Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"tls: failed to verify certificate: x509: certificate is valid" when using certain resolvers #2801

Open
Baltazar500 opened this issue Mar 7, 2025 · 7 comments
Open

"tls: failed to verify certificate: x509: certificate is valid" when using certain resolvers #2801

Baltazar500 opened this issue Mar 7, 2025 · 7 comments

Comments

@Baltazar500
Copy link

Baltazar500 commented Mar 7, 2025
edited
Loading

Output of the following commands:

./dnscrypt-proxy -version

2.1.7

./dnscrypt-proxy -check


c:\Software\dnscrypt-proxy>dnscrypt-proxy -check
[2025-03-07 13:52:35] [CRITICAL] [c:\Software\dnscrypt-proxy\dnscrypt-proxy.exe] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions
[2025-03-07 13:52:35] [CRITICAL] [c:\Software\dnscrypt-proxy/dnscrypt-proxy.toml] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions
[2025-03-07 13:52:35] [NOTICE] dnscrypt-proxy 2.1.7
[2025-03-07 13:52:35] [NOTICE] Source [public-resolvers] loaded
[2025-03-07 13:52:35] [NOTICE] Configuration successfully checked

./dnscrypt-proxy -resolve example.com


c:\Software\dnscrypt-proxy>dnscrypt-proxy -resolve example.com
[2025-03-07 13:52:50] [CRITICAL] [c:\Software\dnscrypt-proxy\dnscrypt-proxy.exe] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions
[2025-03-07 13:52:50] [CRITICAL] [c:\Software\dnscrypt-proxy/dnscrypt-proxy.toml] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions
Resolving [example.com] using 127.0.0.1 port 53

Unable to resolve: [Timeout]

What is affected by this bug?

DNS resolving does not work when using certain resolvers

When does this occur?

When using certain resolvers. Google, Cloudflare, Yandex.

[2025-03-07 13:46:42] [ERROR] Get "https://8.8.4.4/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABDBNokU81fOWBO08q2HOmyZ": tls: failed to verify certificate: x509: certificate is valid for 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844, 2001:4860:4860::6464, 2001:4860:4860::64, not 8.8.4.4
[2025-03-07 13:46:42] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable

...

[2025-03-07 13:47:07] [ERROR] Get "https://77.88.8.8/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAdaGI7Ms6mGOEhzqJDX5Ew": tls: failed to verify certificate: x509: certificate is valid for 77.88.8.1, 77.88.8.2, 77.88.8.3, 77.88.8.7, 77.88.8.8, 77.88.8.88, not 77.88.8.8
[2025-03-07 13:47:07] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable

There are no problems with most of the resolvers :


