Dns.google is not compatible with "cloudflared"

Hi,
I am using debian and ubuntu operating systems, and I run Cloudflared to use dns-over-https.

Previously I used https://dns.google.com/experimental address, everything works normally. But I switched to using a new address according to google’s notification, I received an error message:

• If I use the address “https://dns.google/dns-query”: level=error msg=“failed to connect to an HTTPS backend “[https://dns.google/dns-query\](https://dns.google/dns-query\)”” error=“returned status code 415”
• If I use the address “https://dns.google/resolve”: level=error msg=“failed to connect to an HTTPS backend “[https://dns.google/resolve\](https://dns.google/resolve\)”” error=“returned status code 400”
• If I use the address “https://8.8.8.8/dns-query”: level=error msg=“failed to connect to an HTTPS backend “[https://8.8.8.8/dns-query\](https://8.8.8.8/dns-query\)”” error=“returned status code 404”

I created the issue here Google Issue Tracker and got the answer:

https://dns.google/dns-query is the right endpoint to use.

The problem is that (your version of) Cloudflared is apparently still using the MIME type application/dns-udpwireformat rather than application/dns-message for the Content-Type header

From what I can tell, Cloudflared is using the CoreDNS modular DNS server to implement its DNS to DoH proxy. The current version of CoreDNS DoH support (https://github.com/coredns/coredns/blob/master/plugin/pkg/doh/doh.go) uses application/dns-message, but the DoH support in CoreDNS was reconfigured and it is possible that Cloudflared might need changes to work with the current CoreDNS architecture.

If you have been using the same version of Cloudflared for a year or more, you should download a new copy and see if it still has this problem.

If the latest Cloudflared still gives a 415 error, you might want to open an issue or request support on the Cloudflare community forum. If you are familiar with compiling Go programs, you could try to build Cloudflared yourself and see what version of CoreDNS or the doh plugin it is using.

In the meantime, you can continue to use the https://dns.google.com/experimental endpoint, at least for another few weeks until you get the software issues sorted.

Can Cloudflared update for compatibility?

I was about to suggest you open an issue on Github, as that is probably the better place for such as case, when I noticed you already did → dns.google is not compatible with "cloudflared" · Issue #113 · cloudflare/cloudflared · GitHub

I seem to be able to confirm the application/dns-udpwireformat content type, however Cloudflared appears to be using version 1.2 of CoreDNS, which was already using application/dns-message. It would appear Cloudflared is setting that manually.

@cloonan, any idea who’d be the best contact for this kind of code issue?

I tried opening the issue on github without seeing a response. So I tried to report the problem here, hoping that the developer will read it and fix it!

Not offhand, but will look around…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.