Am 17.06.21 um 19:48 schrieb Aaron D. Gifford via Unbound-users:
> On 6/17/21 11:19 AM, A. Schulze via Unbound-users wrote:
>> Am 17.06.21 um 18:17 schrieb Aaron D. Gifford via Unbound-users:
>>> Hi,
>>>
>>> I've been trying out DoH using Unbound 1.13.1 on a FreeBSD host and a Let's
>>> Encrypt TLS certificate. Unbound starts and listens on my DoH port, and
>>> when I connect to it, the TLS session is established as expected. I can
>>> send DNS queries and the server sends me a response, but it's one byte
>>> short and is simply a reply containing NO RR records, only the original
>>> question sent to the server, oddly truncated by a single byte.
>> Hi,
>>
>> you didn't describe, which client you used to send the DoH query.
>
> I sent the HTTP/2 GET query using libcurl's facilities. I don't believe the
> querying code nor HTTP/2 HTTP/1.1 HTTP/1.0 implementation libcurl uses is
> related to why the server's response is truncated, one byte short of a valid
> application/dns-message response. Whether I send it using libcurl or from
> the CLI with the curl command directly, the issue is the same.
>
> And to be clear, the client isn't doing the reply truncation. The HTTP/2
> server response clearly includes a "Content-Length: 27" header, indicating
> the FULL reply is exactly 27 bytes in size. And I fully documented in my
> original post how it SHOULD have been a 28-byte reply to be a valid
> "Content-Type: application/dns-message" response. The "question" section of
> the response was one-byte short, supplying only a single zero byte where a
> two-byte value is described in the DNS RFCs for the question section's rtype
> field. Two bytes, a zero followed by a one, were expected, where only a
> single zero byte was provided. This is why I suspect this truncation issue
> might be a bug in Unbound.
as the DoH-implementation depends on libnghttp2: which version do you use?
I'm on 1.43.0 (https://packages.debian.org/bullseye/libnghttp2-14)
unforunately, "unbound -V" don't mention this version
in contrast to "Linked libs: libev 4.33 (it uses epoll), OpenSSL 1.1.1k 25 Mar
2021"
@nlnetlabs: feature request :-)
Andreas