[2025-03-05 10:22:33] [NOTICE] dnscrypt-proxy 2.1.7
[2025-03-05 10:22:33] [NOTICE] Network connectivity detected
[2025-03-05 10:22:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
[2025-03-05 10:22:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
[2025-03-05 10:22:33] [NOTICE] Source [public-resolvers] loaded
[2025-03-05 10:22:33] [NOTICE] Firefox workaround initialized
[2025-03-05 10:22:33] [NOTICE] Loading the set of blocking rules from [blocked-names.txt]
[2025-03-05 10:22:33] [NOTICE] Loading the set of cloaking rules from [cloaking-rules.txt]
[2025-03-05 10:22:33] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2025-03-05 10:22:33] [WARNING] [adguard-dns-unfiltered] uses a non-standard provider name ('2.dnscrypt.unfiltered.ns1.adguard.com.' doesn't start with '2.dnscrypt-cert.')
[2025-03-05 10:22:33] [NOTICE] [dnscry.pt-amsterdam-ipv4] OK (DNSCrypt) - rtt: 151ms
[2025-03-05 10:22:33] [NOTICE] [dnscry.pt-kyiv-ipv4] OK (DNSCrypt) - rtt: 195ms
[2025-03-05 10:22:33] [NOTICE] [cs-montreal] OK (DNSCrypt) - rtt: 235ms
[2025-03-05 10:22:33] [NOTICE] [dnscry.pt-chicago-ipv4] OK (DNSCrypt) - rtt: 256ms
[2025-03-05 10:22:33] [NOTICE] [dnscry.pt-saltlakecity-ipv4] OK (DNSCrypt) - rtt: 276ms
[2025-03-05 10:22:33] [NOTICE] [cs-ga] OK (DNSCrypt) - rtt: 270ms
[2025-03-05 10:22:33] [NOTICE] [cs-nv] OK (DNSCrypt) - rtt: 294ms
[2025-03-05 10:22:33] [NOTICE] [dnscry.pt-losangeles-ipv4] OK (DNSCrypt) - rtt: 285ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-frankfurt02-ipv4] OK (DNSCrypt) - rtt: 161ms
[2025-03-05 10:22:34] [NOTICE] [serbica] OK (DNSCrypt) - rtt: 188ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-bengaluru-ipv4] OK (DNSCrypt) - rtt: 243ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-portland-ipv4] OK (DNSCrypt) - rtt: 292ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-denver-ipv4] OK (DNSCrypt) - rtt: 277ms
[2025-03-05 10:22:34] [NOTICE] [cs-ireland] OK (DNSCrypt) - rtt: 298ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-geneva-ipv4] OK (DNSCrypt) - rtt: 155ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-manchester-ipv4] OK (DNSCrypt) - rtt: 171ms
[2025-03-05 10:22:34] [NOTICE] [deffer-dns.au] OK (DNSCrypt) - rtt: 265ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-singapore-ipv4] OK (DNSCrypt) - rtt: 301ms
[2025-03-05 10:22:34] [NOTICE] [fluffycat-fr-01] OK (DNSCrypt) - rtt: 163ms
[2025-03-05 10:22:34] [NOTICE] [jp.tiar.app] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:34] [NOTICE] [jp.tiar.app] OK (DNSCrypt) - rtt: 49ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-bratislava-ipv4] OK (DNSCrypt) - rtt: 142ms
[2025-03-05 10:22:34] [NOTICE] [dnscry.pt-lima02-ipv4] OK (DNSCrypt) - rtt: 333ms
[2025-03-05 10:22:34] [NOTICE] [cs-de] OK (DNSCrypt) - rtt: 153ms
[2025-03-05 10:22:35] [NOTICE] [dnscry.pt-flint-ipv4] OK (DNSCrypt) - rtt: 239ms
[2025-03-05 10:22:35] [INFO] [mullvad-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:35] [NOTICE] [mullvad-doh] OK (DoH) - rtt: 158ms
[2025-03-05 10:22:35] [NOTICE] [dnscry.pt-lasvegas-ipv4] OK (DNSCrypt) - rtt: 274ms
[2025-03-05 10:22:35] [NOTICE] [dnscry.pt-lagos-ipv4] OK (DNSCrypt) - rtt: 275ms
[2025-03-05 10:22:36] [NOTICE] [dnscry.pt-athens-ipv4] OK (DNSCrypt) - rtt: 185ms
[2025-03-05 10:22:36] [INFO] [ams-doh-nl] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:36] [NOTICE] [ams-doh-nl] OK (DoH) - rtt: 196ms
[2025-03-05 10:22:36] [NOTICE] [dnscry.pt-telaviv-ipv4] OK (DNSCrypt) - rtt: 202ms
[2025-03-05 10:22:36] [INFO] [plan9dns-nj-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:36] [NOTICE] [plan9dns-nj-doh] OK (DoH) - rtt: 269ms
