Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Compatibility with Dnsdist?

See original GitHub issue

On Android, I tried to use RethinkDNS with a self hosted dnsdist server: added a new entry in DNS->Configure->DNS over HTTPS. The url is of the form: https://.../dns-query. RethinkDNS says connected below the newly ticked entry, but then no websites are getting DNS resolved in Chrome browser (Error: DNS_PROBE_STARTED) or at all. When I select the Cloudflare entry, everything seems to work fine, so I am wondering what may be the issue. Is RethinkDNS just incompatible with dnsdist? Just to add, the dnsdist server uses a self signed certificate whose ca.crt has been imported into Android. Perhaps I need to import the ca.cert into RethinkDNS itself or does it already ask the Android OS for verification?

Issue Analytics

State:
Created 2 years ago
Comments:7

Top GitHub Comments

1reaction

logicReasonercommented, Jan 24, 2022

Well, at least RethinkDNS’s “dummy” VPN seems to be relatively lightweight as in I haven’t noticed it draining too much battery for the job it does. In fact, having most of the apps blocked from accessing the Internet keeps the smartphone running longer.

1reaction

ignoramouscommented, Dec 31, 2021

If the certs are installed in Android’s ca-store, the app shouldn’t have trouble trusting it. Unless, Go (our underlying DoH impl) is doing something funky with it (it is known to do so in the past).

I haven’t tested this scenario at all, but from your experience, it seems like user-ca aren’t picked up to determine chain of trust.

Perhaps I need to import the ca.cert into RethinkDNS itself or does it already ask the Android OS for verification?

I don’t think anything you’d do would make this work. This is on us to investigate (and fix). Thanks for the bugreport.

Top Results From Across the Web

Packet Actions - DNSDist

dnsdist works in essence like any other loadbalancer: It receives packets on one or several ... This function works similar to using LuaResponseAction()...

dnsdist fundamentals - PowerDNS.ORG

dnsdist is a modern UNIX daemon which loads a configuration file ... These are themselves educational on how dnsdist works, but please do...

dnsdist | PowerDNS Blog

Posts about dnsdist written by habbie and rgacogne. ... We also improved our compatibility with OpenSSL 3.0.0's API.

jamesits/dnsdist-autoconf - Docker Image

Simple dnsdist config generator made for human. ... docker pull jamesits/dnsdist-autoconf:latest docker run --rm ... dnsdist version compatibility.

How To Setup Private DNS-over-TLS/HTTPS | by Leaseweb

DoT/DoH feature compatibility matrix: ... Install dnsdist and certbot (for letsencrypt certificates): # Install dnsdist repo