Regression in 1.17: dns-over-tls and dns-over-https seem to be broken #1378
Description
When ssserver is 1.17+, setting "dns": "cloudflare_tls" (or any other built-in DoT/DoH server) causes all resolution to fail. It worked fine pre-1.17.0.
Steps to reproduce
- Build 1.17.0 or 1.17.1 with features
dns-over-tlsanddns-over-https - On an unfirewalled machine, create the following config files:
server.json5:
{
"server": "127.0.0.1",
"server_port": 1337,
"method": "chacha20-ietf-poly1305",
"password": "foobar",
"dns": "cloudflare_tls",
}client.json5:
{
"local_address": "127.0.0.1",
"local_port": 1080,
"protocol": "http",
"server": "127.0.0.1",
"server_po7rt": 1337,
"method": "chacha20-ietf-poly1305",
"password": "foobar",
}- Start both server and client:
ssserver -c server.json5 & sslocal -c server.json5
- Try to visit any website through the tunnel and observe the failure:
https_proxy=http://127.0.0.1:1080 curl https://google.com
ERROR tcp tunnel ... connect failed, error: dns resolve google.com:443 error: proto error: io error: invalid data
Note: sometimes the IO error is Network is unreachable (os error 101)
- Try again with 1.16.2; expecting everything to work
Environment
OS: Rocky Linux 9 5.14.0-362.8.1.el9_3.x86_64
Rust: 1.74.0
GCC: 11.4.1
Build command: RUSTFLAGS="-C strip=symbols" cargo build --release --features dns-over-https,dns-over-tls,local-dns,local-http-rustls,local-redir,local-tun