[2025-03-05 10:22:36] [NOTICE] [ksol.io-ns2-dnscrypt-ipv4] OK (DNSCrypt) - rtt: 153ms
[2025-03-05 10:22:36] [NOTICE] [dnscry.pt-oradea-ipv4] OK (DNSCrypt) - rtt: 174ms
[2025-03-05 10:22:36] [NOTICE] [cs-slovakia] OK (DNSCrypt) - rtt: 166ms
[2025-03-05 10:22:36] [INFO] [plan9dns-mx-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:36] [NOTICE] [plan9dns-mx-doh] OK (DoH) - rtt: 279ms
[2025-03-05 10:22:36] [NOTICE] [dnscry.pt-dusseldorf-ipv4] OK (DNSCrypt) - rtt: 154ms
[2025-03-05 10:22:36] [NOTICE] [cs-nl] OK (DNSCrypt) - rtt: 171ms
[2025-03-05 10:22:36] [NOTICE] [dnscry.pt-chisinau-ipv4] OK (DNSCrypt) - rtt: 168ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-grandrapids-ipv4] OK (DNSCrypt) - rtt: 245ms
[2025-03-05 10:22:37] [NOTICE] [cs-finland] OK (DNSCrypt) - rtt: 131ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-johannesburg-ipv4] OK (DNSCrypt) - rtt: 325ms
[2025-03-05 10:22:37] [NOTICE] [cs-sydney] OK (DNSCrypt) - rtt: 320ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-bogota-ipv4] OK (DNSCrypt) - rtt: 339ms
[2025-03-05 10:22:37] [NOTICE] [cs-london] OK (DNSCrypt) - rtt: 161ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-budapest-ipv4] OK (DNSCrypt) - rtt: 165ms
[2025-03-05 10:22:37] [NOTICE] [cs-rome] OK (DNSCrypt) - rtt: 171ms
[2025-03-05 10:22:37] [NOTICE] [plan9dns-nj] OK (DNSCrypt) - rtt: 261ms
[2025-03-05 10:22:37] [NOTICE] [plan9dns-nj] OK (DNSCrypt) - rtt: 261ms - additional certificate
[2025-03-05 10:22:37] [INFO] [sth-doh-se] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:37] [NOTICE] [sth-doh-se] OK (DoH) - rtt: 182ms
[2025-03-05 10:22:37] [NOTICE] [cs-singapore] OK (DNSCrypt) - rtt: 298ms
[2025-03-05 10:22:37] [INFO] [artikel10-doh-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:37] [NOTICE] [artikel10-doh-ipv4] OK (DoH) - rtt: 153ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-saopaulo-ipv4] OK (DNSCrypt) - rtt: 372ms
[2025-03-05 10:22:37] [NOTICE] [cs-czech] OK (DNSCrypt) - rtt: 164ms
[2025-03-05 10:22:37] [NOTICE] [dnscry.pt-hongkong02-ipv4] OK (DNSCrypt) - rtt: 277ms
[2025-03-05 10:22:38] [NOTICE] [dnscry.pt-miami-ipv4] OK (DNSCrypt) - rtt: 261ms
[2025-03-05 10:22:38] [NOTICE] [dnscry.pt-hongkong-ipv4] OK (DNSCrypt) - rtt: 357ms
[2025-03-05 10:22:38] [INFO] [bortzmeyer] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:38] [NOTICE] [bortzmeyer] OK (DoH) - rtt: 156ms
[2025-03-05 10:22:38] [NOTICE] [dnscry.pt-nuremberg-ipv4] OK (DNSCrypt) - rtt: 162ms
[2025-03-05 10:22:38] [NOTICE] [cs-swe] OK (DNSCrypt) - rtt: 137ms
[2025-03-05 10:22:38] [NOTICE] [plan9dns-mx] OK (DNSCrypt) - rtt: 278ms
[2025-03-05 10:22:38] [NOTICE] [plan9dns-mx] OK (DNSCrypt) - rtt: 278ms - additional certificate
[2025-03-05 10:22:38] [NOTICE] [dnscry.pt-tuusula-ipv4] OK (DNSCrypt) - rtt: 147ms
[2025-03-05 10:22:38] [INFO] [doh-crypto-sx] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:38] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 174ms
[2025-03-05 10:22:38] [NOTICE] [scaleway-ams] OK (DNSCrypt) - rtt: 149ms
[2025-03-05 10:22:38] [INFO] [dns.digitalsize.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:38] [NOTICE] [dns.digitalsize.net] OK (DoH) - rtt: 151ms
[2025-03-05 10:22:38] [NOTICE] [faelix-uk-ipv4] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:38] [INFO] [faelix-uk-ipv4] the key validity period for this server is excessively long (3652 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:38] [NOTICE] [faelix-uk-ipv4] OK (DNSCrypt) - rtt: 166ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-yerevan-ipv4] OK (DNSCrypt) - rtt: 159ms
