DoH resolvers in WARP not working

I’m using Cloudflare WARP. When I enabled it, I can’t resolve any domain names. Here is some information for diagnosis.

PS C:\Windows\system32> warp-cli warp-dns-stats
Queries: 50
Average Duration: 20613.48ms
Success: 2.0%
Timed Out: 0.0%
No Records Found: 0.0%
Other Error: 98.0%
PS C:\Windows\system32> nslookup cloudflare.com
Server:  warp-svc
Address:  fd01:db8:1111::2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to warp-svc timed-out

Can anyone tell me how to fix it?

Problem is solved…
I set the wrong DNS in my router, so it cannot resolve *.cloudflare-gateway.com and caused this problem.

Well…It stopped working again.

Any interesting errors in C:\ProgramData\Cloudflare\cfwarp_service_log.txt? Any firewalls or other things that would block traffic the IP/url you mentioned above?

https://pastebin.com/GA7yHV4s
Cannot to login to Steam, visit Cloudflare, Github, etc.
When it works:

PS C:\Windows\system32> warp-cli warp-dns-stats
Queries: 2
Average Duration: 518.00ms
Success: 100.0%
Timed Out: 0.0%
No Records Found: 0.0%
Other Error: 0.0%

Something is blocking our API traffic. The errors that are interesting look like this (edited slightly to remove your account id):

2022-10-26T18:57:47.166Z ERROR main_loop: warp::warp_api: API request error ReqwestError(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("zero-trust-client.cloudflareclient.com.")), port: None, path: "/v0/accounts/ACCOUNT_URL/reg/t.<snip>/posture", query: None, fragment: None }, source: TimedOut }), retrying in 4.351156702s
2022-10-26T18:57:57.306Z ERROR warp_api::authenticated: Failed to get virtual networks error=Invalid(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("zero-trust-client.cloudflareclient.com.")), port: None, path: "/v0/accounts/ACCOUNT_URL/reg/<snip>/virtualnetworks", query: None, fragment: None }, source: hyper::Error(Connect, ConnectError("tcp connect error", Os { code: 10060, kind: TimedOut, message: "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond." })) })

Take a look at the documentation here: WARP with firewall · Cloudflare Zero Trust docs and ensure all the references IPs/Domains are not intercepted by any firewall or https inspection products.

Seem u are from Indonesia
Dns over https, dns over tls started beiing block according to pse regulation
especially steam bla bla bla

some isp already implement this

Thanks for the tip, although I’m not from Indonesia :slight_smile:
But I am curious how they block DoH… Do they block https directly?

OK I’ll check my firewall settings and try to get the requests through the firewall, if they were blocked.
Thank you for your help!

Hey, I think I found some clues…

PS C:\Users\USERNAME> nslookup.exe zero-trust-client.cloudflareclient.com ROUTER_IP
Server:  ROUTER_SERVERNAME
Address:  ROUTER_IP

*** ROUTER_IP can't find zero-trust-client.cloudflareclient.com: Server failed

And if I query through 1.0.0.1 (or any public DNS server)…

PS C:\Users\USERNAME> nslookup.exe zero-trust-client.cloudflareclient.com 1.0.0.1
Server:  one.one.one.one
Address:  1.0.0.1

Non-authoritative answer:
Name:    zero-trust-client.cloudflareclient.com
Addresses:  2606:4700:7::a29f:8969
          2606:4700:7::a29f:8a69
          162.159.137.105
          162.159.138.105

Ah *beep*, here we go again