server tls or https to nextdns..

[bcookatpcsd]

I cannot seem to get tls or https working to nextdns.

egrep -v \#\|^\$ local.conf
bind :5311
bind-tcp :5311
ca-file /etc/ssl/certs/ca-bundle.trust.crt
ca-path /etc/ssl/certs
cache-size 16384
cache-persist no
speed-check-mode none
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 9600
log-level debug
server 45.90.28.0 -bootstrap-dns -exclude-default-group
server-tls 45.90.28.0 -host-name: dns.nextdns.io -tls-host-verify: dns.nextdns.io
server-tls 45.90.30.0 -host-name: dns.nextdns.io -tls-host-verify: dns.nextdns.io

1679311995:INFO: Smart-DNS 🐋 0.4.1 starting
1679311995:INFO: whoami 👉 alma-vltr
1679311995:INFO: upstream server: udp://45.90.28.0 [Group: bootstrap-dns]
1679311995:INFO: upstream server: udp://dns.nextdns.io [Group: default]
1679311995:INFO: upstream server: udp://dns.nextdns.io [Group: default]
1679311995:WARN:smartdns::dns_client:101: bootstrap-dns must use ip addess, Domain("45.90.28.0")
1679311995:WARN:smartdns::dns_client:120: not bootstrap-dns found, use system_conf instead.
1679311995:DEBUG:smartdns::dns_client:179: create name server [Group: bootstrap-dns], servers 1
1679311995:DEBUG:smartdns::dns_client:179: create name server [Group: Default], servers 1
1679311995:DEBUG:smartdns:271: binding UDP to 0.0.0.0:5311
1679311995:INFO: listening for UDP on 0.0.0.0:5311
1679311995:DEBUG:smartdns:293: binding TCP to 0.0.0.0:5311
1679311995:INFO: listening for TCP on 0.0.0.0:5311
1679311995:INFO:
1679311995:INFO:      _____                      _       _____  _   _  _____
1679311995:INFO:     / ____|                    | |     |  __ \| \ | |/ ____|
1679311995:INFO:    | (___  _ __ ___   __ _ _ __| |_    | |  | |  \| | (___
1679311995:INFO:     \___ \| '_ ` _ \ / _` | '__| __|   | |  | | . ` |\___ \
1679311995:INFO:     ____) | | | | | | (_| | |  | |_    | |__| | |\  |____) |
1679311995:INFO:    |_____/|_| |_| |_|\__,_|_|   \__|   |_____/|_| \_|_____/
1679311995:INFO:
1679311995:INFO: awaiting connections...
1679311995:INFO: server starting up
1679312007:DEBUG:smartdns::dns_server:131: query received: 53443 name: www.amazon.com. type: A class: IN A client: 127.0.0.1:25165
1679312007:DEBUG:smartdns::dns_client:373: initialize name server [Group: Default]
1679312007:DEBUG:smartdns::dns_client::bootstrap:1170: lookup nameserver dns.nextdns.io A, [45.11.106.155, 188.172.219.167]
1679312007:DEBUG:smartdns::dns_mw_ns:99: query name: www.amazon.com. type: A via [Group: default]
1679312012:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: request timed out

 drill dns.nextdns.io -p 5311 @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 4811
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; dns.nextdns.io.      IN      A

;; ANSWER SECTION:
dns.nextdns.io. 1388    IN      CNAME   steering.nextdns.io.
steering.nextdns.io.    1388    IN      A       45.11.106.155
steering.nextdns.io.    1388    IN      A       188.172.219.167

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 1 msec
;; SERVER: 127.0.0.1
;; WHEN: Mon Mar 20 07:39:21 2023
;; MSG SIZE  rcvd: 97

1679312398:DEBUG:smartdns::dns_server:131: query received: 25431 name: www.google.com. type: A class: IN A client: 127.0.0.1:17855
1679312398:DEBUG:smartdns::dns_mw_ns:99: query name: www.google.com. type: A via [Group: default]
1679312403:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: request timed out
1679312403:DEBUG:smartdns::dns_server:131: query received: 25431 name: www.google.com. type: A class: IN A client: 127.0.0.1:37703
1679312403:DEBUG:smartdns::dns_mw_ns:99: query name: www.google.com. type: A via [Group: default]
1679312408:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: request timed out
1679312408:DEBUG:smartdns::dns_server:131: query received: 25431 name: www.google.com. type: A class: IN A client: 127.0.0.1:3838
1679312408:DEBUG:smartdns::dns_mw_ns:99: query name: www.google.com. type: A via [Group: default]
1679312413:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: request timed out

