dns-over-https-proxy icon indicating copy to clipboard operation
dns-over-https-proxy copied to clipboard
verified publisher icon wrouesnel

Error sending DNS respone

Open NguyenThanhTan opened this issue 9 years ago • 6 comments

When I run this on /dns-ver-https-proxy/ directory go run dns_reverse_proxy.go -address 127.0.0.1:8500 -default 8.8.8.8:53 and dig -p 8500 @127.0.0.1 google.com I get no result When I try to connect any website it hit this error: Error sending DNS response: Get 8.8.8.8:53?edns_client_subnet=0.0.0.0%2F0&name=google.com.&type=1: unsupported protocol scheme "" I don't know where I miss, please help.

NguyenThanhTan avatar Sep 15 '16 02:09 NguyenThanhTan

The correct syntax is: go run dns_reverse_proxy.go -address 127.0.0.1:8500

The -default flag points to the Google HTTPS DNS endpoint by default. I really need to edit the top of that header file, since it's from the project I adapted for this project.

wrouesnel avatar Sep 15 '16 09:09 wrouesnel

Thanks but another problem when I use go run dns_reverse_proxy.go -address 127.0.0.1:8500 I turn on wireshark and find that DNS query is also dns protocol as normal but not https from Do I miss st or I have wrong understanding? Sorry for my English.

NguyenThanhTan avatar Sep 15 '16 17:09 NguyenThanhTan

Provided you query port 8500, the query will goto the proxy. The proxy will do a lookup to find the address of Google, but that's all.

wrouesnel avatar Sep 15 '16 22:09 wrouesnel

So need I change my DNS server in network-manager to 127.0.0.1? Because when I use DNS server of my router provide and run dns-over-https, Internet is okay but I can't see any prove that my DNS query is over https (it use DNS query udp port 53 as normal) but when I change DNS server in network-manager to 127.0.0.1, Internet is down. Is there any problem with that?

NguyenThanhTan avatar Sep 16 '16 01:09 NguyenThanhTan

If you give the Google endpoint as an IP address, then you can change your resolver to point to just the proxy.

So: give -default https://216.58.199.78/resolve

wrouesnel avatar Sep 16 '16 17:09 wrouesnel

So I run: go run dns-reverse-proxy.go -address 127.0.0.1:53 -default https://216.58.199.78/resolve Then I change my resolver point to 127.0.0.1 and run: dig -p 53 @127.0.0.1 google.com It generates error: Error sending DNS response: Get https://216.58.199.78/resolve?edns_client_subnet=0.0.0.0%2F0&name=google.com.&type=1: x509: cannot validate certificate for 216.58.199.78 because it doesn't contain any IP SANs When I change the option to: go run dns-reverse-proxy.go -address 127.0.0.1:53 I cannot connect to internet. It's the same with 127.0.0.1:8500 I struggle hours with that but cannot understand why. Please help me.

NguyenThanhTan avatar Sep 17 '16 09:09 NguyenThanhTan