Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS-over-TLS requests should default to port 853 (not 53) #646

Closed
appliedprivacy opened this issue Jun 19, 2020 · 4 comments · Fixed by #655
Closed

DNS-over-TLS requests should default to port 853 (not 53) #646

appliedprivacy opened this issue Jun 19, 2020 · 4 comments · Fixed by #655
Labels
enhancement good first issue help wanted

Comments

@appliedprivacy
Copy link

appliedprivacy commented Jun 19, 2020
edited
Loading

Thank you for adding DoT support!

DNS-over-TLS's is specified to operate on port 853/tcp.

blackbox exporter tries to talk DoT on port 53 by default, which is reserved for plain DNS.

We are proposing to change blackbox_exporter's default port of DoT connections to 853, when dns_over_tls is true.
even though it is easy to workaround this issue by adding the port to the target
eg. dot1.appliedprivacy.net:853

After implementing this change it should still be possible to specify the port via the target (since we want to test our DoT service on port 443 as well).

Host operating system:

4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux

blackbox_exporter version:

blackbox_exporter, version 0.17.0 (branch: HEAD, revision: 1bc768014cf6815f7e9d694e0292e77dd10f3235)
  build user:       root@626fb3899f41
  build date:       20200619-11:54:41
  go version:       go1.14.4

What is the blackbox.yml module config.

  dns_tcp:
    prober: dns
    dns:
      preferred_ip_protocol: "ip4" # defaults to "ip6"
      query_name: "www.prometheus.io"
      query_type: "A"
      transport_protocol: "tcp"
      dns_over_tls: true
      tls_config:
        ca_file: "/etc/blackbox_exporter/DSTRootCAX3.crt"
        server_name: "dot1.appliedprivacy.net"

What did you do that produced an error?

curl "http://localhost:9115/probe?target=dot1.appliedprivacy.net&module=dns_tcp&debug=true"

What did you expect to see?

from debug log:

caller=main.go:169 module=dns_tcp target=dot1.appliedprivacy.net level=debug msg="Making DNS query" target=94.130.106.88:853 dial_protocol=tcp4-tls query=www.prometheus.io type=1 class=1

What did you see instead?

from the debug log:

caller=main.go:169 module=dns_tcp target=dot1.appliedprivacy.net level=debug msg="Making DNS query" target=94.130.106.88:53 dial_protocol=tcp4-tls query=www.prometheus.io type=1 class=1
@brian-brazil
Copy link
Contributor

Would you like to send a PR?

@appliedprivacy
Copy link
Author

Unfortunately, I don't speak Go

@kkc
Copy link
Contributor

kkc commented Jun 23, 2020

can I work on this one?

@brian-brazil
Copy link
Contributor

Go ahead.

@kkc kkc mentioned this issue Jun 26, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change DoT default port to 853 kkc/blackbox_exporter
3 participants
@kkc @brian-brazil @appliedprivacy