dohclient - where is the difference?
A. Schulze
sca at andreasschulze.de
Tue Jan 4 19:11:34 UTC 2022
Hello,
digging around with dohclient [1] I found the debugging tool working well with Google and Quad9.
$ dohclient -s 8.8.8.8 -P dns.google. A in
$ dohclient -s 9.9.9.9 -P dns.quad9.net. A in
BUT not with Cloudflare
$ dohclient -s 1.1.1.1 -P one.one.one.one. A in
Request headers
:method: POST
:path: /dns-query
:scheme: https
:authority: 1.1.1.1
content-type: application/dns-message
:status 400
server cloudflare
date Tue, 04 Jan 2022 19:00:54 GMT
content-type text/html
content-length 155
access-control-allow-origin *
cf-ray 6c86b6606ada42c9-FRA
Something is different at Cloudflare's implementation.
May it happen, dohclient is not fully compliant to RFC 8484
and Google+Quad9 run more tolerant servers?
Andreas
[1] https://github.com/NLnetLabs/unbound/blob/master/testcode/dohclient.c
More information about the Unbound-users
mailing list