I am using debian and ubuntu operating systems, and I run cloudflared to use dns-over-https.
Previously I used https://dns.google.com/experimental address, everything works normally. But I switched to using a new address according to google’s notification, I received an error message:
- If I use the address “https://dns.google/dns-query”: level=error msg=“failed to connect to an HTTPS backend “[https://dns.google/dns-query](https://dns.google/dns-query\)”” error=“returned status code 415”
- If I use the address “https://dns.google/resolve”: level=error msg=“failed to connect to an HTTPS backend “[https://dns.google/resolve](https://dns.google/resolve\)”” error=“returned status code 400”
- If I use the address “https://188.8.131.52/dns-query”: level=error msg=“failed to connect to an HTTPS backend “[https://184.108.40.206/dns-query](https://220.127.116.11/dns-query\)”” error=“returned status code 404”
I created the issue here https://issuetracker.google.com/issues/136198937 and got the answer:
https://dns.google/dns-query is the right endpoint to use.
The problem is that (your version of) cloudflared is apparently still using the MIME type application/dns-udpwireformat rather than application/dns-message for the Content-Type header
From what I can tell, cloudflared is using the CoreDNS modular DNS server to implement its DNS to DoH proxy. The current version of CoreDNS DoH support (https://github.com/coredns/coredns/blob/master/plugin/pkg/doh/doh.go) uses application/dns-message, but the DoH support in CoreDNS was reconfigured and it is possible that cloudflared might need changes to work with the current CoreDNS architecture.
If you have been using the same version of cloudflared for a year or more, you should download a new copy and see if it still has this problem.
If the latest cloudflared still gives a 415 error, you might want to open an issue or request support on the Cloudflare community forum. If you are familiar with compiling Go programs, you could try to build cloudflared yourself and see what version of CoreDNS or the doh plugin it is using.
In the meantime, you can continue to use the https://dns.google.com/experimental endpoint, at least for another few weeks until you get the software issues sorted.
Can Cloudflared update for compatibility?