SimpleDnsCrypt icon indicating copy to clipboard operation
SimpleDnsCrypt copied to clipboard

Published 20 hours ago verified publisher icon bitbeans

Feedback dns issue, and request to update dns

Open xyzmos opened this issue 5 years ago • 10 comments

Hello, I found that when Geekdns is selected as the upstream, it will not be resolved, but the direct access to the Doh address can be resolved.

Then we updated the DNS address and service: WebSite:www.233py.com We stopped recording filtered data very early. We do not log, do not filter data, and support DNSSEC. We provide a total of 6 servers, four in mainland China, and others in Hong Kong, China, and the United States.

Southern China [Guangdong] IP: 119.29.107.85 DOH: https://sdns.233py.com/dns-query Dnscrypt: sdns://AQMAAAAAAAAAEDExOS4yOS4xMDcuODU6MjIgCsUpkBu6ujbEDZ8PQI2wa3DCkDzxLlczLOwTyQTQM70ZMi5kbnNjcnlwd DOT: sdns.233py.com

Eastern China [Shanghai] IP: 47.101.136.37 DOH: https://edns.233py.com/dns-query Dnscrypt: sdns://AQMAAAAAAAAAEDQ3LjEwMS4xMzYuMzc6MjIgCRIqxqrF-npxg2-xjGLKvzuxvS7hCGgXx_x_4K85yHYZMi5kbnNjcnlwd DOT: edns.233py.com

Northern China [Beijing] IP: 114.115.240.175 DOH: https://ndns.233py.com/dns-query Dnscrypt: sdns://AQMAAAAAAAAAEjExNC4xMTUuMjQwLjE3NToyMiCLntDYEK0AwismFtMCM0YMkflJGNZiJnINFtDLcCLLwBkyLmRuc2Nye DOT:ndns.233py.com

Western China [Chongqing] IP: 118.24.208.197 DOH: https://wdns.233py.com/dns-query Dnscrypt: sdns://AQMAAAAAAAAAETExOC4yNC4yMDguMTk3OjIyIL66dzE0aNGlvYsF3RnukLk4AI3lQqSxeEo6PxHme-qZGTIuZG5zY3J5c DOT: wdns.233py.com

China Hong Kong IP: 150.109.74.164 DOH: https://hk-dns.233py.com/dns-query Dnscrypt: sdns://AQcAAAAAAAAAETE1MC4xMDkuNzQuMTY0OjIyIPcEBXJOU2jQys6br08P8yyn132SuDixQ8Oek3lhoRQoGTIuZG5zY3J5c DOT: hk-dns.233py.com

United States IP: 107.155.79.120 IPV6: 2604:880:398:0555:0000:0000:0000:0001 DOH: https://us-dns.233py.com/dns-query Dnscrypt: sdns://AQMAAAAAAAAAETEwNy4xNTUuNzkuMTIwOjIyIDzxhAPcjkUtLFGDWuU9rLKuuRzz2iKEoeO7TqqSpXkqGTIuZG5zY3J5c DOT: us-dns.233py.com

Thank you

xyzmos avatar Aug 28 '19 13:08 xyzmos

Hi!

The resolvers list is maintained here: https://github.com/DNSCrypt/dnscrypt-resolvers

And you can directly submit a pull request with your changes if you like.

The DNSCrypt stamps you posted here appear to be incorrect; they are truncated, invalid Base64. I tried to fix them but still couldn't connect. Is it supposed to be on port 22?

jedisct1 avatar Aug 28 '19 13:08 jedisct1 

[2019-08-28 15:44:54] [INFO] [geekdns-doh-east] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
[2019-08-28 15:44:54] [ERROR] Certificate hash [3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838] not found for [geekdns-doh-east]

Looks like the certificates have changed from being signed by Let's Encrypt to being signed by GlobalSign.

This is very suspicious and may be a hijack, which is why dnscrypt-proxy doesn't connect to it.

I am going to update the certificate hashes to put globalsign instead.

jedisct1 avatar Aug 28 '19 13:08 jedisct1

The no filter flag has to remain because GeekDNS is blocking ads.

jedisct1 avatar Aug 28 '19 13:08 jedisct1

Or does it? The original description mentions that it does, but the website doesn't say anything about ads.

jedisct1 avatar Aug 28 '19 13:08 jedisct1

The dnscrypt stamps destruction should be caused by translation software. The dnscrypt port is indeed 22, which is used to deal with China's complex network environment.
Geekdns closed in April this year, so filtering, including filtering off ads and trackers.

xyzmos avatar Aug 28 '19 16:08 xyzmos

sdns sdns://AQMAAAAAAAAAEDExOS4yOS4xMDcuODU6MjIgCsUpkBu6ujbEDZ8PQI2wa3DCkDzxLlczLOwTyQTQM70ZMi5kbnNjcnlwdC1jZXJ0LjIzM3B5LmNvbQ

edns sdns://AQMAAAAAAAAAEDQ3LjEwMS4xMzYuMzc6MjIgCRIqxqrF-npxg2-xjGLKvzuxvS7hCGgXx_x_4K85yHYZMi5kbnNjcnlwdC1jZXJ0LjIzM3B5LmNvbQ

ndns sdns://AQMAAAAAAAAAEjExNC4xMTUuMjQwLjE3NToyMiCLntDYEK0AwismFtMCM0YMkflJGNZiJnINFtDLcCLLwBkyLmRuc2NyeXB0LWNlcnQuMjMzcHkuY29t

wdns sdns://AQMAAAAAAAAAETExOC4yNC4yMDguMTk3OjIyIL66dzE0aNGlvYsF3RnukLk4AI3lQqSxeEo6PxHme-qZGTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

hk-dns sdns://AQcAAAAAAAAAETE1MC4xMDkuNzQuMTY0OjIyIPcEBXJOU2jQys6br08P8yyn132SuDixQ8Oek3lhoRQoGTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

us-dns sdns://AQMAAAAAAAAAETEwNy4xNTUuNzkuMTIwOjIyIDzxhAPcjkUtLFGDWuU9rLKuuRzz2iKEoeO7TqqSpXkqGTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

xyzmos avatar Aug 28 '19 16:08 xyzmos

Thanks a lot for the updated stamps! These seem to work fine!

So, should these resolvers keep being called geekdns or something different?

jedisct1 avatar Aug 28 '19 17:08 jedisct1

The US one doesn't seem to be reachable at the moment :(

jedisct1 avatar Aug 28 '19 17:08 jedisct1

And geekdns-east doesn't seem to have the correct certificate.

jedisct1 avatar Aug 28 '19 17:08 jedisct1

You can call it GeekDNS, I feel that I have provided the wrong label and I am sorry for the inconvenience. I have tested the following Stamps.

edns sdns://AQcAAAAAAAAAEDQ3LjEwMS4xMzYuMzc6MjIgCRIqxqrF-npxg2-xjGLKvzuxvS7hCGgXx_x_4K85yHYZMi5kbnNjcnlwdC1jZXJ0LjIzM3B5LmNvbQ

ndns sdns://AQcAAAAAAAAAEjExNC4xMTUuMjQwLjE3NToyMiCLntDYEK0AwismFtMCM0YMkflJGNZiJnINFtDLcCLLwBkyLmRuc2NyeXB0LWNlcnQuMjMzcHkuY29t

sdns sdns://AQcAAAAAAAAAEDExOS4yOS4xMDcuODU6MjIgCsUpkBu6ujbEDZ8PQI2wa3DCkDzxLlczLOwTyQTQM70ZMi5kbnNjcnlwdC1jZXJ0LjIzM3B5LmNvbQ

wdns sdns://AQcAAAAAAAAAETExOC4yNC4yMDguMTk3OjIyIL66dzE0aNGlvYsF3RnukLk4AI3lQqSxeEo6PxHme-qZGTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

hk-dns sdns://AQcAAAAAAAAAETE1MC4xMDkuNzQuMTY0OjIyIPcEBXJOU2jQys6br08P8yyn132SuDixQ8Oek3lhoRQoGTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

us-dns sdns://AQcAAAAAAAAAETEwNy4xNTUuNzkuMTIwOjIyIM76u0x7rmr-tinkFTrR57v5TZgT7jHJs8loyWZRMDw5GTIuZG5zY3J5cHQtY2VydC4yMzNweS5jb20

Thank you, I wish you a happy weekend.

xyzmos avatar Aug 29 '19 03:08 xyzmos