Problem with 1.1.1.1/help

Hi, I’m using Archlinux + dnscrypt-proxy + dnsmasq.
My web browser: Google Chrome 86.0.4240.183.
I’m only using one server cloudflare in my dnscrypt-proxy config.

Nov 05 20:56:37 baby dnscrypt-proxy[42158]: [2020-11-05 20:56:37] [NOTICE] Loading the set of whitelisting rules from [/etc/dnscrypt-proxy/whitelist.txt]
Nov 05 20:56:37 baby dnscrypt-proxy[42158]: [2020-11-05 20:56:37] [NOTICE] Firefox workaround initialized
Nov 05 20:56:37 baby dnscrypt-proxy[42158]: [2020-11-05 20:56:37] [NOTICE] [cloudflare] OK (DoH) - rtt: 35ms
Nov 05 20:56:37 baby dnscrypt-proxy[42158]: [2020-11-05 20:56:37] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 35ms)
Nov 05 20:56:37 baby dnscrypt-proxy[42158]: [2020-11-05 20:56:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1

But 1.1.1.1/help
Connected with 1.1.1.1: No
Using DNS over HTTPS (DoH): No

https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IkhLRyIsImlzV2FycCI6Ik5vIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9

Curl:
curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA'

{"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"cloudflare.com","type":28}],"Answer":[{"name":"cloudflare.com","type":28,"TTL":250,"data":"2606:4700::6810:84e5"},{"name":"cloudflare.com","type":28,"TTL":250,"data":"2606:4700::6810:85e5"}]}% 

Flag RD and RA say DOH is enabled.

Extended test in https://www.dnsleaktest.com

What is my problem?
Thank you.

Hi, it seems like it can work but doesn’t for some reason. Can you run dig check.cloudflareresolve.com TXT @<your dnscrypt-proxy or dnsmasq ip> ?

1 Like

Here bro, @mvavrusa


; <<>> DiG 9.16.8 <<>> check.cloudflareresolve.com TXT @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18614
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;check.cloudflareresolve.com.   IN      TXT

;; AUTHORITY SECTION:
cloudflareresolve.com.  2376    IN      SOA     cloudflareresolve.com. dns.cloudflare.com. 2018100101 21600 3600 604800 0

;; Query time: 250 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 06 08:32:20 +07 2020
;; MSG SIZE  rcvd: 107

Hi, this means that your local service didn’t actually forward the request to 1.1.1.1, but answered it from a local cache even though it shouldn’t. You can try probing moreto find out which service does this. When it works, it should return something like this:

$ dig check.cloudflareresolve.com TXT @1.1.1.1
...
;; ANSWER SECTION:
check.cloudflareresolve.com.	0	IN	TXT	"cf"

@mvavrusa

If I test directly through 1.1.1.1 like you then get “cf” as above.
Do you have any ideas to fix this problem?

Up, anybody :zipper_mouth_face:

I’m not sure, you could try sending the query to all DNS forwarders (dnscrypt, dnsmasq, router) in your chain to figure out where is the cached response coming from and see if there’s something you can configure.