Troubleshooting DNS over TLS

$ echo | openssl s_client -connect ‘185.228.168.168:853’ |grep -B 2 -A 5 “Certificate chain”
depth=1 C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
CONNECTED(00000003)
— -
Certificate chain
0 s:/CN=cleanbrowsing.org
i:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
1 s:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

$ echo | openssl s_client -connect ‘1.1.1.1:853’
0 s:/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=*.cloudflare-dns.com
i:/C=US/O=DigiCert Inc/CN=DigiCert ECC Secure Server CA

$ git clone https://github.com/dcid/dns-over-tls-php-client

Cloning into ‘dns-over-tls-php-client’…
remote: Counting objects: 13, done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 13 (delta 2), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (13/13), done.

$ php dnstls.php google.com cloudflare
google.com has address 74.125.24.100
google.com has address 74.125.24.101

Warning: stream_socket_client(): unable to connect to ssl://1.1.1.1:853 (Operation timed out) in /Users/nyk/dns-over-tls-php-client/dnstls.php on line 234

Warning: stream_socket_client(): Peer certificate CN=`*.cloudflare-dns.com’ did not match expected CN=`1.1.1.1' in /Users/nyk/dns-over-tls-php-client/dnstls.php on line 234

$ php dnstls.php pornhub[.]com cleanbrowsing
Host pornhub[.]com not found: 3(NXDOMAIN)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store