-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trust-dns quic client can not querry trust-dns quic server #2015
Comments
Looks like you're not setting the ALPN protocol correctly for TLS/QUIC implementations. |
@djc is calling I have not found anything at the doc of trust-dns-server about ALPN. |
According to your logs, the server is saying that the client didn't set any protocols it understands. |
So the kdig seems to use the wrong ALPN. So I should report this kdig instead. But trust-dns should be able to querry trust-dns via quic. |
trust-dns should be working when communicating with it's libraries to the server. We have test coverage for this in https://github.com/bluejekyll/trust-dns/blob/main/bin/tests/named_quic_tests.rs. Is the certificate not being validated correctly? |
ALPN on the Client is set here: https://github.com/bluejekyll/trust-dns/blob/202fe2a8a4cade9df2789ae52fee2ce91749a1a7/crates/proto/src/quic/quic_client_stream.rs#L240-L247 I don't think the ALPN is configurable on the server right now, that is set here: https://github.com/bluejekyll/trust-dns/blob/202fe2a8a4cade9df2789ae52fee2ce91749a1a7/crates/proto/src/quic/quic_server.rs#L51 The ALPN for quic is defined here: https://github.com/bluejekyll/trust-dns/blob/202fe2a8a4cade9df2789ae52fee2ce91749a1a7/crates/proto/src/quic/quic_stream.rs#L24 |
At least kdig have no issue with it. I am currently not sure what I can do. Quic is currently not widely used, which make it difficult to test it, witch other clients/servers. |
See also #1990? |
@LuckyTurtleDev, do you think you could try this with the current |
I will try out this tomorrow. |
Actually, you might want to wait, see this comment, I'm not sure it's the root cause of this issue, but it could be related: #1990 (comment) |
Describe the bug
I have notify some strange behavior if I am hosting tls and quic dns server using the server crate.
Dependent on the client some protocols do not work.
kdig is a dig clone with quic, tls, https support.
carb-hole is a pi-hole clone using trust dns (trust_dns_server::store::forwarder).
Debug output of client crab-hole instance trying to querry server crab-hole via quic (kdig --udp--> carb-hole(client) --quic-⚡-> carb-hole(server) --tls-> cloudflare).
crab-hole server log (quic):
kdig logs (issue of kdig see #2015 (comment) )
output of kdig using tls (kdig --tls-⚡-> carb-hole(server) --tls-> cloudflare)
carb-hole sever log if using kdig via tls:
To Reproduce
client crab-hole:
client config
server crab-hole docker-compose
server crab-hole config
Expected behavior
successful request
System:
Version:
Crate: server
Version: 0.23.0
The text was updated successfully, but these errors were encountered: