Unable to Query DoH with `tls none` and Plain HTTP

r1wcp42w at bbqporkmccity.com r1wcp42w at bbqporkmccity.com
Mon Jan 1 12:35:50 UTC 2024 

Hello,

Hope you are having a great day.

I am trying to setup a BIND9 DNS over HTTP (DoH but in plain HTTP) 
server with the ubuntu/bind9:latest docker image behind a HTTPS load 
balancer however I am unable to perform any DNS query with the newly 
installed BIND9 server(not through the load balancer).

I am getting the following when I try to perform the query:


>  ➜ curl -v -H 'accept: application/dns-message' 'http://172.23.0.2:80/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'
> *   Trying 172.23.0.2:80...
> * Connected to 172.23.0.2 (172.23.0.2) port 80
>> GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB HTTP/1.1
>> Host: 172.23.0.2
>> User-Agent: curl/8.5.0
>> accept: application/dns-message
>> 
> * Received HTTP/0.9 when not allowed
> * Closing connection
> curl: (1) Received HTTP/0.9 when not allowed



and here is my named.conf.options

> options {
>         directory "/var/cache/bind";
> 
>         // If there is a firewall between you and nameservers you want
>         // to talk to, you may need to fix the firewall to allow multiple
>         // ports to talk.  See http://psrp.bbqporkmccity.com/vye5rn/iw5hSZ1O
> 
>         // If your ISP provided one or more IP addresses for stable
>         // nameservers, you probably want to use them as forwarders.
>         // Uncomment the following block, and insert the addresses replacing
>         // the all-0's placeholder.
> 
>         // forwarders {
>         //      0.0.0.0;
>         // };
> 
>         //========================================================================
>         // If BIND logs error messages about the root key being expired,
>         // you will need to update your keys.  See http://psrp.bbqporkmccity.com/vye5rn/nH13n27l
>         //========================================================================
>         dnssec-validation auto;
> 
>         listen-on-v6 { any; };
> 
>         // Custom Options From Here
> 
>         allow-query { any;};
> 
>         allow-transfer { none; };
> 
>         listen-on port 53 { any; };
>         listen-on port 80 tls none http default { any; };
> 
> };

Am I doing something wrong?

Thank you very much and I am looking forward to a solution.

More information about the bind-users mailing list