I was using DoH via security.cloudflare-dns.com, and my DNS forwarder can no longer connect.
msg=“failed to connect to an HTTPS backend "1.1.1.1 — The free app that makes your Internet faster.”"
Is this URL down/broken?
Thanks.
1 Like
It’s not working for me either. Had to go back to https://1.1.1.1/dns-query in the mean time. I even tried
https://1.1.1.2/dns-query with no luck
Bump.
Not intended to work as a website.
Not a DoH endpoint.
To test one might try, the command below.
curl -H 'accept: application/dns-json' 'https://security.cloudflare-dns.com/dns-query?name=example.com&type=AAAA'
That’s… how DoH works. I get the exact same error using cURL.
$ curl -H 'accept: application/dns-json' 'https://security.cloudflare-dns.com/dns-query?name=example.com&type=AAAA'
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>DNS points to prohibited IP | security.cloudflare-dns.com | Cloudflare</title>
...
1.1.1.1 is, and I use it to seed the A/AAAA records for cloudflare-dns.com normally. network.trr.bootstrapAddress in Firefox.
1.1.1.2 is not. There’s no SSL certificate issued for 1.1.1.2, it is not included in the setup instructions as a DoH endpoint.
Got it. Regardless, DoH does seem to be broken for security.cloudflare-dns.com.
@cs-cf It was posted it was a DoH endpoint:
FAQ
- Does 1.1.1.1 for Families support DNS over HTTPS?
- Yes, to block malware, use
security.cloudflare-dns.com, to block malware & adult content, usefamily.cloudflare-dns.com.
Sorry, I think the confusion here is my fault. @cs-cf was saying that 1.1.1.2 isn’t a DoH endpoint; he wasn’t talking about security.cloudflare-dns.com.
The issue here is that security.cloudflare-dns.com is down. DoH requests to it fail. @cs-cf indicated that receiving a cryptic error when visiting it in a browser it to be expected; however, it’s the same error message that’s received when attempting to query it via DoH, which is why I quoted it. It’s easier to read in a web browser than with cURL, since it’s HTML.
@cs-cf, security.cloudflare-dns.com is most certainly down, at least when hitting EWR. That 1000 error is the same one I receive when I use cURL.
1 Like
Correct.
Thanks for the report… I’ll ask someone to check EWR, it’s working for me against DFW and other folks who tested in other geos haven’t reported an issue.
2 Likes
I can confirm it’s working for me from IAD. Here’s an EWR ray that failed: 57fd02d5493ee71c
Thanks to you both! Here’s the one that failed for me. Ray ID: 57fd105f19f5f778
It seems to be working at LAX for me with Firefox but not cloudflared on my pihole.
Seems to have been fixed for me now
1 Like
Sorry, I spoke too soon. While https://security.cloudflare-dns.com now gives a valid page, https://security.cloudflare-dns.com/dns-query does not give any valid DNS responses.
1 Like
Well now https://security.cloudflare-dns.com doesn’t even give a valid page:
Error 1000 Ray ID: 5804c27b5b75c7d5 • 2020-04-07 15:25:10 UTC
DNS points to prohibited IP
Expected. Not a web page.
time="2020-04-07T09:33:19-06:00" level=error msg="failed to connect to an HTTPS backend \"https://security.cloudflare-dns.com/dns-query\"" error="failed to perform an HTTPS request: Post https://security.cloudflare-dns.com/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"