Issue testing configured DNS-Over-HTTPS

kosymodo · July 30, 2020, 9:48am

Expected Behaviour:

Having configured DNS-Over-HTTPS, I expect to run dig @127.0.0.1 -p 5053 google.com and receive a reply

Actual Behaviour:

dig @127.0.0.1 -p 5053 google.com

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> @127.0.0.1 -p 5053 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Debug Token:

https://tricorder.pi-hole.net/c4u77kk51x

Bucking_Horn · July 30, 2020, 10:07am

Pi-hole does not support sending or receiving DoH queries.

You should consider consulting your DoH software provider, whatever your choice of DoH software is.

kosymodo · July 30, 2020, 10:09am

Hmmm, OK...I was however using the official instructions here - Redirecting...

Are you therefore saying this is a Cloudflared issue, not a Pi-hole issue?

Bucking_Horn · July 30, 2020, 10:39am

Either that, or you've missed a step in setting up cloudflared.

Since you are directing your dig query to a certain localhost port, check what's listening on that port on your Pi-hole machine :

sudo ss -tulpn 'sport = :5053'

kosymodo · July 30, 2020, 10:50am

It seems nothing?

sudo ss -tulpn 'sport = :5053'
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port

Bucking_Horn · July 30, 2020, 11:01am

Then cloudflared wasn't started or failed to start.

What did the status check from the instructions reveal?

kosymodo · July 30, 2020, 12:03pm

sudo systemctl status cloudflared
● cloudflared.service - cloudflared DNS over HTPPS proxy
   Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2020-07-30 13:02:12 BST; 3s ago
  Process: 26440 ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS (code=exited, status=0/SUCCESS)
 Main PID: 26440 (code=exited, status=0/SUCCESS)

Jul 30 13:02:12 raspberrypi cloudflared[26440]:    cloudflared proxy-dns [command options]
Jul 30 13:02:12 raspberrypi cloudflared[26440]: OPTIONS:
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --metrics value    Listen address for metrics reporting. (default: "l
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --address value    Listen address for the DNS over HTTPS proxy server
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --port value       Listen on given port for the DNS over HTTPS proxy
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --upstream value   Upstream endpoint URL, you can specify multiple en
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --bootstrap value  bootstrap endpoint URL, you can specify multiple e
Jul 30 13:02:12 raspberrypi cloudflared[26440]:    --help, -h         show help (default: false)
Jul 30 13:02:12 raspberrypi cloudflared[26440]:
Jul 30 13:02:12 raspberrypi systemd[1]: cloudflared.service: Succeeded.

Bucking_Horn · July 30, 2020, 12:20pm

Showing cloudflared as inactive, as expected somehow.

Running systemctl status with full output may have additional hints why it does so:

sudo systemctl status cloudflared --full --no-pager

You did provide command line options, didn't you?

You'd have to sort why cloudflared would fail after starting on your system.

kosymodo · July 30, 2020, 12:26pm

Here's the output of the systemctl status query:

sudo systemctl status cloudflared --full --no-pager
● cloudflared.service - cloudflared DNS over HTPPS proxy
   Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2020-07-30 13:17:45 BST; 5min ago
  Process: 3069 ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS (code=exited, status=0/SUCCESS)
 Main PID: 3069 (code=exited, status=0/SUCCESS)

Jul 30 13:17:45 raspberrypi cloudflared[3069]:    cloudflared proxy-dns [command options]
Jul 30 13:17:45 raspberrypi cloudflared[3069]: OPTIONS:
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --metrics value    Listen address for metrics reporting. (default: "localhost:") [$TUNNEL_METRICS]
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --address value    Listen address for the DNS over HTTPS proxy server. (default: "localhost") [$TUNNEL_DNS_ADDRESS]
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --port value       Listen on given port for the DNS over HTTPS proxy server. (default: 53) [$TUNNEL_DNS_PORT]
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --upstream value   Upstream endpoint URL, you can specify multiple endpoints for redundancy. (default: "https://1.1.1.1/dns-query") [$TUNNEL_DNS_UPSTREAM]
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --bootstrap value  bootstrap endpoint URL, you can specify multiple endpoints for redundancy. (default: "https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query") [$TUNNEL_DNS_BOOTSTRAP]
Jul 30 13:17:45 raspberrypi cloudflared[3069]:    --help, -h         show help (default: false)
Jul 30 13:17:45 raspberrypi cloudflared[3069]:
Jul 30 13:17:45 raspberrypi systemd[1]: cloudflared.service: Succeeded.

It doesn't provide me with any hints, but might to others?

Yes, I provided command line options, as per the manual method of setting up

Bucking_Horn · July 30, 2020, 12:45pm

(You can format your output for readability by using the </> Preformatted text menu option. I’ve just done that for you )

It doesn't quite seem cloudflared would know about those options and tries to go by its defaults (but then, I am not using cloudflared at all).

What's the output of

ls -lah /etc/default/cloudflared

cat /etc/default/cloudflared

cat /etc/systemd/system/cloudflared.service

kosymodo · July 30, 2020, 4:02pm

I've now resolved this with a fresh install of OS/Pi-hole and an auto install of cloudflared

system · August 20, 2020, 4:02pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.