Unbound DNS over HTTPS Trouble
A. Schulze
sca at andreasschulze.de
Thu Jun 17 17:19:49 UTC 2021
Am 17.06.21 um 18:17 schrieb Aaron D. Gifford via Unbound-users:
> Hi,
>
> I've been trying out DoH using Unbound 1.13.1 on a FreeBSD host and a Let's Encrypt TLS certificate. Unbound starts and listens on my DoH port, and when I connect to it, the TLS session is established as expected. I can send DNS queries and the server sends me a response, but it's one byte short and is simply a reply containing NO RR records, only the original question sent to the server, oddly truncated by a single byte.
Hi,
you didn't describe, which client you used to send the DoH query.
Here are my favorites:
1)
As I compile unbound myself, I can run "make dohclient"
# dohclient
usage: dohclient [options] name type class ...
sends the name-type-class queries over DNS-over-HTTPS.
-s server IP address to send the queries to, default: 127.0.0.1
-p Port to connect to, default: 443
-P Use POST method instead of default GET
-e HTTP endpoint, default: /dns-query
-c Content-type in request, default: application/dns-message
-n no-tls, TLS is disabled
-h This help text
2)
kdig: (maybe modern dig version also support DoH)
# kdig -p 53 hostname.bind. txt ch @127.0.0.1 +https
# kdig -p 53 hostname.bind. txt ch @127.0.0.1 +https-get
3)
a recent version of curl
# curl --verbose --doh-url https://unbound.example:443/dns-query https://nlnetlabs.nl
all versions work here with 1.13.1 on Debian/Linux
Andreas
More information about the Unbound-users
mailing list