Using same config with latest smartdns seems to work:

./smartdns-x86_64 -c local.conf -x

[2023-03-20 07:44:12,909][NOTICE][       smartdns.c:397 ] smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build: Mar  4 2023 11:26:35)
[2023-03-20 07:44:12,914][ INFO][     dns_server.c:4612] ICMP ping is disabled, no ipv6 icmp check feature
[2023-03-20 07:44:12,914][ INFO][     dns_server.c:6311] IPV6 is not ready, disable IPV6 features
[2023-03-20 07:44:12,914][ INFO][     dns_client.c:1127] add server 45.90.28.0:53, type: udp
[2023-03-20 07:44:12,982][ INFO][     dns_client.c:1127] add server 45.90.28.0:853, type: tls
[2023-03-20 07:44:12,982][ INFO][     dns_client.c:1127] add server 45.90.30.0:853, type: tls
[2023-03-20 07:44:26,251][DEBUG][     dns_server.c:5119] recv query packet from 127.0.0.1, len = 32, type = 0
[2023-03-20 07:44:26,251][DEBUG][     dns_server.c:5131] request qdcount = 1, ancount = 0, nscount = 0, nrcount = 0, len = 32, id = 46172, tc = 0, rd = 1, ra = 0, rcode = 0
[2023-03-20 07:44:26,251][ INFO][     dns_server.c:5154] query server www.google.com from 127.0.0.1, qtype: 1
[2023-03-20 07:44:26,251][DEBUG][     dns_client.c:554 ] send query to group default
[2023-03-20 07:44:26,251][DEBUG][     dns_client.c:3293] send query to server 45.90.30.0
[2023-03-20 07:44:26,252][DEBUG][     dns_client.c:2056] tls server 45.90.30.0 connecting.
[2023-03-20 07:44:26,252][DEBUG][     dns_client.c:3293] send query to server 45.90.28.0
[2023-03-20 07:44:26,253][DEBUG][     dns_client.c:2056] tls server 45.90.28.0 connecting.
[2023-03-20 07:44:26,253][ INFO][     dns_client.c:3595] send request www.google.com, qtype 1, id 40969
[2023-03-20 07:44:26,263][DEBUG][     dns_client.c:2900] tls server 45.90.28.0 connected.
[2023-03-20 07:44:26,263][DEBUG][     dns_client.c:2905] new session
[2023-03-20 07:44:26,263][DEBUG][     dns_client.c:2775] peer CN: dns.nextdns.io
[2023-03-20 07:44:26,263][DEBUG][     dns_client.c:2826] cert SPKI pin(sha256): E8:29:ED:C5:2A:D9:A1:C7:C8:FB:AE:47:22:5B:26:64:4E:46:1B:9D:EE:98:01:70:AD:24:E4:5C:AF:05:F2:85
[2023-03-20 07:44:26,269][DEBUG][     dns_client.c:2900] tls server 45.90.30.0 connected.
[2023-03-20 07:44:26,269][DEBUG][     dns_client.c:2905] new session
[2023-03-20 07:44:26,270][DEBUG][     dns_client.c:2775] peer CN: dns.nextdns.io
[2023-03-20 07:44:26,270][DEBUG][     dns_client.c:2826] cert SPKI pin(sha256): E8:29:ED:C5:2A:D9:A1:C7:C8:FB:AE:47:22:5B:26:64:4E:46:1B:9D:EE:98:01:70:AD:24:E4:5C:AF:05:F2:85
[2023-03-20 07:44:26,270][DEBUG][     dns_client.c:2523] recv tcp packet from 45.90.28.0, len = 470
[2023-03-20 07:44:26,270][DEBUG][            dns.c:1881] opt type 12
[2023-03-20 07:44:26,270][DEBUG][     dns_client.c:1644] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 40969, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2023-03-20 07:44:26,270][DEBUG][     dns_client.c:1655] domain: www.google.com qtype: 1  qclass: 1
[2023-03-20 07:44:26,270][DEBUG][     dns_server.c:3302] query result from server 45.90.28.0: 853, type: 2
[2023-03-20 07:44:26,270][DEBUG][     dns_server.c:2657] domain: www.google.com TTL: 104 IP: 142.251.35.164
[2023-03-20 07:44:26,270][ INFO][     dns_server.c:1928] result: www.google.com, qtype: 1, rtt: -0.1 ms, 142.251.35.164
[2023-03-20 07:44:26,270][DEBUG][     dns_server.c:1682] reply www.google.com qtype: 1, rcode: 0, reply: 1
[2023-03-20 07:44:26,270][DEBUG][     dns_server.c:846 ] result: www.google.com, rtt: -0.1 ms, 142.251.35.164
[2023-03-20 07:44:26,271][DEBUG][     dns_server.c:1142] cache www.google.com qtype: 1 ttl: 300
[2023-03-20 07:44:26,278][DEBUG][     dns_client.c:2523] recv tcp packet from 45.90.30.0, len = 470
[2023-03-20 07:44:26,278][DEBUG][            dns.c:1881] opt type 12
[2023-03-20 07:44:26,278][DEBUG][     dns_client.c:1644] qdcount = 1, ancount = 1, nscount = 0, nrcount = 0, len = 468, id = 40969, tc = 0, rd = 1, ra = 1, rcode = 0, payloadsize = 1232
[2023-03-20 07:44:26,278][DEBUG][     dns_client.c:1655] domain: www.google.com qtype: 1  qclass: 1
[2023-03-20 07:44:26,278][DEBUG][     dns_server.c:3302] query result from server 45.90.30.0: 853, type: 2
[2023-03-20 07:44:26,278][DEBUG][     dns_server.c:2657] domain: www.google.com TTL: 95 IP: 142.251.35.164
[2023-03-20 07:44:26,278][DEBUG][     dns_client.c:1429] result: www.google.com, qtype: 1, has-result: 1, id 40969

