DoQ & DoH/3 Support.

[theGorgeous]

Hello y'all,

DoQ (DNS-over-Quic)

DoH/3 (DNS-over-HTTPS/3)

When keenetic development team implement these 2 features to the keenetic devices ? Because, the most popular DNS providers (Adguard, ControlD etc...) are supporting these 2 features.

Thanks in advance for community members who supporting me people.

[theGorgeous]

1 minute ago, theGorgeous said:

Hello y'all,

DoQ (DNS-over-Quic)

DoH/3 (DNS-over-HTTPS/3)

When keenetic development team implement these 2 features to the keenetic devices ? Because, the most popular DNS providers (Adguard, ControlD etc...) are supporting these 2 features.

Thanks in advance for community members who supporting me people.

Please support me giving upvote. If how many upvote we would have, these features can come to the keenetic devices more early than expected.

[Le ecureuil]

DoH support for HTTP/3 will appear for models with >= 256 MB RAM in the next 4.2 release.

[Namenloss]

4.2 a4, hopper (KN-3810):

Apr 13 23:56:17 https-dns-proxy
5028: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
12C4: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
5199: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
F834: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
F565: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
D596: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:28 https-dns-proxy
E61E: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:28 https-dns-proxy
"https://dns.google/dns-query": too many failed requests, try to reload process
Apr 13 23:56:28 ndm
Service: "DoH "System" proxy #0": unexpectedly stopped.

Region: EU. Works for some time, after fails. AdGuard Home on a separate server works without issues with DoH and same Google DNS. 

Also still issue with bootstrap is not fixed, provider DNS is not enough, you need to add something like 1.1.1.1/8.8.8.8 . 

[Le ecureuil]

В 14.04.2024 в 00:08, Namenloss сказал:

4.2 a4, hopper (KN-3810):

Apr 13 23:56:17 https-dns-proxy
5028: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
12C4: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
5199: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
F834: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
F565: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:17 https-dns-proxy
D596: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:28 https-dns-proxy
E61E: "https://dns.google/dns-query": curl error message: QUIC connection has been shut down
Apr 13 23:56:28 https-dns-proxy
"https://dns.google/dns-query": too many failed requests, try to reload process
Apr 13 23:56:28 ndm
Service: "DoH "System" proxy #0": unexpectedly stopped.

Region: EU. Works for some time, after fails. AdGuard Home on a separate server works without issues with DoH and same Google DNS. 

Also still issue with bootstrap is not fixed, provider DNS is not enough, you need to add something like 1.1.1.1/8.8.8.8 . 

Does it fail unrecoverable, or just makes noisy logs and reloads, but continues to work?
For bootstrap we obviously need some additional information and configuration (or at least your self-test in hidden post).

[Namenloss]

53 минуты назад, Le ecureuil сказал:

Does it fail unrecoverable, or just makes noisy logs and reloads, but continues to work?
For bootstrap we obviously need some additional information and configuration (or at least your self-test in hidden post).

Test router is connected to main KN-1811 ("Titan"), 'Cloud-based content filtering and ad blocking' is not installed, remove all DNS except provider one, configure DoH Google  - Stubby is not able to bootstrap, fails immediately according to the logs. Add 1.1.1.1 as a common DNS. Use for some time (it works, able to bootstrap, able to resolve using DoH - at least DNS leak test confirms Google DNS as an upstream), after it starts to create issues as above. 

Will add self-test at evening. 

 

[Le ecureuil]

To be honest, I don't see any bootstrap issues.
The bootstrap takes time, and implemented as asynchronous background process. So the bootstrap repeats attempts for several times, and it can take up to 1-2 minutes. But after that in all your self-tests the bootstraps are completed successfully.

The real issue is the unavailability of QUIC, but I will fix the fallback to HTTP/2.

[Le ecureuil]

I have made some logic for autodowngrade to HTTP/2, please try the next 4.2.

[Namenloss]

Thanks for explanation about bootstrap, maybe should be documented somehow, I thought it should take less time.  

 

QUIC is not blocked  for sure, since https://quic.nginx.org/quic.html test can be executed endlessly with no issues. Thank you for implementing fallback.