[2025-03-05 10:22:39] [INFO] [doh.ffmuc.net-2] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
[2025-03-05 10:22:39] [NOTICE] [doh.ffmuc.net-2] OK (DoH) - rtt: 156ms
[2025-03-05 10:22:39] [NOTICE] [adguard-dns-unfiltered] TIMEOUT
[2025-03-05 10:22:39] [NOTICE] [cs-lv] OK (DNSCrypt) - rtt: 122ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-naaldwijk-ipv4] OK (DNSCrypt) - rtt: 150ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-tbilisi-ipv4] OK (DNSCrypt) - rtt: 144ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-brussels-ipv4] OK (DNSCrypt) - rtt: 182ms
[2025-03-05 10:22:39] [NOTICE] [dnscrypt.pl] OK (DNSCrypt) - rtt: 168ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-tokyo-ipv4] OK (DNSCrypt) - rtt: 280ms
[2025-03-05 10:22:39] [NOTICE] [cs-fr] OK (DNSCrypt) - rtt: 165ms
[2025-03-05 10:22:39] [NOTICE] [cs-tx] OK (DNSCrypt) - rtt: 261ms
[2025-03-05 10:22:39] [NOTICE] [cs-norway] OK (DNSCrypt) - rtt: 138ms
[2025-03-05 10:22:39] [NOTICE] [cs-tokyo] OK (DNSCrypt) - rtt: 435ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-taos-ipv4] OK (DNSCrypt) - rtt: 301ms
[2025-03-05 10:22:39] [NOTICE] [nwps.fi] OK (DNSCrypt) - rtt: 157ms
[2025-03-05 10:22:39] [NOTICE] [dnscry.pt-prague-ipv4] OK (DNSCrypt) - rtt: 148ms
[2025-03-05 10:22:39] [INFO] [dnscrypt.ca-ipv4-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
[2025-03-05 10:22:39] [NOTICE] [dnscrypt.ca-ipv4-doh] OK (DoH) - rtt: 250ms
[2025-03-05 10:22:39] [NOTICE] [cs-ch] OK (DNSCrypt) - rtt: 160ms
[2025-03-05 10:22:40] [NOTICE] [cs-dk] OK (DNSCrypt) - rtt: 132ms
[2025-03-05 10:22:40] [INFO] [wikimedia] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:40] [NOTICE] [wikimedia] OK (DoH) - rtt: 170ms
[2025-03-05 10:22:40] [NOTICE] [cs-vancouver] OK (DNSCrypt) - rtt: 279ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-riga-ipv4] OK (DNSCrypt) - rtt: 137ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-tallinn-ipv4] OK (DNSCrypt) - rtt: 165ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-taipeh-ipv4] OK (DNSCrypt) - rtt: 300ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-munich-ipv4] OK (DNSCrypt) - rtt: 175ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-redditch-ipv4] OK (DNSCrypt) - rtt: 172ms
[2025-03-05 10:22:40] [INFO] [controld-uncensored] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:40] [NOTICE] [controld-uncensored] OK (DoH) - rtt: 126ms
[2025-03-05 10:22:40] [NOTICE] [scaleway-fr] OK (DNSCrypt) - rtt: 164ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-auckland-ipv4] OK (DNSCrypt) - rtt: 412ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-islamabad-ipv4] OK (DNSCrypt) - rtt: 250ms
[2025-03-05 10:22:40] [NOTICE] [dnscry.pt-vienna-ipv4] OK (DNSCrypt) - rtt: 154ms
[2025-03-05 10:22:41] [INFO] [nic.cz] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:41] [NOTICE] [nic.cz] OK (DoH) - rtt: 157ms
[2025-03-05 10:22:41] [INFO] [njalla-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
[2025-03-05 10:22:41] [NOTICE] [njalla-doh] OK (DoH) - rtt: 166ms
[2025-03-05 10:22:41] [NOTICE] [cs-dus3] OK (DNSCrypt) - rtt: 153ms
[2025-03-05 10:22:41] [NOTICE] [cs-brazil] OK (DNSCrypt) - rtt: 341ms
[2025-03-05 10:22:41] [NOTICE] [dnscry.pt-sydney-ipv4] OK (DNSCrypt) - rtt: 501ms
[2025-03-05 10:22:41] [NOTICE] [ams-dnscrypt-nl] OK (DNSCrypt) - rtt: 156ms
[2025-03-05 10:22:41] [NOTICE] [dnscry.pt-dallas-ipv4] OK (DNSCrypt) - rtt: 255ms
[2025-03-05 10:22:42] [NOTICE] [cs-pt] OK (DNSCrypt) - rtt: 243ms
