Work with default(google) but not with others

[sebaxakerhtc]

Hi there, nice project!
I found this today and i think is awesome project!
But, i try to use it and i can't get it working with custom DoH
This works fine:
sudo dnss -enable_dns_to_https
This works fine too (by IP, but that's wrong):
sudo dnss -enable_dns_to_https -https_upstream "https://1.1.1.1/dns-query"
But this is not:
sudo dnss -enable_dns_to_https -https_upstream "https://cloudflare-dns.com/dns-query"
And this is not work:

sudo dnss -enable_dns_to_https \
-fallback_upstream 1.1.1.1:53 \
-fallback_domains cloudflare-dns.com \
-https_upstream "https://cloudflare-dns.com/dns-query"

Of cource it doesn't work with Quad9 and my own DoH

Another good idea to add helpful info to readme:
To get it working you should disable and stop original resolver which use port 53
This happens if not

sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
sudo systemctl restart dnss

I hope you can help.
Cheers!

[albertito]

Thanks for reporting this!

There are integration tests in tests/external.sh which validate that dnss works with some of the public providers, including all the ones you mentioned (cloudflare via ip, cloudflare via domain, quad9). They're run on each commit and weekly from gitlab-ci, and I just run them again from my workstation, and they are all passing.

So I wonder what's causing the failures for you.

Can you run dnss with -v=3, which enables debug logging, and paste the output here so we can debug this further?

Thank you!

[sebaxakerhtc]

Thanks for reporting this!

There are integration tests in tests/external.sh which validate that dnss works with some of the public providers, including all the ones you mentioned (cloudflare via ip, cloudflare via domain, quad9). They're run on each commit and weekly from gitlab-ci, and I just run them again from my workstation, and they are all passing.

So I wonder what's causing the failures for you.

Can you run dnss with -v=3, which enables debug logging, and paste the output here so we can debug this further?

Thank you!

-v (1,2,3) do not show additional info.
Command:
sudo dnss -enable_dns_to_https -https_upstream "https://cloudflare-dns.com/dns-query" -force_mode DoH -v 3
Output when i try to open any website:

_ server.go:166      DNS listening on :53
_ server.go:134      resolver query error: POST failed: Post https://cloudflare-dns.com/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
_ server.go:134      resolver query error: POST failed: Post https://cloudflare-dns.com/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
_ server.go:134      resolver query error: POST failed: Post https://cloudflare-dns.com/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
_ server.go:134      resolver query error: POST failed: Post https://cloudflare-dns.com/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

[sebaxakerhtc]

It work with only one additional option
-fallback_domains string
My mistake was on "dot" at the end of domain name
I should use dns.quad9.net. instead of dns.quad9.net

[sebaxakerhtc]

@albertito
can you explain how to use 2 ip addresses in

-fallback_upstream string

Can i use it like

   -fallback_upstream 1.1.1.1:53 \
   -fallback_upstream 1.0.0.1:53

? Will it work normally?
I'm a paranoic who want to use only my selfhosted DoT, DoH and DNS.
I don't want to use any default(google) requests. Even to request where is my DoH located.
Thank you!

[albertito]

What version of dnss are you using? -fallback_domains is deprecated and hasn't been doing anything for a while. Maybe you're running an older version?

As for your latter question: only one -fallback_upstream value is allowed. If more than one is present, the last one will be used.

If you want to completely self-host, which is totally supported by dnss, you just need to set -fallback_upstream and -https_upstream to the servers of your choosing. dnss shouldn't contact anything else.

And you can also use dnss as the DoH server. You have to set -enable_https_to_dns and then the DNS server to use, and TLS certs (or -insecure_http_server if you're running it behind your own proxy).

I hope this helps! Thanks!

[sebaxakerhtc]

What version of dnss are you using?

From apt | Ubuntu 22.04

seba@RTX4000:~$ apt search dnss
Sorting... Done
Full Text Search... Done

dnss/jammy 0.0~git20200927.0.6aad832e-2build1 amd64
  Proxy for using DNS over HTTPS

As for your latter question: only one -fallback_upstream value is allowed. If more than one is present, the last one will be used.

That's sad. Can you add support for second IP? For redundancy.
If one of servers is down - it still will work
Even windows have this settings LoL

[albertito]

Ah! That would explain the issue you're seeing. The problem was fixed in commit 5567591 in 2021-03.

I will work with Debian folks to get that package updated. I suggest you build a newer version built from the master branch, then that option shouldn't be needed.

And yeah, adding an option for multiple fallbacks sound reasonable, I will add it to the TODO list. Thanks!

[sebaxakerhtc]

The problem was fixed in commit 5567591 in 2021-03.

Builded successfully master with GO.
Now I see "deprecated"

I will add it to the TODO list. Thanks!

It will be great!
Thank you so much!