doh.mullvad.net doesn't seem to work
stangri opened this issue · 5 comments
stangri commented
I'm wondering if @baranyaib90 and @aarond10 have any insight into this:
~ # /usr/sbin/https-dns-proxy -r https://doh.mullvad.net/dns-query -a 127.0.0.1 -p 5055 -b 8.8.8.8,1.1.1.1 -u nobody -g nogroup -4 -x -vvvvvvv
[I] 1626385338.986755 main.c:207 Built Jun 15 2021 11:16:10.
[I] 1626385338.986791 main.c:208 System c-ares: 1.17.1
[I] 1626385338.986849 main.c:209 System libcurl: libcurl/7.77.0 wolfSSL/4.7.0
[I] 1626385338.987217 dns_server.c:50 Listening on 127.0.0.1:5055
[D] 1626385338.987264 logging.c:39 starting periodic log flush timer
[D] 1626385338.987457 dns_poller.c:177 Nameservers count: 2
[I] 1626385338.987478 main.c:272 DNS polling initialized for 'doh.mullvad.net'
[D] 1626385338.987508 dns_poller.c:113 Starting DNS query
[D] 1626385338.987593 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385338.987723 dns_poller.c:125 DNS poll interval changed to: 0.699
[D] 1626385339.051165 main.c:173 Received new DNS server IP '193.19.108.2,194.242.2.2'
[D] 1626385339.051334 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385339.051373 dns_poller.c:31 Released used io event: 0x40bf60
[D] 1626385342.749818 main.c:101 Received request for id: 0f21, len: 27
[D] 1626385342.749893 https_client.c:111 Requesting HTTP/1.1: 1
[D] 1626385342.750076 https_client.c:55 curl opened socket: 8
[D] 1626385342.750246 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385342.750282 main.c:101 Received request for id: 19ff, len: 27
[D] 1626385342.750320 https_client.c:111 Requesting HTTP/1.1: 1
[D] 1626385342.750477 https_client.c:55 curl opened socket: 9
[D] 1626385342.750630 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385342.907573 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385342.907608 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385342.923797 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385342.923834 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27
* Received HTTP/0.9 when not allowed
[D] 1626385343.210306 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385343.210339 https_client.c:87 curl closed socket: 8
[E] 1626385343.210372 https_client.c:205 No response
[D] 1626385343.210391 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385343.210404 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385343.210416 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385343.210429 https_client.c:321 Times: 0.000070, 0.141341, 0.459944, 0.460094, 0.460117, 0.460160
[I] 1626385343.210455 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385343.210470 main.c:81 buflen 0
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27
* Received HTTP/0.9 when not allowed
[D] 1626385343.227416 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385343.227448 https_client.c:87 curl closed socket: 9
[E] 1626385343.227476 https_client.c:205 No response
[D] 1626385343.227490 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385343.227503 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385343.227515 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385343.227532 https_client.c:321 Times: 0.000058, 0.157255, 0.476638, 0.476782, 0.476802, 0.476851
[I] 1626385343.227562 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385343.227575 main.c:81 buflen 0
[D] 1626385345.252210 main.c:101 Received request for id: 0f21, len: 27
[D] 1626385345.252255 https_client.c:111 Requesting HTTP/1.1: 1
[D] 1626385345.252438 https_client.c:55 curl opened socket: 10
[D] 1626385345.252635 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
[D] 1626385345.252672 main.c:101 Received request for id: 19ff, len: 27
[D] 1626385345.252695 https_client.c:111 Requesting HTTP/1.1: 1
[D] 1626385345.252831 https_client.c:55 curl opened socket: 11
[D] 1626385345.252967 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385345.409672 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385345.409705 https_client.c:438 Reserved new io event: 0x7ffd768e1c90
[D] 1626385345.425524 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385345.425556 https_client.c:438 Reserved new io event: 0x7ffd768e1c60
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27
* Received HTTP/0.9 when not allowed
[D] 1626385345.712343 https_client.c:428 Released used io event: 0x7ffd768e1c90
[D] 1626385345.712375 https_client.c:87 curl closed socket: 11
[E] 1626385345.712402 https_client.c:205 No response
[D] 1626385345.712421 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385345.712438 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385345.712451 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385345.712463 https_client.c:321 Times: 0.000056, 0.141417, 0.459229, 0.459375, 0.459397, 0.459423
[I] 1626385345.712489 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385345.712501 main.c:81 buflen 0
> POST /dns-query HTTP/1.1
Host: doh.mullvad.net
User-Agent: dns-to-https-proxy/0.2
Accept: application/dns-message
Content-Type: application/dns-message
Content-Length: 27
* Received HTTP/0.9 when not allowed
[D] 1626385345.729734 https_client.c:428 Released used io event: 0x7ffd768e1c60
[D] 1626385345.729766 https_client.c:87 curl closed socket: 10
[E] 1626385345.729794 https_client.c:205 No response
[D] 1626385345.729809 https_client.c:260 CURLINFO_NUM_CONNECTS: 1
[D] 1626385345.729821 https_client.c:272 CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626385345.729834 https_client.c:289 CURLINFO_HTTP_VERSION: 0
[D] 1626385345.729847 https_client.c:321 Times: 0.000070, 0.157410, 0.477005, 0.477156, 0.477182, 0.477225
[I] 1626385345.729877 https_client.c:339 Response was faulty, skipping DNS reply.