[2025-03-05 10:22:42] [INFO] [nextdns] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:42] [NOTICE] [nextdns] OK (DoH) - rtt: 257ms
[2025-03-05 10:22:42] [NOTICE] [dnscry.pt-luxembourg-ipv4] OK (DNSCrypt) - rtt: 160ms
[2025-03-05 10:22:42] [NOTICE] [cs-il2] OK (DNSCrypt) - rtt: 261ms
[2025-03-05 10:22:42] [INFO] [plan9dns-fl-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:42] [NOTICE] [plan9dns-fl-doh] OK (DoH) - rtt: 284ms
[2025-03-05 10:22:42] [NOTICE] [dnscry.pt-vilnius-ipv4] OK (DNSCrypt) - rtt: 138ms
[2025-03-05 10:22:42] [NOTICE] [dnscrypt.ca-ipv4] OK (DNSCrypt) - rtt: 241ms
[2025-03-05 10:22:42] [INFO] [doh.ffmuc.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
[2025-03-05 10:22:42] [NOTICE] [doh.ffmuc.net] OK (DoH) - rtt: 198ms
[2025-03-05 10:22:42] [NOTICE] [dnscry.pt-amsterdam02-ipv4] OK (DNSCrypt) - rtt: 186ms
[2025-03-05 10:22:42] [NOTICE] [v.dnscrypt.uk-ipv4] OK (DNSCrypt) - rtt: 226ms
[2025-03-05 10:22:43] [INFO] [a-and-a] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:43] [NOTICE] [a-and-a] OK (DoH) - rtt: 183ms
[2025-03-05 10:22:43] [NOTICE] [ffmuc.net] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:43] [INFO] [ffmuc.net] the key validity period for this server is excessively long (1805 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:43] [NOTICE] [ffmuc.net] OK (DNSCrypt) - rtt: 167ms
[2025-03-05 10:22:43] [NOTICE] [dnscry.pt-hochiminhcity-ipv4] OK (DNSCrypt) - rtt: 109ms
[2025-03-05 10:22:43] [NOTICE] [dnscry.pt-ottoville-ipv4] OK (DNSCrypt) - rtt: 267ms
[2025-03-05 10:22:43] [INFO] [jp.tiar.app-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4866
[2025-03-05 10:22:43] [NOTICE] [jp.tiar.app-doh] OK (DoH) - rtt: 41ms
[2025-03-05 10:22:43] [NOTICE] [dnscry.pt-seattle-ipv4] OK (DNSCrypt) - rtt: 320ms
[2025-03-05 10:22:43] [NOTICE] [dnscry.pt-spokane-ipv4] OK (DNSCrypt) - rtt: 266ms
[2025-03-05 10:22:43] [NOTICE] [dnscry.pt-mumbai-ipv4] OK (DNSCrypt) - rtt: 218ms
[2025-03-05 10:22:43] [INFO] [uncensoreddns-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:43] [NOTICE] [uncensoreddns-ipv4] OK (DoH) - rtt: 137ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-dublin-ipv4] OK (DNSCrypt) - rtt: 170ms
[2025-03-05 10:22:44] [INFO] [rethinkdns-doh] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:44] [NOTICE] [rethinkdns-doh] OK (DoH) - rtt: 131ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-hudiksvall-ipv4] OK (DNSCrypt) - rtt: 141ms
[2025-03-05 10:22:44] [NOTICE] [cs-nc] OK (DNSCrypt) - rtt: 286ms
[2025-03-05 10:22:44] [NOTICE] [dct-de] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:44] [INFO] [dct-de] the key validity period for this server is excessively long (368 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:44] [NOTICE] [dct-de] OK (DNSCrypt) - rtt: 144ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-portedwards-ipv4] OK (DNSCrypt) - rtt: 242ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-detroit-ipv4] OK (DNSCrypt) - rtt: 245ms
[2025-03-05 10:22:44] [NOTICE] [cs-austria] OK (DNSCrypt) - rtt: 158ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-jacksonville-ipv4] OK (DNSCrypt) - rtt: 282ms
[2025-03-05 10:22:44] [NOTICE] [dnscry.pt-seoul-ipv4] OK (DNSCrypt) - rtt: 411ms
[2025-03-05 10:22:45] [INFO] [fdn] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:45] [NOTICE] [fdn] OK (DoH) - rtt: 155ms
[2025-03-05 10:22:45] [INFO] [controld-unfiltered] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:45] [NOTICE] [controld-unfiltered] OK (DoH) - rtt: 132ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-tokyo02-ipv4] OK (DNSCrypt) - rtt: 287ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-sydney02-ipv4] OK (DNSCrypt) - rtt: 506ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-sofia-ipv4] OK (DNSCrypt) - rtt: 162ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-halifax-ipv4] OK (DNSCrypt) - rtt: 228ms
