Dns over https - another DoH server

I want to use this sw : https://developers.cloudflare.com/argo-tunnel/downloads/ with another DoH.

In the log I can see this error:

failed to perform an HTTPS request: Post https://185.43.135.1/doh: x509: cannot validate certificate for 185.43.135.1 because it doesn’t contain any IP SANs

Is possible to write down the IP address somewhere to the configuration, because certificate of DoH server has no IP address?

Thanks

Try https://odvr.nic.cz/doh

I tried both: https://odvr.nic.cz/doh and https://185.43.135.1/doh. No success.

Here is my conf file: /etc/default/cloudflared
CLOUDFLARED_OPTS=–port 5053 --upstream https://185.43.135.1/doh

This one works:
CLOUDFLARED_OPTS=–port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --upstream https://2606:4700:4700::1111/dns-query --upstream https://2606:4700:4700::1001/dns-query

What error do you get when you use the FQDN?

failed to perform an HTTPS request: Post https://odvr.nic.cz/doh: dial tcp: lookup odvr.nic.cz on 127.0.0.1:53: read udp 127.0.0.1:55965->127.0.0.1:53: i/o timeout

That is a very different error though.

Can you post the full output of when you start the application and when you run the lookup?

start:
Oct 15 15:57:53 orangepizero systemd[1]: Started cloudflared DNS over HTTPS proxy.
Oct 15 15:57:53 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:53+02:00” level=warning msg=“Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /usr/local/etc/cloudflared /etc/cloudflared]”
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Adding DNS upstream” url=“https://odvr.nic.cz/doh
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Starting metrics server” addr=“127.0.0.1:39125”
Oct 15 15:57:54 orangepizero cloudflared[8364]: time=“2019-10-15T15:57:54+02:00” level=info msg=“Starting DNS over HTTPS proxy server” addr=“dns://localhost:5053”

and lookup:
Oct 15 15:58:57 orangepizero cloudflared[8364]: time=“2019-10-15T15:58:57+02:00” level=error msg=“failed to connect to an HTTPS backend “https://odvr.nic.cz/doh”” error=“failed to perform an HTTPS request: Post https://odvr.nic.cz/doh: dial tcp: lookup odvr.nic.cz on 127.0.0.1:53: read udp 127.0.0.1:59116->127.0.0.1:53: i/o timeout”

All right, I believe to understand the issue.

It is not so much of a DoH issue, but rather a traditional DNS lookup problem when Cloudflared tries to actually resolve odvr.nic.cz. For some reason that fails. Check your system’s default resolver.

I believe that is a known issue: https://github.com/cloudflare/cloudflared/issues/72

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.