Skip to content

DoH/IPv6 Couldn't resolve name #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
taketo1113 opened this issue Aug 21, 2024 · 5 comments
Closed

DoH/IPv6 Couldn't resolve name #186

taketo1113 opened this issue Aug 21, 2024 · 5 comments
Assignees
@kazu-yamamoto

Comments

@taketo1113
Copy link

It seems the dug couldn't resolve name with DoH / IPv6, although another dns client(kdig) can resolve name.

Steps to reproduce

doh(h2): dns.google

$ dug-mac-arm64 @2001:4860:4860::8888 -d h2 www.mew.org
dug-mac-arm64: OperationRefused

$ dug-mac-arm64 @dns.google -d h2 www.mew.org
;; 8.8.4.4#443/H2, Tx:40bytes, Rx:56bytes
;; HEADER SECTION:
;Standard query, NoError, id: 43413
;Flags: Recursion Desired, Recursion Available


;; OPTIONAL PSEUDO EDNS SECTION:
;Version: 0, UDP: 512, DNSSEC OK: False, Data:[]

;; QUESTION SECTION:
;www.mew.org.		IN	A

;; ANSWER SECTION:
www.mew.org.	3599(59 mins)	IN	A	202.238.220.92

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

dug-mac-arm64: OperationRefused

$ kdig -6 +https=dns.google www.mew.org @2001:4860:4860::8888
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; HTTP session (HTTP/2-POST)-(dns.google/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; www.mew.org.        		IN	A

;; ANSWER SECTION:
www.mew.org.        	3560	IN	A	202.238.220.92

;; Received 468 B
;; Time 2024-08-21 22:57:27 JST
;; From 2001:4860:4860::8888@443(HTTPS) in 182.2 ms

doh(h2): one.one.one.one

$ dug-mac-arm64 @2606:4700:4700::1111 -d h2 www.mew.org
dug-mac-arm64: OperationRefused

$ dug-mac-arm64 @one.one.one.one -d h2 www.mew.org
;; 1.0.0.1#443/H2, Tx:40bytes, Rx:56bytes
;; HEADER SECTION:
;Standard query, NoError, id: 23343
;Flags: Recursion Desired, Recursion Available


;; OPTIONAL PSEUDO EDNS SECTION:
;Version: 0, UDP: 1232, DNSSEC OK: False, Data:[]

;; QUESTION SECTION:
;www.mew.org.		IN	A

;; ANSWER SECTION:
www.mew.org.	1038(17 mins)	IN	A	202.238.220.92

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

dug-mac-arm64: OperationRefused

$ kdig -6 +https=one.one.one.one www.mew.org @2606:4700:4700::1111
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; HTTP session (HTTP/2-POST)-(one.one.one.one/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; www.mew.org.        		IN	A

;; ANSWER SECTION:
www.mew.org.        	1425	IN	A	202.238.220.92

;; Received 468 B
;; Time 2024-08-21 22:57:58 JST
;; From 2606:4700:4700::1111@443(HTTPS) in 138.0 ms

System configuration

  • dug version: dug 20240820
  • OS: macOS 14.6.1 (Apple M1)
  • network: IPv4 and IPv6 enabled
@kazu-yamamoto kazu-yamamoto self-assigned this Aug 22, 2024
@kazu-yamamoto
Copy link
Owner

dug just specifies an IPv6 address to :authority (Host:).
kdig specifies to the command-line string like "dns.google".
These IPv6 pubic servers reject :authority of IPv6, sigh.
IPv4 servers accept :authroity of IPv4.

There are two ways to fix this:

  1. Provide a command line option to specify a host name
  2. Do reverse-lookup automatically to obtain a host name if an IPv6 address is specified

@kazu-yamamoto
Copy link
Owner

Ah, Host: consists of addr:port where : conflicts with the IPv6 address separator.
So, the syntax of "[ip6addr]:port" should be used.
Let's enclose an IPv6 address with square brackets.
Just a moment, please.

@kazu-yamamoto kazu-yamamoto mentioned this issue Aug 27, 2024
Merged
@kazu-yamamoto
Copy link
Owner

This is due to a bug in the http2 package. I'm waiting for the review above.

@kazu-yamamoto
Copy link
Owner

A new version has been released: https://github.com/kazu-yamamoto/dnsext/releases/tag/dug-20240829

I will fix my blog article.

@taketo1113
Copy link
Author

Thank you to fix.
I confirmed to fix the error with dug 20240829.

$ dug-mac-arm64 @2606:4700:4700::1111 -d h2 www.mew.org
;; 2606:4700:4700::1111#443/H2, Tx:40bytes, Rx:56bytes
;; HEADER SECTION:
;Standard query, NoError, id: 29555
;Flags: Recursion Desired, Recursion Available


;; OPTIONAL PSEUDO EDNS SECTION:
;Version: 0, UDP: 1232, DNSSEC OK: False, Data:[]

;; QUESTION SECTION:
;www.mew.org.		IN	A

;; ANSWER SECTION:
www.mew.org.	2351(39 mins)	IN	A	202.238.220.92

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; 195usec
2606:4700:4700::1111#443/H2: v1.3(FullHandshake)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kazu-yamamoto kazu-yamamoto

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kazu-yamamoto @taketo1113