Unable to Query DoH with `tls none` and Plain HTTP

Mon, 01 Jan 2024 04:37:06 -0800 

Hello,

Hope you are having a great day.
I am trying to setup a BIND9 DNS over HTTP (DoH but in plain HTTP) server with the ubuntu/bind9:latest docker image behind a HTTPS load balancer however I am unable to perform any DNS query with the newly installed BIND9 server(not through the load balancer). 

I am getting the following when I try to perform the query:



 ➜ curl -v -H 'accept: application/dns-message' 
'http://172.23.0.2:80/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'
*   Trying 172.23.0.2:80...
* Connected to 172.23.0.2 (172.23.0.2) port 80

GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB HTTP/1.1
Host: 172.23.0.2
User-Agent: curl/8.5.0
accept: application/dns-message


* Received HTTP/0.9 when not allowed
* Closing connection
curl: (1) Received HTTP/0.9 when not allowed




and here is my named.conf.options


options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://psrp.bbqporkmccity.com/vye5rn/iw5hSZ1O

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        
//========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See 
http://psrp.bbqporkmccity.com/vye5rn/nH13n27l
        
//========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };

        // Custom Options From Here

        allow-query { any;};

        allow-transfer { none; };

        listen-on port 53 { any; };
        listen-on port 80 tls none http default { any; };

};


Am I doing something wrong?

Thank you very much and I am looking forward to a solution.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to