Issues setting up DoH under firewall

Hi, since recently I’m having troubles connecting do Cloudflare’s dns over https from a firewalled network:
I’d like to be sure if there’s something I can do, or I should start paying for a vpn.
Following cscharff’s suggestions here are the tests results:
https://1.1.1.1/help: https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6Ik1YUCIsImlzcE5hbWUiOiJFLU1pbmQgU3JsIiwiaXNwQXNuIjoiNDk1MzUifQ==

Tests1
    C:\WINDOWS\system32>nslookup example.com 1.1.1.1
    Server:  one.one.one.one
    Address:  1.1.1.1

    Non-authoritative answer:
    Name:    example.com
    Addresses:  2606:2800:220:1:248:1893:25c8:1946
              93.184.216.34


    C:\WINDOWS\system32>nslookup example.com 1.0.0.1
    Server:  one.one.one.one
    Address:  1.0.0.1

    Non-authoritative answer:
    Name:    example.com
    Addresses:  2606:2800:220:1:248:1893:25c8:1946
              93.184.216.34


    C:\WINDOWS\system32>nslookup example.com 8.8.8.8
    Server:  dns.google
    Address:  8.8.8.8

    Non-authoritative answer:
    Name:    example.com
    Addresses:  2606:2800:220:1:248:1893:25c8:1946
              93.184.216.34


    C:\WINDOWS\system32>nslookup -class=chaos -type=txt id.server 1.1.1.1
    Server:  one.one.one.one
    Address:  1.1.1.1

    *** one.one.one.one can't find id.server: Not implemented

    C:\WINDOWS\system32>nslookup -class=chaos -type=txt id.server 1.0.0.1
    Server:  one.one.one.one
    Address:  1.0.0.1

    *** one.one.one.one can't find id.server: Not implemented
Tests2
    C:\WINDOWS\system32>tracert 1.1.1.1

    Tracing route to one.one.one.one [1.1.1.1]
    over a maximum of 30 hops:

      1    <1 ms    <1 ms    <1 ms  cp.bearzi.it [10.201.0.1]
      2     1 ms    <1 ms    <1 ms  151.14.29.146
      3     6 ms     6 ms     6 ms  151.14.28.9
      4     6 ms     6 ms     6 ms  151.6.48.8
      5     6 ms     6 ms     6 ms  151.6.48.92
      6     9 ms    20 ms    10 ms  micl-n01-mica-t02-po02.wind.it [151.6.2.50]
      7    11 ms    10 ms    10 ms  miot-to2-rmid-t02-po02.wind.it [151.6.7.5]
      8    10 ms    11 ms    14 ms  cloudflare.mix-it.net [217.29.66.167]
      9     9 ms     9 ms     9 ms  one.one.one.one [1.1.1.1]

    Trace complete.

    C:\WINDOWS\system32>tracert 1.0.0.1

    Tracing route to one.one.one.one [1.0.0.1]
    over a maximum of 30 hops:

      1    <1 ms    <1 ms    <1 ms  cp.bearzi.it [10.201.0.1]
      2    <1 ms    <1 ms    <1 ms  151.14.29.146
      3     6 ms     6 ms    22 ms  151.14.28.9
      4     6 ms     6 ms     6 ms  151.6.48.8
      5     6 ms     6 ms     6 ms  151.6.48.92
      6    10 ms    10 ms     9 ms  micl-n01-mica-t02-po02.wind.it [151.6.2.50]
      7    10 ms    10 ms    10 ms  151.6.1.178
      8    11 ms     *        *     cloudflare.mix-it.net [217.29.66.167]
      9     9 ms    10 ms     9 ms  one.one.one.one [1.0.0.1]

    Trace complete.

    C:\WINDOWS\system32>nslookup -class=chaos -type=txt id.server 1.1.1.1
    Server:  one.one.one.one
    Address:  1.1.1.1

    *** one.one.one.one can't find id.server: Not implemented

    C:\WINDOWS\system32>nslookup -class=chaos -type=txt id.server 1.0.0.1
    Server:  one.one.one.one
    Address:  1.0.0.1

    *** one.one.one.one can't find id.server: Not implemented

    C:\WINDOWS\system32>nslookup -vc -class=chaos -type=txt id.server 1.1.1.1
    Server:  one.one.one.one
    Address:  1.1.1.1

    *** one.one.one.one can't find id.server: Not implemented

    C:\WINDOWS\system32>nslookup -vc -class=chaos -type=txt id.server 1.0.0.1
    Server:  one.one.one.one
    Address:  1.0.0.1

    *** one.one.one.one can't find id.server: Not implemented
Tests3
    (Invoke-WebRequest -Uri 'https://1.1.1.1/dns-query?ct=application/dns-json&name=Cloudflare.com').RawContent
    HTTP/1.1 200 OK
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    CF-RAY: 531e74e8684c4356-MXP
    Content-Length: 289
    Cache-Control: max-age=147
    Content-Type: application/dns-json
    Date: Thu, 07 Nov 2019 09:59:49 GMT
    Server: cloudflare

    {"Status": 0,"TC": false,"RD": true, "RA": true, "AD": true,"CD": false,"Question":[{"name": "Cloudflare.com.", "type": 1}],"Answer":[{"name": "cloudflare.com.", "type": 1, "TTL": 147, "data": "198.41.214.162"},{"name": "cloudflare.com.", "type": 1, "TTL": 147, "data": "198.41.215.162"}]}

I’m using chrome with --enable-features="dns-over-https<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:server/https%3A%2F%2F1.1.1.1%2Fdns-query/method/POST parameters, but I’ve also tried with Firefox.
Are they blocking 443 traffic to the dns resolver? Then why the test with OpenSSL doesn’t fail?
I’d like to figure out what’s happening

thank you!

This topic was automatically closed after 31 days. New replies are no longer allowed.