapping in f18209a, which made it into v2020.4.0

dns.google can now be used simply by setting your upstream to https://dns.google/dns-query, no hosts file or other workaround needed.

Think this can be closed now.

@bigdargon bigdargon closed this Apr 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

10 participants