Quantcast
Channel: Active questions tagged https - Stack Overflow
Viewing all articles
Browse latest Browse all 1854

CoreDNS DoH not working. no 'dns' query parameter found [closed]

$
0
0

Hello everyone!

I am running CoreDNS as a Docker image in host mode and using DNS-over-HTTPS (DoH). DNS on port 53 works fine.

I believe I've followed the official documentation for the tls plugin correctly [https://github.com/coredns/coredns/tree/master/plugin/tls]

...but when I try to make a DoH request, I get the following:

Request:

curl -v -X GET "https://[REDACTED_DOMAIN]/dns-query?name=google.de&type=A" -H "accept: application/dns-json"

Response:

curl -v -X GET "https://[REDACTED_DOMAIN]/dns-query?name=google.de&type=A" -H "accept: application/dns-json"Note: Unnecessary use of -X or --request, GET is already inferred.* Uses proxy env variable no_proxy == 'localhost,127.0.0.0/8,::1'* Host [REDACTED_DOMAIN]:443 was resolved.* IPv6: (none)* IPv4: [REDACTED_IP]*   Trying [REDACTED_IP]:443...* Connected to [REDACTED_DOMAIN] ([REDACTED_IP]) port 443* ALPN: curl offers h2,http/1.1* TLSv1.3 (OUT), TLS handshake, Client hello (1):*  CAfile: /etc/ssl/certs/ca-certificates.crt*  CApath: /etc/ssl/certs* TLSv1.3 (IN), TLS handshake, Server hello (2):* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):* TLSv1.3 (IN), TLS handshake, Certificate (11):* TLSv1.3 (IN), TLS handshake, CERT verify (15):* TLSv1.3 (IN), TLS handshake, Finished (20):* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):* TLSv1.3 (OUT), TLS handshake, Finished (20):* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey* ALPN: server accepted h2* Server certificate:*  subject: CN=[REDACTED_DOMAIN]*  start date: Feb 15 11:26:28 2025 GMT*  expire date: May 16 11:26:27 2025 GMT*  subjectAltName: host "[REDACTED_DOMAIN]" matched cert's "[REDACTED_DOMAIN]"*  issuer: C=US; O=Let's Encrypt; CN=E5*  SSL certificate verify ok.*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):* using HTTP/2* [HTTP/2] [1] OPENED stream for https://[REDACTED_DOMAIN]/dns-query?name=google.de&type=A* [HTTP/2] [1] [:method: GET]* [HTTP/2] [1] [:scheme: https]* [HTTP/2] [1] [:authority: [REDACTED_DOMAIN]]* [HTTP/2] [1] [:path: /dns-query?name=google.de&type=A]* [HTTP/2] [1] [user-agent: curl/8.5.0]* [HTTP/2] [1] [accept: application/dns-json]> GET /dns-query?name=google.de&type=A HTTP/2> Host: [REDACTED_DOMAIN]> User-Agent: curl/8.5.0> accept: application/dns-json> < HTTP/2 400 < content-type: text/plain; charset=utf-8< x-content-type-options: nosniff< content-length: 31< date: [date]< no 'dns' query parameter found* Connection #0 to host [REDACTED_DOMAIN] left intact

Problem:

HTTP/2 400content-type: text/plain; charset=utf-8x-content-type-options: nosniffcontent-length: 31date: [date]no 'dns' query parameter found

CoreDNS Configuration:

Here is my Corefile:

.:53 {    log    errors    forward . 8.8.8.8 1.1.1.1    cache 30}https://[REDACTED_DOMAIN]:443 {    log    tls /fullchain.pem /privkey.pem    forward . 8.8.8.8 1.1.1.1    cache 30    health}

To me, the configuration looks correct, and the Let's Encrypt certificates are valid, as the handshake was successfully completed.


Error Cause:

  • The CoreDNS server is running smoothly and processes DNS requests on port 53.
  • The error only occurs with DNS-over-HTTPS requests, not with regular DNS queries.
  • The TLS certificates are correctly configured and validated.
  • The server responds with HTTP Error Code 400.
  • I’ve also tested with different clients, such as Firefox.

Has anyone experienced a similar issue with DNS-over-HTTPS in CoreDNS? Or does anyone have any suggestions as to why CoreDNS is not processing this request correctly?

I really hope you can help me. I’m new to CoreDNS and I’m stuck at this point, unable to move forward on my own.


Thank you very much!


Viewing all articles
Browse latest Browse all 1854

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>