xman1
18 May 2022 17:09
1
Just searching and I am having this same problem:
I everyone, my level in english is not so hight but I will try explain me the best way.
I have been try to set up systemd , because I would like to use DoT on my DNS request. I have no problems with Ubuntu distro, I just set up /etc/systemd/system.conf.d/*.conf and work it.
However, with Manjaro I don’t know why don’t work. I have started systemd service and it is enabled but when I try test it with 1.1.1.1/help (Cloudflare test) I get this “No” in DoT requests.
When I edit the main file /etc…
Has anyone solved this? Maybe the sites are just reporting wrong?
The reason I say this is I used tcpdump and can see all my traffic for DNS is on port 853. Pulling up ngrep on both port 853 and port 53 I can see that no traffic at all is going over 53 and all the traffic on 853 looks encrypted:
33286 [AP] #5430
.....l.....G....U}.........-..y ...`...9.2....E.?..v5X...... .....4.......|.P<2....O..0t..o+..JlO(..d.E,.r.1I41.;...wl.$\...w..9...i.W^.$7S.T.{..I.X.@/#.......h#..q].7\c.m....n.[#b;.!..A...|I.......h..k..&Kmo...../...m.."X.5..D...]
o...R.. !.._..z...r.8.....#..n.A..a...:.Zh....xi.a'.Sl....S...C..9....A.....ylL..u..0N..X...y...H..h.u.J)..?Z .......}yu.....*@.o...v...]..EB.)......^..1}..G...0ZZ...T....s.i.e.(Kj...........3...........C.Lo.G.o....y........j..g[..
$...in..W...:N.........e.|G3....J.$...TU!2.9pA....=G..2.L.:.iW.!Ia4(.i...l6.p..68tPy.A21..9..M ......t..y...~.!b..S... h.1...B....V....[.:7&.;..S...bs....yrG.#QA.....>|...:Rb.,.|.:.s<....8...../..L6&...-.aX..U2s.....U....`(D.TY]...
.i......"..BKH.....A.kmQ.R,r.p..f.a....D&S.G...yK...._..<WS.\...F.,.W,..D.U.v.....1..*...b..G.dK..Zp3...\.x..p.b.?.Ek:.........:>...U.+.....{...K......`.o...M.w....<.NQ4..(..".r.s. .\O....I.lv.....b]....k.....P.....8vT-...a}...+-}_
K......*u...5.....
So why would CloudFlare say my traffic is not TLS?
They only test if you are connected to their servers not in general.
How did you set it up?
Put this in /etc/systemd/resolved.conf.d/overrides.conf
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com
FallbackDNS=
MulticastDNS=yes
DNSOverTLS=opportunistic
DNSStubListener=yes
Then start and enable the resolver:
systemctl enable --now systemd-resolved
And then link the stub file:
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Arisa
18 May 2022 21:01
3
Yes, the site is reporting it wrong
If that’s so then your DNS requests are going over TLS, so you are all fine
I recommend to also enable DNSSEC when you are at it
xman1
19 May 2022 00:26
4
I also have DNSSEC on. Thanks for the recommendation though.
Strange that two sites report it as not working. SOmething weird going on.
The page itself can’t know if your using DoT or not.
Your browser is asking for the address of a house. If you arrive at the house, how would the house know who you asked for directions?
xman1
21 May 2022 17:06
6
Cloudflare would know, which is who I am testing with and using DNS services with.
It is what it is. It is broken I guess.