[D] 1626385345.729890 main.c:81 buflen 0
[D] 1626385459.051435 dns_poller.c:113 Starting DNS query
[D] 1626385459.051570 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385459.051679 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626385459.062644 main.c:166 DNS server IP address unchanged (193.19.108.2,194.242.2.2).
[D] 1626385459.062668 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385459.062690 dns_poller.c:31 Released used io event: 0x40bf60
[D] 1626385579.063453 dns_poller.c:113 Starting DNS query
[D] 1626385579.063582 dns_poller.c:41 Reserved new io event: 0x40bf60
[D] 1626385579.063689 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626385579.205699 main.c:166 DNS server IP address unchanged (193.19.108.2,194.242.2.2).
[D] 1626385579.205730 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626385579.205754 dns_poller.c:31 Released used io event: 0x40bf60
According to the instructions they provide, their DoH server works with Firefox and Android native resolution, howcome the https_dns_proxy rejects their reply?
baranyaib90 commented
Hi,
I have checked with HTTP/2 and it is working fine.
But with "-x" option (HTTP/1.1) it does not.
Only the curl error message is different for me: * Empty reply from server
So for me it seems like, they only support HTTP/2 protocol or something else is wrong.
I suggest to contact mullvad support in this case.
For now it does not seems like this proxys fault.
My logs:
[I] 1626420703.803850 main.c:217 Version 2021.07.02-6908457
[I] 1626420703.803981 main.c:218 Built Jul 4 2021 15:17:16.
[I] 1626420703.804017 main.c:219 System c-ares: 1.14.0
[I] 1626420703.804222 main.c:220 System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
[I] 1626420703.807359 dns_server.c:50 Listening on 127.0.0.1:5553
[D] 1626420703.807428 logging.c:39 starting periodic log flush timer
[D] 1626420703.807918 dns_poller.c:177 Nameservers count: 1
[I] 1626420703.807965 main.c:283 DNS polling initialized for 'doh.mullvad.net'
[D] 1626420703.809091 dns_poller.c:113 Starting DNS query
[D] 1626420703.809240 dns_poller.c:41 Reserved new io event: 0x1a2d218
[D] 1626420703.809326 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626420704.509253 dns_poller.c:110 Processing DNS queries
[D] 1626420704.509390 dns_poller.c:125 DNS poll interval changed to: 1.311
[D] 1626420704.534989 main.c:183 Received new DNS server IP '193.19.108.2,194.242.2.2'
[D] 1626420704.535143 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626420704.535196 dns_poller.c:31 Released used io event: 0x1a2d218
[D] 1626420709.849735 main.c:111 Received request for id: 381C, len: 51
[D] 1626420709.849829 https_client.c:211 381C: Requesting HTTP/1.1: 0
[D] 1626420709.851048 https_client.c:185 381C: * Added doh.mullvad.net:443:193.19.108.2,194.242.2.2 to DNS cache
[D] 1626420709.851209 https_client.c:185 381C: * Hostname doh.mullvad.net was found in DNS cache
[D] 1626420709.851275 https_client.c:65 curl opened socket: 6
[D] 1626420709.851322 https_client.c:185 381C: * Trying 193.19.108.2...
