New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

name resolution fails with --doh-url #3325

Closed
dtmsecurity opened this Issue Nov 29, 2018 · 6 comments

Comments

Projects
None yet
2 participants
@dtmsecurity

dtmsecurity commented Nov 29, 2018

I did this

I have tried the 7.62 release and compiling from git on Ubuntu 16.04 LTS and also tried the 7.62 release on OS X via brew and I can't seem to make DoH resolution work via the command line argument --doh-url.

$ /usr/local/opt/curl/bin/curl --version
curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1 http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'

I get the above regardless of what I try and I've tried other DoH providers than Cloudflare and different URIs i.e. with/without /dns-query.

I expected the following

DoH to successfully resolve, this to work as described here:
https://daniel.haxx.se/blog/2018/09/06/doh-in-curl/

curl/libcurl version

curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31

and

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.0.2g zlib/1.2.8
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy ```

### operating system

OS X and Ubuntu 16.04.5 LTS (Xenial Xerus)

@bagder bagder added the name lookup label Nov 29, 2018

@bagder bagder changed the title from Struggling with DoH resolution when using --doh-url to name resolution fails with --doh-url Nov 30, 2018

@bagder

This comment has been minimized.

Member

bagder commented Nov 30, 2018

I use this command line in my attempts to reproduce your problem:

curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/

This works fine with my curl from stock debian unstable:

curl 7.62.0 (x86_64-pc-linux-gnu) libcurl/7.62.0 OpenSSL/1.1.1a zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.34.0 librtmp/2.3
Release-Date: 2018-10-31

With my current build from git master on debian Linux:

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.1a zlib/1.2.11 brotli/1.0.7 c-ares/1.14.0 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.1_DEV nghttp2/1.35.0-DEV librtmp/2.3
Release-Date: [unreleased]

With my current build from git master on mac:

curl 7.63.0-DEV (x86_64-apple-darwin17.7.0) libcurl/7.63.0-DEV SecureTransport zlib/1.2.11 nghttp2/1.32.0
Release-Date: [unreleased]

Puzzling!

@dtmsecurity

This comment has been minimized.

dtmsecurity commented Nov 30, 2018

I think this could be related Issue #3064 - all of your version strings have nghttp2?

@dtmsecurity

This comment has been minimized.

dtmsecurity commented Nov 30, 2018

Just confirmed this - on Ubuntu if I install nghttp2 lib:

apt install libnghttp2-dev

Then recompile it works:

root@blacksmith:~/curl# ./src/curl --version
curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.0g zlib/1.2.11 **nghttp2/1.30.0**
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy 
@bagder

This comment has been minimized.

Member

bagder commented Dec 3, 2018

I don't understand. Are you saying that DoH doesn't work for you if you build curl without HTTP/2 support?

@dtmsecurity

This comment has been minimized.

dtmsecurity commented Dec 3, 2018

Yes, without nghttp2 it did not work. I build it with nghttp2 and it does. That's the only thing I did differently.

@bagder

This comment has been minimized.

Member

bagder commented Dec 3, 2018

Aaah yes, we only support DoH over HTTP/2 for now. I didn't bother to make it use in HTTP/2-disabled builds... but I figure I can. I'll put a PR up.

bagder added a commit that referenced this issue Dec 3, 2018

doh: make it work for h2-disabled builds too
Reported-by: dtmsecurity at github
Fixes #3325

@bagder bagder closed this in 027d66e Dec 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment