The cause of death of a large number of DOH is unknown. #2380

57382 · 2023-04-23T13:25:27Z

57382
Apr 23, 2023

OpenWrt 21.02.6 Stable Release arm cpu
dnscrypt-proxy 2.1.2
server_names = []
timeout = 10000
bootstrap_resolvers = ['127.0.0.1:53']
Dnsmasq forwards DNS requests to local port 53.
This will force DNSCRYPT to act as its own bootstrap_resolvers.

ignore_system_dns = false
Because the ISP DNS of the system has been killed by me,
there is no other DNS, only DNSCRYPT.
This will force DNSCRYPT to use local port 53.
This causes the request to end up returning DNSCRYPT itself.

My dnscrypt-proxy parameters are set as follows:

Only the DOH parser is enabled.
Disable DNSCRYPT and other resolvers.
require_dnssec = false
require_nolog = false
require_nofilter = false
This enables all 120+ DOH resolvers.

Special settings:
Disable IPV6 completely.
Disable DNS cache completely. DNSCRYPT and Dnsmasq.
Disable ISP DNS completely. IPV4 and IPV6.
Lock Windows DNS to 192.168.1.1.
Completely disable Browser Secure DNS.
Force use of router DNS.

Rigorous multiple times, verify all the above settings.

Test against doh.ffmuc.net 5.1.66.255 using SmartDNS. Very rigorous testing. Verified that ffmuc works 100%. Verified that ffmuc dnssec works 100%. The ping is about 200ms.

Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Network connectivity detected
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
Sun Apr 23 09:46:08 2023 daemon.notice netifd: Wireless device 'radio1' is now up
Sun Apr 23 09:46:08 2023 daemon.notice netifd: Network device 'wlan1' link is up
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Source [public-resolvers] loaded
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Source [relays] loaded
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Captive portals handler enabled
Sun Apr 23 09:46:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:08] [NOTICE] Firefox workaround initialized
Sun Apr 23 09:46:09 2023 daemon.info dnsmasq[2870]: Connected to system UBus
Sun Apr 23 09:46:11 2023 daemon.info dnsmasq[3184]: Connected to system UBus
Sun Apr 23 09:46:20 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:20] [INFO] [plan9dns-mx-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 09:46:20 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:20] [NOTICE] [plan9dns-mx-doh] OK (DoH) - rtt: 277ms
Sun Apr 23 09:46:24 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:24] [INFO] [dns.digitalsize.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 09:46:24 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:24] [NOTICE] [dns.digitalsize.net] OK (DoH) - rtt: 394ms
Sun Apr 23 09:46:26 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:26] [INFO] [doh.appliedprivacy.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 09:46:26 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 01:46:26] [NOTICE] [doh.appliedprivacy.net] OK (DoH) - rtt: 282ms
Sun Apr 23 16:03:55 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:03:55] [INFO] [adfilter-syd] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:03:55 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:03:55] [NOTICE] [adfilter-syd] OK (DoH) - rtt: 201ms
Sun Apr 23 16:03:58 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:03:58] [INFO] [sth-doh-se] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:03:58 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:03:58] [NOTICE] [sth-doh-se] OK (DoH) - rtt: 297ms
Sun Apr 23 16:04:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:04:10] [INFO] [bortzmeyer] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:04:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:04:10] [NOTICE] [bortzmeyer] OK (DoH) - rtt: 209ms
Sun Apr 23 16:04:13 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:04:13] [INFO] A response with status code 2 was received - this is usually a temporary, remote issue with the configuration of the domain name
Sun Apr 23 16:04:48 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:04:48] [INFO] [publicarray-au2-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:04:48 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:04:48] [NOTICE] [publicarray-au2-doh] OK (DoH) - rtt: 1946ms
Sun Apr 23 16:05:02 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:02] [INFO] [doh-cleanbrowsing-security] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Sun Apr 23 16:05:02 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:02] [NOTICE] [doh-cleanbrowsing-security] OK (DoH) - rtt: 260ms
Sun Apr 23 16:05:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:04] [INFO] [he] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:05:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:04] [NOTICE] [he] OK (DoH) - rtt: 248ms
Sun Apr 23 16:05:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:04] [INFO] [alidns-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:05:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:05:04] [NOTICE] [alidns-doh] OK (DoH) - rtt: 99ms
Sun Apr 23 16:06:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:11] [INFO] [iij] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:06:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:11] [NOTICE] [iij] OK (DoH) - rtt: 147ms
Sun Apr 23 16:06:47 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:47] [INFO] [doh-ibksturm] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:06:47 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:47] [NOTICE] [doh-ibksturm] OK (DoH) - rtt: 171ms
Sun Apr 23 16:06:48 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:48] [INFO] [cisco-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:06:48 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:06:48] [NOTICE] [cisco-doh] OK (DoH) - rtt: 236ms
Sun Apr 23 16:07:09 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:09] [INFO] [tuna-doh-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:07:09 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:09] [NOTICE] [tuna-doh-ipv4] OK (DoH) - rtt: 78ms
Sun Apr 23 16:07:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:10] [INFO] [plan9dns-nj-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:07:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:10] [NOTICE] [plan9dns-nj-doh] OK (DoH) - rtt: 262ms
Sun Apr 23 16:07:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:11] [INFO] [dns.sb] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:07:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:11] [NOTICE] [dns.sb] OK (DoH) - rtt: 182ms
Sun Apr 23 16:07:23 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:23] [INFO] [adfilter-adl] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:07:23 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:23] [NOTICE] [adfilter-adl] OK (DoH) - rtt: 443ms
Sun Apr 23 16:07:45 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:45] [INFO] [cloudflare-family] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:07:45 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:07:45] [NOTICE] [cloudflare-family] OK (DoH) - rtt: 243ms
Sun Apr 23 16:08:07 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:07] [INFO] [meganerd-doh-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:08:07 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:07] [NOTICE] [meganerd-doh-ipv4] OK (DoH) - rtt: 255ms
Sun Apr 23 16:08:50 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:50] [INFO] [circl-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:08:50 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:50] [NOTICE] [circl-doh] OK (DoH) - rtt: 236ms
Sun Apr 23 16:08:52 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:52] [INFO] [att] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:08:52 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:08:52] [NOTICE] [att] OK (DoH) - rtt: 224ms
Sun Apr 23 16:09:06 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:06] [INFO] [mullvad-adblock-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:09:06 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:06] [NOTICE] [mullvad-adblock-doh] OK (DoH) - rtt: 236ms
Sun Apr 23 16:09:34 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:34] [INFO] [libredns] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:09:34 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:34] [NOTICE] [libredns] OK (DoH) - rtt: 1790ms
Sun Apr 23 16:09:52 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:52] [INFO] [qihoo360-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:09:52 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:52] [NOTICE] [qihoo360-doh] OK (DoH) - rtt: 381ms
Sun Apr 23 16:09:54 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:54] [INFO] [doh-crypto-sx] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:09:54 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:09:54] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 411ms
Sun Apr 23 16:10:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:04] [INFO] [dnscrypt.ca-2-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:10:04 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:04] [NOTICE] [dnscrypt.ca-2-doh] OK (DoH) - rtt: 375ms
Sun Apr 23 16:10:36 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:36] [INFO] [ams-doh-nl] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:10:36 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:36] [NOTICE] [ams-doh-nl] OK (DoH) - rtt: 163ms
Sun Apr 23 16:10:42 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:42] [INFO] [adfree.usableprivacy.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:10:42 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:10:42] [NOTICE] [adfree.usableprivacy.net] OK (DoH) - rtt: 375ms
Sun Apr 23 16:11:06 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:06] [INFO] [dnscrypt.ca-1-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
Sun Apr 23 16:11:06 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:06] [NOTICE] [dnscrypt.ca-1-doh] OK (DoH) - rtt: 1667ms
Sun Apr 23 16:11:07 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:07] [INFO] [controld-uncensored] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:07 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:07] [NOTICE] [controld-uncensored] OK (DoH) - rtt: 130ms
Sun Apr 23 16:11:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:08] [INFO] [brahma-world] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:08 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:08] [NOTICE] [brahma-world] OK (DoH) - rtt: 181ms
Sun Apr 23 16:11:09 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:09] [INFO] [dns.ryan-palmer] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:09 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:09] [NOTICE] [dns.ryan-palmer] OK (DoH) - rtt: 282ms
Sun Apr 23 16:11:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:10] [INFO] [uncensoreddns-dk-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:10 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:10] [NOTICE] [uncensoreddns-dk-ipv4] OK (DoH) - rtt: 186ms
Sun Apr 23 16:11:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:11] [INFO] [dnspod] TLS version: 303 - Protocol: h2 - Cipher suite: 49195
Sun Apr 23 16:11:11 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:11] [NOTICE] [dnspod] OK (DoH) - rtt: 217ms
Sun Apr 23 16:11:12 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:12] [INFO] [adfilter-per] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:12 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:12] [NOTICE] [adfilter-per] OK (DoH) - rtt: 201ms
Sun Apr 23 16:11:13 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:13] [INFO] [uncensoreddns-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:13 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:13] [NOTICE] [uncensoreddns-ipv4] OK (DoH) - rtt: 190ms
Sun Apr 23 16:11:15 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:15] [INFO] [cloudflare] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:15 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:15] [NOTICE] [cloudflare] OK (DoH) - rtt: 239ms
Sun Apr 23 16:11:19 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:19] [INFO] [dnslow.me] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
Sun Apr 23 16:11:19 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:19] [NOTICE] [dnslow.me] OK (DoH) - rtt: 127ms
Sun Apr 23 16:11:20 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:20] [INFO] A response with status code 2 was received - this is usually a temporary, remote issue with the configuration of the domain name
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] Sorted latencies:
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -    78ms tuna-doh-ipv4
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -    99ms alidns-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   127ms dnslow.me
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   130ms controld-uncensored
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   147ms iij
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   163ms ams-doh-nl
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   171ms doh-ibksturm
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   181ms brahma-world
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   182ms dns.sb
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   186ms uncensoreddns-dk-ipv4
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   190ms uncensoreddns-ipv4
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   201ms adfilter-syd
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   201ms adfilter-per
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   209ms bortzmeyer
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   217ms dnspod
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   224ms att
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   236ms circl-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   236ms mullvad-adblock-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   236ms cisco-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   239ms cloudflare
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   243ms cloudflare-family
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   248ms he
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   255ms meganerd-doh-ipv4
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   260ms doh-cleanbrowsing-security
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   262ms plan9dns-nj-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   277ms plan9dns-mx-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   282ms doh.appliedprivacy.net
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   282ms dns.ryan-palmer
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   297ms sth-doh-se
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   375ms dnscrypt.ca-2-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   375ms adfree.usableprivacy.net
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   381ms qihoo360-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   394ms dns.digitalsize.net
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   411ms doh-crypto-sx
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -   443ms adfilter-adl
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -  1667ms dnscrypt.ca-1-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -  1790ms libredns
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] -  1946ms publicarray-au2-doh
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] Server with the lowest initial latency: tuna-doh-ipv4 (rtt: 78ms)
Sun Apr 23 16:11:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:11:29] [NOTICE] dnscrypt-proxy is ready - live servers: 38
