Dns over https - another DoH server

josef.bunes · October 15, 2019, 12:45pm

I want to use this sw : https://developers.cloudflare.com/argo-tunnel/downloads/ with another DoH.

In the log I can see this error:

failed to perform an HTTPS request: Post https://185.43.135.1/doh: x509: cannot validate certificate for 185.43.135.1 because it doesn’t contain any IP SANs

Is possible to write down the IP address somewhere to the configuration, because certificate of DoH server has no IP address?

Thanks

sandro · October 15, 2019, 12:48pm

Try https://odvr.nic.cz/doh

josef.bunes · October 15, 2019, 1:11pm

I tried both: https://odvr.nic.cz/doh and https://185.43.135.1/doh. No success.

Here is my conf file: /etc/default/cloudflared
CLOUDFLARED_OPTS=–port 5053 --upstream https://185.43.135.1/doh

This one works:
CLOUDFLARED_OPTS=–port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --upstream https://2606:4700:4700::1111/dns-query --upstream https://2606:4700:4700::1001/dns-query

sandro · October 15, 2019, 1:42pm

What error do you get when you use the FQDN?

josef.bunes · October 15, 2019, 1:49pm

failed to perform an HTTPS request: Post https://odvr.nic.cz/doh: dial tcp: lookup odvr.nic.cz on 127.0.0.1:53: read udp 127.0.0.1:55965->127.0.0.1:53: i/o timeout

sandro · October 15, 2019, 1:56pm

That is a very different error though.

Can you post the full output of when you start the application and when you run the lookup?

josef.bunes · October 15, 2019, 1:59pm

start:
Oct 15 15:57:53 orangepizero systemd[1]: Started cloudflared DNS over HTTPS proxy.
Oct 15 15:57:53 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:53+02:00” level=warning msg=“Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /usr/local/etc/cloudflared /etc/cloudflared]”
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Adding DNS upstream” url=“https://odvr.nic.cz/doh”
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Starting metrics server” addr=“127.0.0.1:39125”
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Starting DNS over HTTPS proxy server” addr=“dns://localhost:5053”

and lookup:
Oct 15 15:58:57 orangepizero cloudflared[8364]: time=“2019-10-15T15:58:57+02:00” level=error msg=“failed to connect to an HTTPS backend “https://odvr.nic.cz/doh”” error=“failed to perform an HTTPS request: Post https://odvr.nic.cz/doh: dial tcp: lookup odvr.nic.cz on 127.0.0.1:53: read udp 127.0.0.1:59116->127.0.0.1:53: i/o timeout”

sandro · October 16, 2019, 3:46pm

All right, I believe to understand the issue.

It is not so much of a DoH issue, but rather a traditional DNS lookup problem when Cloudflared tries to actually resolve odvr.nic.cz. For some reason that fails. Check your system’s default resolver.

cscharff · October 15, 2019, 3:18pm

I believe that is a known issue: https://github.com/cloudflare/cloudflared/issues/72

system · November 14, 2019, 3:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.