[D] 1626420709.851350 https_client.c:185 381C: * TCP_NODELAY set
[D] 1626420709.851527 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.888917 https_client.c:185 381C: * Connected to doh.mullvad.net (193.19.108.2) port 443 (#0)
[D] 1626420709.891659 https_client.c:185 381C: * ALPN, offering h2
[D] 1626420709.891699 https_client.c:185 381C: * ALPN, offering http/1.1
[D] 1626420709.891775 https_client.c:185 381C: * successfully set certificate verify locations:
[D] 1626420709.892104 https_client.c:185 381C: * CAfile: none
[D] 1626420709.892172 https_client.c:185 381C: * CApath: /etc/ssl/certs
[D] 1626420709.892945 https_client.c:185 381C: * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[D] 1626420709.893122 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.893181 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.932538 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Server hello (2):
[D] 1626420709.933740 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[D] 1626420709.938102 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Certificate (11):
[D] 1626420709.941079 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[D] 1626420709.941853 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Finished (20):
[D] 1626420709.942151 https_client.c:185 381C: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[D] 1626420709.942421 https_client.c:185 381C: * TLSv1.3 (OUT), TLS handshake, Finished (20):
[D] 1626420709.942748 https_client.c:185 381C: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
[D] 1626420709.942835 https_client.c:185 381C: * ALPN, server accepted to use h2
[D] 1626420709.942940 https_client.c:185 381C: * Server certificate:
[D] 1626420709.943049 https_client.c:185 381C: * subject: OU=Domain Control Validated; CN=doh.mullvad.net
[D] 1626420709.943138 https_client.c:185 381C: * start date: Jan 11 06:24:17 2021 GMT
[D] 1626420709.943217 https_client.c:185 381C: * expire date: Jan 11 06:24:17 2022 GMT
[D] 1626420709.943321 https_client.c:185 381C: * subjectAltName: host "doh.mullvad.net" matched cert's "doh.mullvad.net"
[D] 1626420709.943460 https_client.c:185 381C: * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
[D] 1626420709.943535 https_client.c:185 381C: * SSL certificate verify ok.
[D] 1626420709.943722 https_client.c:185 381C: * Using HTTP2, server supports multi-use
[D] 1626420709.943801 https_client.c:185 381C: * Connection state changed (HTTP/2 confirmed)
[D] 1626420709.943881 https_client.c:185 381C: * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
[D] 1626420709.944256 https_client.c:185 381C: * Using Stream ID: 1 (easy handle 0x1a3fcd0)
[D] 1626420709.944487 https_client.c:185 381C: > POST /dns-query HTTP/2
[D] 1626420709.944571 https_client.c:185 381C: > Host: doh.mullvad.net
[D] 1626420709.944636 https_client.c:185 381C: > User-Agent: dns-to-https-proxy/0.2
[D] 1626420709.944699 https_client.c:185 381C: > Accept: application/dns-message
[D] 1626420709.944762 https_client.c:185 381C: > Content-Type: application/dns-message
[D] 1626420709.944826 https_client.c:185 381C: > Content-Length: 51
[D] 1626420709.944953 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.945025 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.945342 https_client.c:185 381C: * We are completely uploaded and fine
[D] 1626420709.945452 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.945517 https_client.c:519 Reserved new io event: 0xbe91e368
[D] 1626420709.977753 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420709.978063 https_client.c:185 381C: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420709.978203 https_client.c:185 381C: * old SSL session ID is stale, removing
[D] 1626420709.978836 https_client.c:185 381C: * Connection state changed (MAX_CONCURRENT_STREAMS == 400)!
[D] 1626420709.994423 https_client.c:185 381C: < HTTP/2 200
[D] 1626420709.994540 https_client.c:185 381C: < content-type: application/dns-message
[D] 1626420709.994615 https_client.c:185 381C: < content-length: 55
[D] 1626420709.994910 https_client.c:185 381C: * Connection #0 to host doh.mullvad.net left intact
[D] 1626420709.995025 https_client.c:509 Released used io event: 0xbe91e368
[D] 1626420709.995116 https_client.c:341 381C: CURLINFO_NUM_CONNECTS: 1
[D] 1626420709.995183 https_client.c:353 381C: CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626420709.995247 https_client.c:367 381C: CURLINFO_HTTP_VERSION: 2
[D] 1626420709.995313 https_client.c:402 381C: Times: 0.000152, 0.037803, 0.092513, 0.093805, 0.094046, 0.143767
[D] 1626420709.995399 main.c:82 Received response for id: 381C, len: 55
^C[I] 1626420711.352110 main.c:70 Shutting down gracefully. To force exit, send signal again.
