Unbound DNS over HTTPS Trouble
Aaron D. Gifford
anothernsduser at tambler.com
Thu Jun 17 16:50:14 UTC 2021
On 6/17/21 10:17 AM, Aaron D. Gifford (that's me) via Unbound-users wrote:
> Hi,
>
> I've been trying out DoH using Unbound 1.13.1 on a FreeBSD host and a
> Let's Encrypt TLS certificate. Unbound starts and listens on my DoH
> port, and when I connect to it, the TLS session is established as
> expected. I can send DNS queries and the server sends me a response,
> but it's one byte short and is simply a reply containing NO RR
> records, only the original question sent to the server, oddly
> truncated by a single byte.
>
> For example, here's what happens when I query...<<snip>>
<<snip>>
> Local Unbound 1.13.1 test server using HTTP/2:
> https://unbound.example.org/dns-query?dns=OmYBAAABAAAAAAAABmdvb2dsZQNjb20AAAEAAQ==
>
<<snip>>
> So now my questions.
>
> 1) WHY is Unbound NOT liking the question's format ("format error" as
> seen in rcode=1) when it IS in application/dns-message format,
> URL-safe base 64 encoded as part of the GET query?
I should add that when I attempt a non-dns-message style query to my
server's "/dns-query" DoH endpoint, I simply get a 404 "Not Found" error
message, again using HTTP/2, and including Accept: headers for whatever
DoH reply type the server wants, application/dns-json,
application/dns+json, or application/dns-message.
https://unbound.example.org/dns-query-foo?name=google.com&type=A
404 "Not Found"
I assume this query type isn't supported. Am I assuming foolishly and
should I instead be looking for a configuration typo?
tls-service-key: "/foo/unbound/conf/cert.key"
tls-service-pem: "/foo/unbound/conf/cert.pem"
...
http-endpoint: "/dns-query"
<<snip>>
> Thanks, Unbound devs, for some excellent software!
>
>
> --Aaron out
Thanks again!
--Aaron out
More information about the Unbound-users
mailing list