Sun Apr 23 16:21:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:21:29] [INFO] Updating stamp for [dns.digitale-gesellschaft.ch] was: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5 now: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDOgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5
Sun Apr 23 16:21:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:21:29] [INFO] Updating stamp for [dns.sb] was: sdns://AgcAAAAAAAAACzQ1LjExLjQ1LjExIJo6NPcn3rm8pRAD2c6cOfjyfdnFJCkBwrqxpE5jWgIZCzQ1LjExLjQ1LjExCi9kbnMtcXVlcnk now: sdns://AgcAAAAAAAAADzE4NS4yMjIuMjIyLjIyMiCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ8xODUuMjIyLjIyMi4yMjIKL2Rucy1xdWVyeQ
Sun Apr 23 16:21:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:21:29] [INFO] Updating stamp for [doh-crypto-sx] was: sdns://AgcAAAAAAAAADjE3Mi42Ny4xMzQuMTU3AA1kb2guY3J5cHRvLnN4Ci9kbnMtcXVlcnk now: sdns://AgcAAAAAAAAACzEwNC4yMS42Ljc4AA1kb2guY3J5cHRvLnN4Ci9kbnMtcXVlcnk
Sun Apr 23 16:21:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:21:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-nofilter-ecs-pri] was: sdns://AgYAAAAAAAAACDkuOS45LjEyICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEyLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ now: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEyICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEyLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
Sun Apr 23 16:21:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:21:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-nofilter-pri] was: sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk now: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [dns.digitale-gesellschaft.ch] was: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDOgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5 now: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [dns.sb] was: sdns://AgcAAAAAAAAADzE4NS4yMjIuMjIyLjIyMiCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ8xODUuMjIyLjIyMi4yMjIKL2Rucy1xdWVyeQ now: sdns://AgcAAAAAAAAACzQ1LjExLjQ1LjExIJo6NPcn3rm8pRAD2c6cOfjyfdnFJCkBwrqxpE5jWgIZCzQ1LjExLjQ1LjExCi9kbnMtcXVlcnk
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-nofilter-ecs-pri] was: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEyICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEyLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ now: sdns://AgYAAAAAAAAACDkuOS45LjEyICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEyLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-filter-ecs-pri] was: sdns://AgMAAAAAAAAACDkuOS45LjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczExLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk now: sdns://AgMAAAAAAAAADjE0OS4xMTIuMTEyLjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczExLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-filter-pri] was: sdns://AgMAAAAAAAAADzE0OS4xMTIuMTEyLjExMiAqFfXWrLbnwJAa3k67x0OyzNSJAytG4WQvBpNoMAElihJkbnMucXVhZDkubmV0OjUwNTMKL2Rucy1xdWVyeQ now: sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjkgKhX11qy258CQGt5Ou8dDsszUiQMrRuFkLwaTaDABJYoTZG5zOS5xdWFkOS5uZXQ6NTA1MwovZG5zLXF1ZXJ5
Sun Apr 23 16:31:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:31:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-nofilter-pri] was: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk now: sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [dns.digitale-gesellschaft.ch] was: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5 now: sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDOgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984cZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAovZG5zLXF1ZXJ5
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-filter-ecs-pri] was: sdns://AgMAAAAAAAAACDkuOS45LjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczExLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ now: sdns://AgMAAAAAAAAADjE0OS4xMTIuMTEyLjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczExLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-filter-pri] was: sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjkgKhX11qy258CQGt5Ou8dDsszUiQMrRuFkLwaTaDABJYoSZG5zOS5xdWFkOS5uZXQ6NDQzCi9kbnMtcXVlcnk now: sdns://AgMAAAAAAAAADzE0OS4xMTIuMTEyLjExMiAqFfXWrLbnwJAa3k67x0OyzNSJAytG4WQvBpNoMAElihFkbnMucXVhZDkubmV0OjQ0MwovZG5zLXF1ZXJ5
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-nofilter-pri] was: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEwLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ now: sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEwLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-filter-ecs-pri] was: sdns://AgMAAAAAAAAADjE0OS4xMTIuMTEyLjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczExLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk now: sdns://AgMAAAAAAAAACDkuOS45LjExICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczExLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk
Sun Apr 23 16:41:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:41:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-filter-pri] was: sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjkgKhX11qy258CQGt5Ou8dDsszUiQMrRuFkLwaTaDABJYoTZG5zOS5xdWFkOS5uZXQ6NTA1MwovZG5zLXF1ZXJ5 now: sdns://AgMAAAAAAAAADzE0OS4xMTIuMTEyLjExMiAqFfXWrLbnwJAa3k67x0OyzNSJAytG4WQvBpNoMAElihJkbnMucXVhZDkubmV0OjUwNTMKL2Rucy1xdWVyeQ
Sun Apr 23 16:51:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:51:29] [INFO] Updating stamp for [dns.sb] was: sdns://AgcAAAAAAAAACzQ1LjExLjQ1LjExIJo6NPcn3rm8pRAD2c6cOfjyfdnFJCkBwrqxpE5jWgIZCzQ1LjExLjQ1LjExCi9kbnMtcXVlcnk now: sdns://AgcAAAAAAAAADzE4NS4yMjIuMjIyLjIyMiCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ8xODUuMjIyLjIyMi4yMjIKL2Rucy1xdWVyeQ
Sun Apr 23 16:51:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:51:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-filter-pri] was: sdns://AgMAAAAAAAAADzE0OS4xMTIuMTEyLjExMiAqFfXWrLbnwJAa3k67x0OyzNSJAytG4WQvBpNoMAElihFkbnMucXVhZDkubmV0OjQ0MwovZG5zLXF1ZXJ5 now: sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjkgKhX11qy258CQGt5Ou8dDsszUiQMrRuFkLwaTaDABJYoSZG5zOS5xdWFkOS5uZXQ6NDQzCi9kbnMtcXVlcnk
Sun Apr 23 16:51:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:51:29] [INFO] Updating stamp for [quad9-doh-ip4-port443-nofilter-pri] was: sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEwLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ now: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKE2RuczEwLnF1YWQ5Lm5ldDo0NDMKL2Rucy1xdWVyeQ
Sun Apr 23 16:51:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:51:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-filter-pri] was: sdns://AgMAAAAAAAAADzE0OS4xMTIuMTEyLjExMiAqFfXWrLbnwJAa3k67x0OyzNSJAytG4WQvBpNoMAElihJkbnMucXVhZDkubmV0OjUwNTMKL2Rucy1xdWVyeQ now: sdns://AgMAAAAAAAAABzkuOS45LjkgKhX11qy258CQGt5Ou8dDsszUiQMrRuFkLwaTaDABJYoTZG5zOS5xdWFkOS5uZXQ6NTA1MwovZG5zLXF1ZXJ5
Sun Apr 23 16:51:29 2023 daemon.err dnscrypt-proxy[1073]: [2023-04-23 08:51:29] [INFO] Updating stamp for [quad9-doh-ip4-port5053-nofilter-pri] was: sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk now: sdns://AgYAAAAAAAAADjE0OS4xMTIuMTEyLjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEwLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk

The current number of DOH resolver servers is 127.
127-38, we get 89 DOH dead body.

Do the same multiple tests with your DNSCRYPT. I get: ffmuc is dead. ffmuc is dead. ffmuc is dead.
For testing purposes, I only traced ffmuc. If I tracked down more, I would undoubtedly find more DOH dying of your DNSCRYPT.
I have enabled DNSCRYPT log 0. But got nothing. Didn't get the doh.ffmuc.net error.
I correctly filled in the IP of doh.ffmuc.net in captive-portals.txt. Thus prompting doh.ffmuc.net to avoid stepping on your bootstrap_resolvers.

I know that DNSCRYPT hardcodes 9.9.9.9 as built-in DNS.
Your 9.9.9.9 is a virus. I had to completely ban the 9.9.9.9 IP using the firewall.
In my network environment, ISPs go crazy attacking insecure legacy DNS.
This will cause a large number of domain name resolution failures. These are DOH server domain names. These are the domain names that DNSCRYPT uses to update SDNS.
That's why I spit out 9.9.9.9. It is poisonous food.

A similar resolver, SmartDNS, does not have hardcoded DNS.
I just disable ISP DNS, delete all DNS of SmartDNS,
Using SmartDNS I was able to destroy my DNS resolution and not be able to open any web pages.
It's sensible, and it allows me to do what I want. Your hardcoded 9.9.9.9 is just plain stupid.
SmartDNS does not use bootstrap_resolvers. This is a Heartbleed method.
It can directly use the DOH which has the IP address. As long as one DOH's IP is running normally, it will automatically use this IP to resolve the IP addresses of all other DOHs. We have more than 120 DOH servers. Most of them have fixed IP addresses. So SmartDNS never fails.
And your 9.9.9.9 will be killed by the ISP at the starting line. LOL. What's more, your 9.9.9.9 will lead 120+ DOH to die together.

Your require_dnssec is also a joke. This is even more useless than require_nolog. Some DOH resolvers claim to be dnssec. Is this really the case? Absolutely not! require_dnssec=true. Then go to https://en.internet.nl/connection. Test several times. You will fall over dnssec many times. require_dnssec is only symbolic in nature. As long as the resolver says that it is dnssec, it will enter the dnssec list of DNSCRYPT. This is a serious mistake! You cannot verify the authenticity of require_nolog. But for dnssec you can use internet.nl and many other similar sites for authenticity verification. Only by passing the actual test can it be marked as dnssec.
If the DOH resolver is not dnssec it can still be killed by the ISP!
Use SmartDNS. I can just specify DOHdnssec as a resolver for other DOHs.
DOH dnssec ensures food is safe.

It's also silly to force an update of the resolvers list. refresh_delay Max 168 hours limit. Greater folly is yet to come. Suppose the copy of DNSCRYPT-PROXY was published a month ago. public-resolvers.md has not been updated for a month at this time. DNSCRYPT will intelligently treat it as a completely invalid resolver. At this point, you are the same as if there is no public-resolvers.md file! DNSCRYPT will resolve and download new public-resolvers.md with hardcoded 9.9.9.9. Looks like it's right up your alley again. LOL.

dnscrypt-proxy is the worst program design I have ever seen.

jedisct1 · 2023-04-23T13:43:46Z

jedisct1
Apr 23, 2023
Maintainer

Yes.

1 reply

57382 Apr 23, 2023
Author

Yes.

It must be stated that I have no malicious intentions. Even when I speak harshly and look unfriendly.
I'm just pointing out the current problem as objectively as possible. For DOH. It is my wish that dnscrypt-proxy be better.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The cause of death of a large number of DOH is unknown. #2380

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

The cause of death of a large number of DOH is unknown. #2380

57382 Apr 23, 2023

Replies: 1 comment · 1 reply

jedisct1 Apr 23, 2023 Maintainer

57382 Apr 23, 2023 Author

57382
Apr 23, 2023

Replies: 1 comment 1 reply

jedisct1
Apr 23, 2023
Maintainer

57382 Apr 23, 2023
Author