[D] 1626420711.352170 main.c:291 loop breaked
[D] 1626420711.352270 main.c:304 re-entering loop
[D] 1626420711.352311 main.c:306 loop finished all events
[D] 1626420711.353028 https_client.c:98 curl closed socket: 6
[D] 1626420711.353267 main.c:313 loop destroyed
$ ./https_dns_proxy -b 1.1.1.1 -p 5553 -4 -r https://doh.mullvad.net/dns-query -v -v -v -x
[I] 1626420714.943437 main.c:217 Version 2021.07.02-6908457
[I] 1626420714.943551 main.c:218 Built Jul 4 2021 15:17:16.
[I] 1626420714.943588 main.c:219 System c-ares: 1.14.0
[I] 1626420714.943806 main.c:220 System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
[I] 1626420714.946886 dns_server.c:50 Listening on 127.0.0.1:5553
[D] 1626420714.946962 logging.c:39 starting periodic log flush timer
[D] 1626420714.947478 dns_poller.c:177 Nameservers count: 1
[I] 1626420714.947526 main.c:283 DNS polling initialized for 'doh.mullvad.net'
[D] 1626420714.948655 dns_poller.c:113 Starting DNS query
[D] 1626420714.948817 dns_poller.c:41 Reserved new io event: 0x8cf218
[D] 1626420714.948924 dns_poller.c:125 DNS poll interval changed to: 0.700
[D] 1626420714.957812 main.c:183 Received new DNS server IP '194.242.2.2,193.19.108.2'
[D] 1626420714.957939 dns_poller.c:88 DNS poll interval changed to: 120
[D] 1626420714.957995 dns_poller.c:31 Released used io event: 0x8cf218
[D] 1626420719.366972 main.c:111 Received request for id: B443, len: 51
[D] 1626420719.367088 https_client.c:211 B443: Requesting HTTP/1.1: 1
[D] 1626420719.368321 https_client.c:185 B443: * Added doh.mullvad.net:443:194.242.2.2,193.19.108.2 to DNS cache
[D] 1626420719.368495 https_client.c:185 B443: * Hostname doh.mullvad.net was found in DNS cache
[D] 1626420719.368561 https_client.c:65 curl opened socket: 6
[D] 1626420719.368609 https_client.c:185 B443: * Trying 194.242.2.2...
[D] 1626420719.368640 https_client.c:185 B443: * TCP_NODELAY set
[D] 1626420719.368872 https_client.c:519 Reserved new io event: 0xbea42358
[D] 1626420719.419565 https_client.c:185 B443: * Connected to doh.mullvad.net (194.242.2.2) port 443 (#0)
[D] 1626420719.421498 https_client.c:185 B443: * ALPN, offering http/1.1
[D] 1626420719.421533 https_client.c:185 B443: * successfully set certificate verify locations:
[D] 1626420719.421550 https_client.c:185 B443: * CAfile: none
[D] 1626420719.421585 https_client.c:185 B443: * CApath: /etc/ssl/certs
[D] 1626420719.422124 https_client.c:185 B443: * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[D] 1626420719.422230 https_client.c:509 Released used io event: 0xbea42358
[D] 1626420719.422247 https_client.c:519 Reserved new io event: 0xbea42358
[D] 1626420719.462130 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Server hello (2):
[D] 1626420719.462893 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[D] 1626420719.465708 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Certificate (11):
[D] 1626420719.467403 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[D] 1626420719.467784 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Finished (20):
[D] 1626420719.467905 https_client.c:185 B443: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[D] 1626420719.468011 https_client.c:185 B443: * TLSv1.3 (OUT), TLS handshake, Finished (20):
[D] 1626420719.468154 https_client.c:185 B443: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
[D] 1626420719.468173 https_client.c:185 B443: * ALPN, server accepted to use http/1.1
[D] 1626420719.468206 https_client.c:185 B443: * Server certificate:
[D] 1626420719.468239 https_client.c:185 B443: * subject: OU=Domain Control Validated; CN=doh.mullvad.net
[D] 1626420719.468264 https_client.c:185 B443: * start date: Jan 11 06:24:17 2021 GMT
[D] 1626420719.468282 https_client.c:185 B443: * expire date: Jan 11 06:24:17 2022 GMT
[D] 1626420719.468314 https_client.c:185 B443: * subjectAltName: host "doh.mullvad.net" matched cert's "doh.mullvad.net"
[D] 1626420719.468363 https_client.c:185 B443: * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
[D] 1626420719.468380 https_client.c:185 B443: * SSL certificate verify ok.
