1.1.1.1 over TLS issues started 1 days ago


#1

Yesterday everything worked according to the scheme specified in this topic - and today it stopped working :frowning:

https://community.cloudflare.com/t/1-1-1-1-over-tls-issues-started-2-days-ago/51573

  - address_data: 1.1.1.1
    tls_auth_name: "cloudflare-dns.com"
    tls_pubkey_pinset:
      - digest: "sha256"
	value: TdBczz+YjD3Q/taSfHXL5n4LnRxzJk0WG0JAX7nRu6s=


  - address_data: 1.0.0.1
    tls_auth_name: "cloudflare-dns.com"
    tls_pubkey_pinset:
      - digest: "sha256"
	value: TdBczz+YjD3Q/taSfHXL5n4LnRxzJk0WG0JAX7nRu6s=

These settings no longer work :frowning:


#2

You might want to try

value: V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=

#3

Original author of the other post here, I’m having the same issue again.

The last thread was left asking if the value is going to change often. I think the answer to that question is that it is.

How is this meant to be managed? Editing a config file every month or two is annoying but I currently don’t event know where you are getting the value from @sandro

Dan.


#4

I find this value with command openssl, but also dont work :frowning:


#5

Did you actually restart? For me the value works.


#6

Yes - service stubby restart


#7

What is the exact error you get?


#8

;; WARNING: response timeout for [email protected](UDP)

;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 58155
;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0

Works fine with any other services (google dns, sinodun)


#9

That appears to be a response timeout. Are you sure the service itself is running? Are there any errors in the console?


#10

If cloudflare:

;; WARNING: response timeout for [email protected](UDP)

;; WARNING: response timeout for [email protected](UDP)

;; WARNING: response timeout for [email protected](UDP)
;; WARNING: failed to query server [email protected](UDP)

;; WARNING: response timeout for ::[email protected](UDP)

;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 14814
;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0

if any other:

;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 10924
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; Received 77 B
;; Time 2019-01-31 10:54:40 MSK
;; From [email protected](UDP) in 99.7 ms


#11

Thats a dig output, isnt it? I was referring to the service itself.


#12

Tell me, please - how can I get logs stubby ?


#13

How do you start it? Isnt there some output in the console?


#14

ubuntu 18.04, change file stubby.yml and next “service stubby restart”


#16

Sorry, had to delete my previous response, because there was a syntax issue. If you have already copied it please try again.

Can you replace your configuration with exactly the following lines and then restart the service and try again.

Copy and paste exactly these lines.

  - address_data: 1.1.1.1
    tls_auth_name: "cloudflare-dns.com"
    tls_pubkey_pinset:
      - digest: "sha256"
        value: V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=

  - address_data: 1.0.0.1
    tls_auth_name: "cloudflare-dns.com"
    tls_pubkey_pinset:
      - digest: "sha256"
        value: V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=

#17

I found a mistake. It occurs when I connect in subby.yml cloudflare IPv6 - then servise dond work.


#18

Your original posting only contained IPv4 addresses. If you have configurations for IPv6 you certainly also need to have the right CN there as well as the right hash.


#19

Reinstall stubby. Now - all work ok !