Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

name resolution fails with --doh-url #3325

Closed
dtmsecurity opened this issue Nov 29, 2018 · 6 comments
Closed

name resolution fails with --doh-url #3325

dtmsecurity opened this issue Nov 29, 2018 · 6 comments
Labels
name lookup DNS and related tech

Comments

@dtmsecurity
Copy link

dtmsecurity commented Nov 29, 2018

I did this

I have tried the 7.62 release and compiling from git on Ubuntu 16.04 LTS and also tried the 7.62 release on OS X via brew and I can't seem to make DoH resolution work via the command line argument --doh-url.

$ /usr/local/opt/curl/bin/curl --version
curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1 http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'

I get the above regardless of what I try and I've tried other DoH providers than Cloudflare and different URIs i.e. with/without /dns-query.

I expected the following

DoH to successfully resolve, this to work as described here:
https://daniel.haxx.se/blog/2018/09/06/doh-in-curl/

curl/libcurl version

curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31

and

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.0.2g zlib/1.2.8
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy ```

### operating system

OS X and Ubuntu 16.04.5 LTS (Xenial Xerus)
@bagder bagder added the name lookup DNS and related tech label Nov 29, 2018
@bagder bagder changed the title Struggling with DoH resolution when using --doh-url name resolution fails with --doh-url Nov 30, 2018
@bagder
Copy link
Member

bagder commented Nov 30, 2018

I use this command line in my attempts to reproduce your problem:

curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/

This works fine with my curl from stock debian unstable:

curl 7.62.0 (x86_64-pc-linux-gnu) libcurl/7.62.0 OpenSSL/1.1.1a zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.34.0 librtmp/2.3
Release-Date: 2018-10-31

With my current build from git master on debian Linux:

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.1a zlib/1.2.11 brotli/1.0.7 c-ares/1.14.0 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.1_DEV nghttp2/1.35.0-DEV librtmp/2.3
Release-Date: [unreleased]

With my current build from git master on mac:

curl 7.63.0-DEV (x86_64-apple-darwin17.7.0) libcurl/7.63.0-DEV SecureTransport zlib/1.2.11 nghttp2/1.32.0
Release-Date: [unreleased]

Puzzling!

@dtmsecurity
Copy link
Author

I think this could be related Issue #3064 - all of your version strings have nghttp2?

@dtmsecurity
Copy link
Author

Just confirmed this - on Ubuntu if I install nghttp2 lib:

apt install libnghttp2-dev

Then recompile it works:

root@blacksmith:~/curl# ./src/curl --version
curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.0g zlib/1.2.11 **nghttp2/1.30.0**
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy 

@bagder
Copy link
Member

bagder commented Dec 3, 2018

I don't understand. Are you saying that DoH doesn't work for you if you build curl without HTTP/2 support?

@dtmsecurity
Copy link
Author

Yes, without nghttp2 it did not work. I build it with nghttp2 and it does. That's the only thing I did differently.

@bagder
Copy link
Member

bagder commented Dec 3, 2018

Aaah yes, we only support DoH over HTTP/2 for now. I didn't bother to make it use in HTTP/2-disabled builds... but I figure I can. I'll put a PR up.

bagder added a commit that referenced this issue Dec 3, 2018
Reported-by: dtmsecurity at github
Fixes #3325
@bagder bagder closed this as completed in 027d66e Dec 5, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Mar 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
name lookup DNS and related tech
Development

No branches or pull requests

2 participants