[D] 1626420719.468489 https_client.c:185 B443: > POST /dns-query HTTP/1.1
[D] 1626420719.468506 https_client.c:185 B443: > Host: doh.mullvad.net
[D] 1626420719.468518 https_client.c:185 B443: > User-Agent: dns-to-https-proxy/0.2
[D] 1626420719.468529 https_client.c:185 B443: > Accept: application/dns-message
[D] 1626420719.468543 https_client.c:185 B443: > Content-Type: application/dns-message
[D] 1626420719.468556 https_client.c:185 B443: > Content-Length: 51
[D] 1626420719.468582 https_client.c:185 B443: * upload completely sent off: 51 out of 51 bytes
[D] 1626420719.516311 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420719.516469 https_client.c:185 B443: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[D] 1626420719.516518 https_client.c:185 B443: * old SSL session ID is stale, removing
[D] 1626420719.517589 https_client.c:185 B443: * TLSv1.3 (IN), TLS alert, close notify (256):
[D] 1626420719.517628 https_client.c:185 B443: * Empty reply from server
[D] 1626420719.517651 https_client.c:185 B443: * Connection #0 to host doh.mullvad.net left intact
[D] 1626420719.517670 https_client.c:509 Released used io event: 0xbea42358
[W] 1626420719.517700 https_client.c:286 B443: No response (probably connection has been closed or timed out)
[D] 1626420719.517716 https_client.c:341 B443: CURLINFO_NUM_CONNECTS: 1
[D] 1626420719.517730 https_client.c:353 B443: CURLINFO_EFFECTIVE_URL: https://doh.mullvad.net/dns-query
[D] 1626420719.517744 https_client.c:370 B443: CURLINFO_HTTP_VERSION: 0
[D] 1626420719.517758 https_client.c:402 B443: Times: 0.000146, 0.051165, 0.100016, 0.100219, 0.149234, 0.149268
[I] 1626420719.517784 https_client.c:420 B443: Response was faulty, skipping DNS reply.
[D] 1626420719.517799 main.c:82 Received response for id: B443, len: 0
^C[I] 1626420724.127346 main.c:70 Shutting down gracefully. To force exit, send signal again.
[D] 1626420724.127415 main.c:291 loop breaked
[D] 1626420724.127585 main.c:304 re-entering loop
[D] 1626420724.127631 main.c:306 loop finished all events
[D] 1626420724.128332 https_client.c:98 curl closed socket: 6
[D] 1626420724.128564 main.c:313 loop destroyed```
baranyaib90 commented
Also simple curl request shows the same sympthom:
- HTTP/1.1: no reply at all
- HTTP/2: at least 400 Bad request was sent back
$ curl -v --http1.1 https://doh.mullvad.net/dns-query
...
* Empty reply from server
* Connection #0 to host doh.mullvad.net left intact
curl: (52) Empty reply from server
$ curl -v --http2 https://doh.mullvad.net/dns-query
...
* Connection state changed (MAX_CONCURRENT_STREAMS == 400)!
< HTTP/2 400
<
* Connection #0 to host doh.mullvad.net left intact
Bad Request
x4e commented
I got a reply from Mullvad support about this:
Hi,
This is how unbound (the DNS software) works.
https://blog.nlnetlabs.nl/dns-over-https-in-unbound/
"The DoH implementation in Unbound requires TLS, and only works over
HTTP/2. The query pipelining and out-of-order processing functionality
that is provided by HTTP/2 streams is needed to be able to provide
performance that is on par with DoT. The HTTP/2 capability is negotiated using Application-Layer Protocol Negotiation (ALPN) TLS extension, which is supported in OpenSSL from version 1.0.2 onward."Regards
/Eric
Unfortunately it seems they require HTTP/2.
baranyaib90 commented
Yes, and sadly that is mostly not supported by OpenWRT libcurl: System libcurl: libcurl/7.77.0 wolfSSL/4.7.0
(But in my Raspberry PI it was (nghttp2 present): System libcurl: libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3)
@aarond10 I think this issue can be closed from our side.
baranyaib90 commented
@x4e actually it's funny, that in the logs above I see: ALPN, server accepted to use http/1.1
And it's actually not working. You could report that to the support, that only http/2 should be accepted.