Do you think tls/https still a work in progress?

Thank you in advance.

Alma linux (glibc), latest stable smartdns-rs (musl) not sure if that is the 'problem'

[I] root@alma-vltr /e/smartdns (master) [2]# /usr/sbin/smartdns --help
A cross platform local DNS server written in rust to obtain the fastest website IP for the best Internet experience, support DoT, DoH.


Usage: smartdns <COMMAND>

Commands:
  run      Run the Smart-DNS server
  service  Manage the Smart-DNS service (install, uninstall, start, stop, restart)
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version
[I] root@alma-vltr /e/smartdns (master)# /usr/sbin/smartdns --version
smartdns 0.4.1

[mokeyish]

Thank you for feedback. But it seems like there is no problem on my side.

[bcookatpcsd]

Thank you for the response.. greatly appreciated..

What might be wrong with this?

bind :5311
bind-tcp :5311
cache-size 16384
cache-persist no
speed-check-mode none
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 9600
log-level debug
server 8.8.8.8 -bootstrap-dns -exclude-default-group
server-tls dns.google
server tls://dns.google:853

./smartdns run -c local.conf -d

1679321373:INFO: Smart-DNS 🐋 0.4.1 starting
1679321373:INFO: loading configuration from: "local.conf"
1679321373:DEBUG:smartdns::dns_conf::parse:1763: append server udp://8.8.8.8 to group bootstrap-dns
1679321373:INFO: whoami 👉 void-vltr
1679321373:INFO: upstream server: udp://8.8.8.8 [Group: bootstrap-dns]
1679321373:INFO: upstream server: tls://dns.google [Group: default]
1679321373:INFO: upstream server: tls://dns.google [Group: default]
1679321373:WARN:smartdns::dns_client:101: bootstrap-dns must use ip addess, Domain("8.8.8.8")
1679321373:WARN:smartdns::dns_client:120: not bootstrap-dns found, use system_conf instead.
1679321373:DEBUG:smartdns::dns_client:179: create name server [Group: bootstrap-dns], servers 1
1679321373:DEBUG:smartdns::dns_client:179: create name server [Group: Default], servers 2
1679321373:DEBUG:smartdns:271: binding UDP to 0.0.0.0:5311
1679321373:INFO: listening for UDP on 0.0.0.0:5311
1679321373:DEBUG:smartdns:293: binding TCP to 0.0.0.0:5311
1679321373:INFO: listening for TCP on 0.0.0.0:5311
1679321373:INFO:
1679321373:INFO:      _____                      _       _____  _   _  _____
1679321373:INFO:     / ____|                    | |     |  __ \| \ | |/ ____|
1679321373:INFO:    | (___  _ __ ___   __ _ _ __| |_    | |  | |  \| | (___
1679321373:INFO:     \___ \| '_ ` _ \ / _` | '__| __|   | |  | | . ` |\___ \
1679321373:INFO:     ____) | | | | | | (_| | |  | |_    | |__| | |\  |____) |
1679321373:INFO:    |_____/|_| |_| |_|\__,_|_|   \__|   |_____/|_| \_|_____/
1679321373:INFO:
1679321373:INFO: awaiting connections...
1679321373:INFO: server starting up
1679321377:DEBUG:smartdns::dns_server:131: query received: 47484 name: www.amazon.com. type: A class: IN A client: 1.2.3.4:58289
