Fetch() and IP Address in "Subject Alternative Name"

I have a worker where I would like to issue requests to https://1.1.1.1, example:

fetch("https://1.1.1.1/dns-query?name=1.1.1.1.in-addr.arpa&type=PTR&ct=application/dns-json")

When I do this, I get back a Response object with status 502 and statusText “Bad Gateway”. In the body I can see the message

TLS peer’s certificate is not trusted; reason = Hostname mismatch

(The full body can be seen at https://gist.github.com/dentarg/ffec851598406611cd3f8c377c3957f6)

https://1.1.1.1 has a legit cert, I can make requests to it from Chrome, curl and with fetch() in the Firefox console.

Is it that the Cloudflare backend for fetch() doesn’t support IP addresses in in X509v3 Subject Alternative Name? Is it intentionally or a bug?

1 Like

You can’t fetch IPs from workers, but you could use the URL below for your case:

https://cloudflare-dns.com/dns-query?

Yeah, I’ve seen threads about that. People report getting the error message “Direct IP access not allowed.” then, so I thought it might have changed, as I didn’t get any message saying that.

Yes, I can use the cloudflare-dns.com, just wanted to save a DNS lookup :wink: