Not working if DoH Path is something other than /dns-query

[CaptainXLAB]

I have my own VPS setup with DoH working fine.

Everything works well if I use /dns-query as path on my webserver.

If I change the path (in DNS stamp) to something else like /doh-query, all the queries in query log report resolver as "-" and live 0ms. On my webserver's query log, I can see endless "NS" queries with either example.com or random strings with test.dnscrypt as the domain -- <random_string>.test.dnscrypt and DNS stops working on Windows.

Going through long term data on pihole, I guess these queries are done to prevent malware of some sort which would reply with a malicious IP on every possible query, since these queries have been done every few days since I set the server up.

I know that the new address /doh-query works because I tested it with browsers (chrome and firefox's DoH feature) and I also tested it with a standalone tool "dnslookup" which can be used to test various types of DNS queries to directly query my server over DoH using the URL which were all successful (I even see successful queries in query logs).

(apparently the IP of google.com can also give away your location as granular as which city you are in - removed IP from images)

I even monitored the connections made by dnscrypt-proxy.exe with various tools and all connections do go to my webserver's external IPv4 - no problems there either. I properly verified the stamp and everything else already - quite sure the cause is somewhere in simplednscrypt.

Live, PASS status in queries with - in resolver name when using /doh-query in path:

Same everything with /dns-query path (name shows up, cropped it):

Any fixes for SimpleDNScrypt not working with a different query path?

[instantsc]

Does manually configuring dnscrypt-proxy using your timestamp with a custom path work? If not, there's nothing I can do here as SimpleDnsCrypt is just a proxy for that. If it does, there must be some difference in how the dnscrypt-proxy.toml looks when configuring manually/through SimpleDnsCrypt.

[CaptainXLAB]

Does manually configuring dnscrypt-proxy using your timestamp with a custom path work?

I guess you mean dns stamp under the [static] section in the .toml file - yes, I tried manually pasting the dns stamp there with a new entry and the same behavior continues. Lots of <random_string>.test.dnscrypt requests being resolved as either BLOB or NXDOMAIN constantly, not working and dnscrypt-proxy doesn't even send any actual requests... :/

Wanted to do this since dns-query is the most common path and I don't want my dns resolver to act like a public resolver over HTTPS (since anyone who knows the domain name can use it as a dns server too). Although there are other ways around it, a different random query path was the easiest of them all.

In my query log, I see a lot of similar <randomstring>.test.dnscrypt queries go through every day at certain times, through the dns-query path and everything continues to work. I have no idea why doh-query or any other path doesn't work but keeps sending these random requests endlessly and does nothing...

I guess I'll have to mess around with the latest version of dnscrypt-proxy myself without the GUI to try and see why this happens and if there is a solution.

[instantsc]

Any news here?

[CaptainXLAB]

Any news here?

Don't know what the reason was behind this so I switched to the non-gui / cli latest version of dnscrypt-proxy and everything seems to just work there. One-time setup and working, I can make-do without the GUI. I'll experiment with this more when I have free time.

If you want, try setting up nextdns and try using it with simplednscrypt (gui) - see if that works... Nextdns is quite easy to set up (as compared to the whole setup on ubuntu server with nginx)

[instantsc]

Alright, thanks, I'll keep it in mind.