Skip to content

Commit

Permalink
Fix: set DoH req's SNI and HTTP host to avoid certificate verify fail…
Browse files Browse the repository at this point in the history
… and CF DNS 403

daeuniverse#649 (comment)
  • Loading branch information
EkkoG committed Sep 26, 2024
1 parent bc5204d commit d7d2d3e
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions control/dns_control.go
Original file line number Diff line number Diff line change
Expand Up @@ -665,7 +665,7 @@ func (c *DnsController) dialSend(invokingDepth int, req *udpRequest, data []byte
client := &http.Client{
Transport: roundTripper,
}
msg, err := httpDNS(client, dialArgument.bestTarget.String(), data)
msg, err := httpDNS(client, dialArgument.bestTarget.String(), upstream.Hostname, data)
if err != nil {
return err
}
Expand Down Expand Up @@ -742,14 +742,18 @@ func (c *DnsController) dialSend(invokingDepth int, req *udpRequest, data []byte
case dns.UpstreamScheme_HTTPS:

httpTransport := http.Transport{
TLSClientConfig: &tls.Config{
ServerName: upstream.Hostname,
InsecureSkipVerify: false,
},
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
return &netproxy.FakeNetConn{Conn: conn}, nil
},
}
client := http.Client{
Transport: &httpTransport,
}
msg, err := httpDNS(&client, dialArgument.bestTarget.String(), data)
msg, err := httpDNS(&client, dialArgument.bestTarget.String(), upstream.Hostname, data)
if err != nil {
return err
}
Expand Down Expand Up @@ -846,7 +850,7 @@ func (c *DnsController) dialSend(invokingDepth int, req *udpRequest, data []byte
return nil
}

func httpDNS(client *http.Client, target string, data []byte) (respMsg *dnsmessage.Msg, err error) {
func httpDNS(client *http.Client, target string, host string, data []byte) (respMsg *dnsmessage.Msg, err error) {
serverURL := url.URL{
Scheme: "https",
Host: target,
Expand All @@ -859,6 +863,7 @@ func httpDNS(client *http.Client, target string, data []byte) (respMsg *dnsmessa
}
req.Header.Set("Content-Type", "application/dns-message")
req.Header.Set("Accept", "application/dns-message")
req.Host = host
resp, err := client.Do(req)
if err != nil {
return nil, err
Expand Down

0 comments on commit d7d2d3e

Please sign in to comment.