1679321377:DEBUG:smartdns::dns_client:373: initialize name server [Group: Default]
1679321377:DEBUG:smartdns::dns_client::bootstrap:1170: lookup nameserver dns.google A, [207.246.91.188]
1679321377:DEBUG:smartdns::dns_client::bootstrap:1170: lookup nameserver dns.google A, [207.246.91.188]
1679321377:DEBUG:smartdns::dns_mw_ns:99: query name: www.amazon.com. type: A via [Group: default]
1679321377:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: proto error: io error: connection refused
^C1679321400:INFO: terminating...
1679321400:INFO: SmartDNS 0.4.1 shutdown

No different if I add in the ca-file / ca-path

This is a void linux (glibc) vm.. this machine is also hosted at Vultr..

This seems to work no problem..

bind :5311
bind-tcp :5311
ca-file /etc/ssl/certs/ca-certificates.crt
ca-path /etc/ssl/certs
cache-size 16384
cache-persist no
speed-check-mode none
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 9600
log-level debug
server-tls 8.8.8.8

(run in debug mode..)

1679321835:INFO: Smart-DNS 🐋 0.4.1 starting
1679321835:INFO: loading configuration from: "local.conf"
1679321835:INFO: whoami 👉 void-vltr
1679321835:INFO: upstream server: tls://8.8.8.8 [Group: default]
1679321835:WARN:smartdns::dns_client:120: not bootstrap-dns found, use system_conf instead.
1679321835:DEBUG:smartdns::dns_client:179: create name server [Group: Default], servers 1
1679321835:DEBUG:smartdns:271: binding UDP to 0.0.0.0:5311
1679321835:INFO: listening for UDP on 0.0.0.0:5311
1679321835:DEBUG:smartdns:293: binding TCP to 0.0.0.0:5311
1679321835:INFO: listening for TCP on 0.0.0.0:5311
1679321835:INFO:
1679321835:INFO:      _____                      _       _____  _   _  _____
1679321835:INFO:     / ____|                    | |     |  __ \| \ | |/ ____|
1679321835:INFO:    | (___  _ __ ___   __ _ _ __| |_    | |  | |  \| | (___
1679321835:INFO:     \___ \| '_ ` _ \ / _` | '__| __|   | |  | | . ` |\___ \
1679321835:INFO:     ____) | | | | | | (_| | |  | |_    | |__| | |\  |____) |
1679321835:INFO:    |_____/|_| |_| |_|\__,_|_|   \__|   |_____/|_| \_|_____/
1679321835:INFO:
1679321835:INFO: awaiting connections...
1679321835:INFO: server starting up
1679321838:DEBUG:smartdns::dns_server:131: query received: 57556 name: www.amazon.com. type: A class: IN A client: 1.2.3.4:35801
1679321838:DEBUG:smartdns::dns_client:373: initialize name server [Group: Default]
1679321838:DEBUG:smartdns::dns_mw_ns:99: query name: www.amazon.com. type: A via [Group: default]
^C1679321845:INFO: terminating...
1679321845:INFO: SmartDNS 0.4.1 shutdown

This seems to break..

bind :5311
bind-tcp :5311
ca-file /etc/ssl/certs/ca-certificates.crt
ca-path /etc/ssl/certs
cache-size 16384
cache-persist no
speed-check-mode none
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 9600
log-level debug
server-tls 8.8.8.8 -host-name: dns.google

(start in debug mode..)

1679321926:INFO: awaiting connections...
1679321926:INFO: server starting up
1679321932:DEBUG:smartdns::dns_server:131: query received: 35327 name: www.amazon.com. type: A class: IN A client: 207.246.122.159:41105
1679321932:DEBUG:smartdns::dns_client:373: initialize name server [Group: Default]
1679321932:DEBUG:smartdns::dns_client::bootstrap:1170: lookup nameserver dns.google A, [207.246.91.188]
1679321932:DEBUG:smartdns::dns_mw_ns:99: query name: www.amazon.com. type: A via [Group: default]
1679321937:DEBUG:smartdns::dns_server:269: error resolving: Forward resolution error: request timed out

dnsdist (the local resolver) is getting the query for dns.google (from the host-name argument it would seem), which is the fallback when there is no bootstrap

Packet from 127.0.0.1:35602 for dns.google. A with id 45870
Packet from 127.0.0.1:35602 for dns.google. A with id 39334
Packet from 127.0.0.1:56070 for dns.google. A with id 56478
Packet from 127.0.0.1:45832 for dns.google. A with id 43833
Packet from 127.0.0.1:63752 for dns.google. A with id 56296
Packet from 127.0.0.1:43064 for dns.google. A with id 32444

Is there something with the bootstrap?

When I set the bootstrap to something that I can see.. -bootstrap-dns is what answers the query.. when its -bootstrap-dns -exclude-default-group the query does not resolve..

With no -bootstrap-dns defined and falling back to system resolver..

Something is weird with nextdns and their names..

(more testing..)

NextDNS and their 'names' I can get google to work with and without names quad9, etc..

bind :5311
bind-tcp :5311
ca-file /etc/ssl/certs/ca-certificates.crt
ca-path /etc/ssl/certs
cache-size 16384
cache-persist no
speed-check-mode none
rr-ttl 300
rr-ttl-min 60
rr-ttl-max 9600
log-level debug
server tls://dns.quad9.net:853

going to take a break from this..

apparently the ':' is not a valid character..

so -host-name: dns.google.com is rejected but -host-name dns.google is correct..

[mokeyish]

There is a bug here.

It seems a bug with this crate: https://github.com/servo/rust-url

[mokeyish]

server-tls 45.90.30.0 -host-name: dns.nextdns.io -tls-host-verify: dns.nextdns.io

The option -tls-host-verify has not been yet implemented.

use

server tls://dns.nextdns.io

instead?

[PikuZheng]

server-tls 45.90.28.0 -host-name: dns.nextdns.io -tls-host-verify: dns.nextdns.io
server-tls 45.90.30.0 -host-name: dns.nextdns.io -tls-host-verify: dns.nextdns.io

try server-tls 45.90.30.0 -host-name dns.nextdns.io
with -tls-host-verify, this upstream will not work.

server tls://dns.google:853

oh, no.... it should be server-tls tls://dns.google:853 or server-tls dns.google:853. server means udp

[mokeyish]

@bcookatpcsd Hi, This issue should have been fixed with the following PR:

#88
#83

Please verify it, thanks!

[mokeyish]

oh, no.... it should be server-tls tls://dns.google:853 or server-tls dns.google:853. server means udp

@PikuZheng There is no difference here:

smartdns-rs/src/dns_conf.rs

Lines 1791 to 1793 in 10cf828

	"server" | "server-tcp" | "server-tls" | "server-https" | "server-quic" => {
	self.config_server(conf_name, options)
	}

[PikuZheng]

@PikuZheng There is no difference here:

looks like it fixed now

[mokeyish]

Yeah, I close it first.