DNS over HTTPs stopped working
Today Nov-26--2019 all my DNs over HTTPs devices which include linux , Mac OS and Android stopped working over DOH. the cloudflare settings are as follows.
https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IllZWiIsImlzV2FycCI6Ik5vIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9
The traceroute shows access to the 1.1.1.1 network 3 3.52.251.198.in-addr.arpa (198.251.52.3) 20.584 ms 81.945 ms 56.215 ms
4 198.251.49.89 (198.251.49.89) 21.406 ms 21.144 ms 22.069 ms 5 198.251.51.56 (198.251.51.56) 22.771 ms 22.709 ms 21.188 ms 6 198.251.50.16 (198.251.50.16) 22.807 ms 78.695 ms 96.269 ms 7 cloudflare.ip4.torontointernetxchange.net (206.108.34.208) 106.362 ms 93.731 ms 95.215 ms 8 one.one.one.one (1.1.1.1) 164.851 ms * 88.710 ms
My Firefox setting has DNS over hTTPS enabled no extensions and configured for cloudflare and my about:config settings network.trr.bootstrapAddress;1.1.1.1 network.trr.mode;3 network.trr.resolvers;[{ "name": "Cloudflare", "url": "https://mozilla.cloudflare-dns.com/dns-query" }]
Network mode 3 means DOH should only resolve using DOH but I can still get to other sites instead of a message say "hmm where having trouble finding that site"
Does anyone have an idea as to what causes this issue?
All Replies (7)
Hi Mace2, I'm not certain if it's relevant but, Malwarebytes is now blocking https://1.1.1.1/help/
The problem appears to be with the data centre YYZ. But strangely about:networking#dns gives the result that TRR is true for all sites.
This suggests DOH is working.
The problem seems to be confirmed by cloudflare support by another person going through YYZ cloudflare center.
https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IllZWiIsImlzV2FycCI6Ik5vIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9
The cloudflare IP I am going through for DOH is 108.162.240.42.
The issue affects only data centres YYZ (Toronto, Canada) and only prevents the 1.1.1.1/help from displaying connection to DOH. DOH still functions.
the current DOH from cloudflare that doesn't provide proper script value is 108.162.240.117
Athraithe ag Mace2 ar
Just a thought. Do you have network.security.esni.enabled set to True?
If not, does it make a difference?
This is not a configuration problem as it effects more than one system and if I use a VPN it works.
https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiQU1TIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=
Connected to 1.1.1.1 Yes Using DNS over HTTPS (DoH) Yes Using DNS over TLS (DoT) No Using DNS over WARP No AS Name Cloudflare AS Number 13335 Cloudflare Data Center AMS
Interestingly my ISP DNS DNS1:198.251.50.199
DNS2:198.251.50.200
Does not resolve certain sites.
I have a ? result for secure DNS, result from Cloudfllare test site . I have also opened a question on cloudflare and no answer as of yet 4-dec-2019 has been provided. There appears to be manipulation of the cloudflare site for 1.1.1.1./help
any ideas
Athraithe ag Mace2 ar