albertito / dnss Goto Github PK
View Code? Open in Web Editor NEWDNS over HTTPS [mirror]
Home Page: https://blitiri.com.ar/git/r/dnss/
License: Other
DNS over HTTPS [mirror]
Home Page: https://blitiri.com.ar/git/r/dnss/
License: Other
Hi there, nice project!
I found this today and i think is awesome project!
But, i try to use it and i can't get it working with custom DoH
This works fine:
sudo dnss -enable_dns_to_https
This works fine too (by IP, but that's wrong):
sudo dnss -enable_dns_to_https -https_upstream "https://1.1.1.1/dns-query"
But this is not:
sudo dnss -enable_dns_to_https -https_upstream "https://cloudflare-dns.com/dns-query"
And this is not work:
sudo dnss -enable_dns_to_https \
-fallback_upstream 1.1.1.1:53 \
-fallback_domains cloudflare-dns.com \
-https_upstream "https://cloudflare-dns.com/dns-query"
Of cource it doesn't work with Quad9 and my own DoH
Another good idea to add helpful info to readme:
To get it working you should disable and stop original resolver which use port 53
This happens if not
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
sudo systemctl restart dnss
I hope you can help.
Cheers!
Hi,
thank you for this package it is simple and efficient.
Is there any plan to support DNSSEC?
Hi,
I tried configuring dnss to use unbound on localhost as the fallback_upstream
, but I'm getting SERVFAIL
some of the time. Not always, just some of the time. From the logs, I think dnss might be trying to use the system resolver (systemd-resolved) instead of unbound to lookup fallback_domains
.
I'm on Debian stable, using dnss 0.0~git20180721.0.2de63ab0-1+b11
, so apologies if this is something that's been fixed already. I looked at the git history and didn't see anything that looked relevant though.
dnss command, from ps
:
/usr/bin/dnss --dns_listen_addr=systemd --enable_cache=false --enable_dns_to_https --fallback_domains=dns.google. --fallback_upstream=[::1]:14653 --force_mode=DoH --https_upstream=https://dns.google/dns-query
Relevant ports, from ss
:
udp UNCONN 0 0 [::1]:25953 [::]:* users:(("dnss",pid=384,fd=5),("systemd",pid=1,fd=57))
tcp LISTEN 0 128 [::1]:25953 [::]:* users:(("dnss",pid=384,fd=3),("systemd",pid=1,fd=58))
udp UNCONN 0 0 [::1]:14653 [::]:* users:(("unbound",pid=440,fd=3))
tcp LISTEN 0 128 [::1]:14653 [::]:* users:(("unbound",pid=440,fd=4))
unbound is correctly resolving dns.google.
:
# dig dns.google @::1 -p 14653
; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> dns.google @::1 -p 14653
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1118
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.google. IN A
;; ANSWER SECTION:
dns.google. 744 IN A 8.8.8.8
dns.google. 744 IN A 8.8.4.4
;; Query time: 0 msec
;; SERVER: ::1#14653(::1)
;; WHEN: Mon Mar 01 23:31:20 EST 2021
;; MSG SIZE rcvd: 71
But dnss is returning SERVFAIL
:
# dig google.com @::1 -p 25953
; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> google.com @::1 -p 25953
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4451
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 4001 msec
;; SERVER: ::1#25953(::1)
;; WHEN: Mon Mar 01 23:31:35 EST 2021
;; MSG SIZE rcvd: 28
System logs, starting when I queried dnss for google.com
:
Mar 01 23:33:51 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:51 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question . IN SOA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN DS: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN SOA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN DNSKEY: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN DS: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN DNSKEY: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN AAAA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN A: no-signature
Mar 01 23:33:54 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:55 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:55 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:56 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:33:56 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:34:00 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:00 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:04 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:04 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:05 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:06 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:34:06 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
The fact that systemd-resolved appears to be trying to look up dns.google
makes me think that somehow dnss is using the local resolver via getaddrinfo()
or similar, instead of querying the fallback_upstream
, but I'm just guessing. Any ideas how this could happen?
hi.
[root@vps ~]# dnss -enable_https_to_dns -dns_upstream 8.8.8.8:53 -https_server_addr 127.0.0.1:2367
_ server.go:56 HTTPS listening on 127.0.0.1:2367
โ server.go:63 HTTPS exiting: open : no such file or directory
[root@vps ~]#
thank u
Hi! I find this app pretty damn awesome, I don't really want to mess with cloudflared so I used dnss, but the problem is I wanted to use it with Pi-hole, which eats up :53 port, so the problem is I can't launch dnss on this port, it will break things up. I can build my own version, but it will be awesome to be able to control listening port via command args. What do you think?
Hi, great software! Just installed dnss
from the Debian Buster's repo, works good so far!
The only thing which I can't get to work is changing the HTTPS Upstream, even when I enter the CloudFlare's address, seems like the Google service is still used. Care to check if there is a bug?
Version: 0.0~git20180721.0.2de63ab0-1+b11
dnss 1649 0.0 0.1 778316 13504 ? Ssl 13:15 0:00 /usr/bin/dnss --dns_listen_addr=systemd --monitoring_listen_addr=127.0.0.1:9981 -enable_dns_to_https -https_upstream=https://1.1.1.1/dns-query
I use https://www.dnsleaktest.com to check which DNS resolvers had been hit.
Hello,
I'm currently testing dnss in a lab environment and I can't enable proper logging of all DNS requests. I found in the source code that, apparently, "-v=3" should enable more logging but it does not work. Having proper logging is essential for me. Any tip?
at the moment I am testing with
--https_upstream="https://1.1.1.1/dns-query"
but is it possible to add multiple DoH sources? e.g. in case if 1.1.1.1 is down use next one
--https_upstream="https://9.9.9.9/dns-query"
is your repo down? can't install :-(
Thanks for dnss, very useful!
I use the flag -testing__insecure_http
because dnss sits behind encrypted Apache, so I do not need dnss to use encryption.
Is the flag -testing__insecure_http
ok to use in this scenario, i.e. not just for "testing"?
It says dnss.socket: Failed to create listening socket ([::]:53): Address already in use
but it should not use network during installation, and should not fail just because of another dns server being running.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.