Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DoH not working for Quad9 when system DNS is set to the dnscrypt #644

Closed
alexyangjie opened this issue Nov 17, 2018 · 2 comments
Closed

DoH not working for Quad9 when system DNS is set to the dnscrypt #644

alexyangjie opened this issue Nov 17, 2018 · 2 comments

Comments

@alexyangjie
Copy link

I recently encountered an issue when using DoH for Quad9 server on Asus-Merlin (ASUS-AC68U).

DNSCrypt-proxy version: v2.0.18
Server: ['quad9-doh-ip4-filter-pri','quad9-doh-ip4-filter-alt']

When using the dnscrypt version ('quad9-dnscrypt-ip4-filter-pri'), it worked without any issue. When I switch the config to the doh version and restart the client manually, it also worked and could resolve domains with no issue.

However, once I restart the router and let the service start itself, it no longer works.

Logs:
[2018-05-05 05:05:35] [NOTICE] Source [public-resolvers.md] loaded
[2018-05-05 05:05:37] [NOTICE] dnscrypt-proxy 2.0.18
[2018-05-05 05:05:37] [NOTICE] Loading the set of cloaking rules from [/opt/etc/cloaking-rules.txt]
[2018-05-05 05:05:37] [NOTICE] Now listening to 0.0.0.0:60053 [UDP]
[2018-05-05 05:05:37] [NOTICE] Now listening to 0.0.0.0:60053 [TCP]
[2018-05-05 05:05:47] [ERROR] Get https://dns9.quad9.net:443/dns-query?ct=&dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA&random_padding=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[2018-05-05 05:05:47] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
@alexyangjie alexyangjie changed the title Strange issue when using DoH for Quad9 on Asus-Merlin DoH not working for Quad9 when system DNS is set to the dnscrypt Nov 18, 2018
@alexyangjie
Copy link
Author

The same issue happens on the Macos as well for the dnscrypt-proxy package. When system DNS is set to 127.0.0.1, the DoH will not work.

I think the reason is that dnscrypt-proxy cannot resolve the ip address of dns9.quad9.net during the initialization. It always looks for system dns to resolve that domain, even when the 'ignore_system_dns' is set to true. I tried to add an entry into the hosts file, and it worked fine.

However, I can't use this method in the Asus router, as the hosts file are system generated.

Is there any way to let dnscrypt-proxy to follow the 'ignore_system_dns' directive, and resolve the ip of the dns servers using the fallback resolver?

Thanks.

@alexyangjie
Copy link
Author

I've got a workaround by using the ip address as the hostname and calculate a new stamp. Hope this helps others with the same issue.

  [static.'quad9-pri']
  stamp = 'sdns://AgcAAAAAAAAABzkuOS45LjkACzkuOS45Ljk6NDQzCi9kbnMtcXVlcnk'

  [static.'quad9-alt']
  stamp = 'sdns://AgcAAAAAAAAADTE0OS4xMTIuMTEyLjkAETE0OS4xMTIuMTEyLjk6NDQzCi9kbnMtcXVlcnk'

@DNSCrypt DNSCrypt locked and limited conversation to collaborators Dec 19, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexyangjie