albertito / dnss Goto Github PK
View Code? Open in Web Editor NEWDNS over HTTPS [mirror]
Home Page: https://blitiri.com.ar/git/r/dnss/
License: Other
dnss's People
Contributors
Stargazers
Watchers
Forkers
cloudxtreme summyd jinyule superhero75 superdong0 prjctgeek intika-dns-servers bules 3ventic isgasho rampagex amudy17 thanhnm-cs schen0x itsharex gptlangdnss's Issues
Work with default(google) but not with others
Hi there, nice project!
I found this today and i think is awesome project!
But, i try to use it and i can't get it working with custom DoH
This works fine:
sudo dnss -enable_dns_to_https
This works fine too (by IP, but that's wrong):
sudo dnss -enable_dns_to_https -https_upstream "https://1.1.1.1/dns-query"
But this is not:
sudo dnss -enable_dns_to_https -https_upstream "https://cloudflare-dns.com/dns-query"
And this is not work:
sudo dnss -enable_dns_to_https \
-fallback_upstream 1.1.1.1:53 \
-fallback_domains cloudflare-dns.com \
-https_upstream "https://cloudflare-dns.com/dns-query"
Of cource it doesn't work with Quad9 and my own DoH
Another good idea to add helpful info to readme:
To get it working you should disable and stop original resolver which use port 53
This happens if not
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
sudo systemctl restart dnss
I hope you can help.
Cheers!
DNSSEC support
Hi,
thank you for this package it is simple and efficient.
Is there any plan to support DNSSEC?
dnss appears to be using the system resolver instead of the fallback flags.
Hi,
I tried configuring dnss to use unbound on localhost as the fallback_upstream, but I'm getting SERVFAIL some of the time. Not always, just some of the time. From the logs, I think dnss might be trying to use the system resolver (systemd-resolved) instead of unbound to lookup fallback_domains.
I'm on Debian stable, using dnss 0.0~git20180721.0.2de63ab0-1+b11, so apologies if this is something that's been fixed already. I looked at the git history and didn't see anything that looked relevant though.
dnss command, from ps:
/usr/bin/dnss --dns_listen_addr=systemd --enable_cache=false --enable_dns_to_https --fallback_domains=dns.google. --fallback_upstream=[::1]:14653 --force_mode=DoH --https_upstream=https://dns.google/dns-query
Relevant ports, from ss:
udp UNCONN 0 0 [::1]:25953 [::]:* users:(("dnss",pid=384,fd=5),("systemd",pid=1,fd=57))
tcp LISTEN 0 128 [::1]:25953 [::]:* users:(("dnss",pid=384,fd=3),("systemd",pid=1,fd=58))
udp UNCONN 0 0 [::1]:14653 [::]:* users:(("unbound",pid=440,fd=3))
tcp LISTEN 0 128 [::1]:14653 [::]:* users:(("unbound",pid=440,fd=4))
unbound is correctly resolving dns.google.:
# dig dns.google @::1 -p 14653
; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> dns.google @::1 -p 14653
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1118
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.google. IN A
;; ANSWER SECTION:
dns.google. 744 IN A 8.8.8.8
dns.google. 744 IN A 8.8.4.4
;; Query time: 0 msec
;; SERVER: ::1#14653(::1)
;; WHEN: Mon Mar 01 23:31:20 EST 2021
;; MSG SIZE rcvd: 71
But dnss is returning SERVFAIL:
# dig google.com @::1 -p 25953
; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> google.com @::1 -p 25953
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4451
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 4001 msec
;; SERVER: ::1#25953(::1)
;; WHEN: Mon Mar 01 23:31:35 EST 2021
;; MSG SIZE rcvd: 28
System logs, starting when I queried dnss for google.com:
Mar 01 23:33:51 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:51 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question . IN SOA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN DS: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN SOA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question google IN DNSKEY: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN DS: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN DNSKEY: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN AAAA: no-signature
Mar 01 23:33:51 sakaar systemd-resolved[843]: DNSSEC validation failed for question dns.google IN A: no-signature
Mar 01 23:33:54 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:55 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:55 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:33:56 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:33:56 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:34:00 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:00 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:04 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:04 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:05 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Mar 01 23:34:06 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
Mar 01 23:34:06 sakaar dnss[786]: _ server.go:134 resolver query error: POST failed: Post https://dns.google/dns-query: dial tcp: lookup dns.google: Temporary failure in name resolution
The fact that systemd-resolved appears to be trying to look up dns.google makes me think that somehow dnss is using the local resolver via getaddrinfo() or similar, instead of querying the fallback_upstream, but I'm just guessing. Any ideas how this could happen?
what does "server.go:63 HTTPS exiting: open : no such file or directory" mean?
hi.
[root@vps ~]# dnss -enable_https_to_dns -dns_upstream 8.8.8.8:53 -https_server_addr 127.0.0.1:2367
_ server.go:56 HTTPS listening on 127.0.0.1:2367
โ server.go:63 HTTPS exiting: open : no such file or directory
[root@vps ~]#
thank u
Custom listening port?
Hi! I find this app pretty damn awesome, I don't really want to mess with cloudflared so I used dnss, but the problem is I wanted to use it with Pi-hole, which eats up :53 port, so the problem is I can't launch dnss on this port, it will break things up. I can build my own version, but it will be awesome to be able to control listening port via command args. What do you think?
Cannot change HTTPS Upstream
Hi, great software! Just installed dnss from the Debian Buster's repo, works good so far!
The only thing which I can't get to work is changing the HTTPS Upstream, even when I enter the CloudFlare's address, seems like the Google service is still used. Care to check if there is a bug?
Version: 0.0~git20180721.0.2de63ab0-1+b11
dnss 1649 0.0 0.1 778316 13504 ? Ssl 13:15 0:00 /usr/bin/dnss --dns_listen_addr=systemd --monitoring_listen_addr=127.0.0.1:9981 -enable_dns_to_https -https_upstream=https://1.1.1.1/dns-query
I use https://www.dnsleaktest.com to check which DNS resolvers had been hit.
Structured query logging
Hello,
I'm currently testing dnss in a lab environment and I can't enable proper logging of all DNS requests. I found in the source code that, apparently, "-v=3" should enable more logging but it does not work. Having proper logging is essential for me. Any tip?
Is it possible to use multiple --https_upstream clauses?
at the moment I am testing with
--https_upstream="https://1.1.1.1/dns-query"
but is it possible to add multiple DoH sources? e.g. in case if 1.1.1.1 is down use next one
--https_upstream="https://9.9.9.9/dns-query"
is your repo down? can't install :-(
is your repo down? can't install :-(
Is the flag -testing__insecure_http just for testing?
Thanks for dnss, very useful!
I use the flag -testing__insecure_http because dnss sits behind encrypted Apache, so I do not need dnss to use encryption.
Is the flag -testing__insecure_http ok to use in this scenario, i.e. not just for "testing"?
Error on apt install when address is already in use
It says dnss.socket: Failed to create listening socket ([::]:53): Address already in use but it should not use network during installation, and should not fail just because of another dns server being running.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.