[2025-03-05 10:22:45] [INFO] [uncensoreddns-dk-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:45] [NOTICE] [uncensoreddns-dk-ipv4] OK (DoH) - rtt: 135ms
[2025-03-05 10:22:45] [INFO] [jp.tiarap.org] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:45] [NOTICE] [jp.tiarap.org] OK (DoH) - rtt: 394ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-phoenix-ipv4] OK (DNSCrypt) - rtt: 285ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-lisbon-ipv4] OK (DNSCrypt) - rtt: 202ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-kansascity-ipv4] OK (DNSCrypt) - rtt: 257ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-toronto-ipv4] OK (DNSCrypt) - rtt: 229ms
[2025-03-05 10:22:45] [NOTICE] [dnscry.pt-montreal-ipv4] OK (DNSCrypt) - rtt: 231ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-valdivia-ipv4] OK (DNSCrypt) - rtt: 380ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-johor-ipv4] OK (DNSCrypt) - rtt: 121ms
[2025-03-05 10:22:46] [NOTICE] [cs-bulgaria] OK (DNSCrypt) - rtt: 176ms
[2025-03-05 10:22:46] [NOTICE] [plan9dns-fl] OK (DNSCrypt) - rtt: 277ms
[2025-03-05 10:22:46] [NOTICE] [plan9dns-fl] OK (DNSCrypt) - rtt: 277ms - additional certificate
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-moscow-ipv4] OK (DNSCrypt) - rtt: 112ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-kharkiv-ipv4] OK (DNSCrypt) - rtt: 201ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-atlanta-ipv4] OK (DNSCrypt) - rtt: 244ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-losangeles02-ipv4] OK (DNSCrypt) - rtt: 298ms
[2025-03-05 10:22:46] [INFO] [dns.digitale-gesellschaft.ch] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:46] [NOTICE] [dns.digitale-gesellschaft.ch] OK (DoH) - rtt: 152ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-durham-ipv4] OK (DNSCrypt) - rtt: 253ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-bucharest-ipv4] OK (DNSCrypt) - rtt: 181ms
[2025-03-05 10:22:46] [NOTICE] [cs-manchester] OK (DNSCrypt) - rtt: 159ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-calgary-ipv4] OK (DNSCrypt) - rtt: 265ms
[2025-03-05 10:22:46] [NOTICE] [cs-serbia] OK (DNSCrypt) - rtt: 160ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-singapore02-ipv4] OK (DNSCrypt) - rtt: 476ms
[2025-03-05 10:22:46] [NOTICE] [dnscry.pt-philadelphia-ipv4] OK (DNSCrypt) - rtt: 235ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-sandefjord-ipv4] OK (DNSCrypt) - rtt: 139ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-stockholm-ipv4] OK (DNSCrypt) - rtt: 130ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-helsinki-ipv4] OK (DNSCrypt) - rtt: 135ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-copenhagen-ipv4] OK (DNSCrypt) - rtt: 139ms
[2025-03-05 10:22:47] [NOTICE] [saldns03-conoha-ipv4] OK (DNSCrypt) - rtt: 226ms
[2025-03-05 10:22:47] [INFO] [doh.appliedprivacy.net] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:47] [NOTICE] [doh.appliedprivacy.net] OK (DoH) - rtt: 158ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-london-ipv4] OK (DNSCrypt) - rtt: 167ms
[2025-03-05 10:22:47] [NOTICE] [digitalprivacy.diy-dnscrypt-ipv4] OK (DNSCrypt) - rtt: 156ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-fremont-ipv4] OK (DNSCrypt) - rtt: 288ms
[2025-03-05 10:22:47] [NOTICE] [dnscrypt.uk-ipv4] OK (DNSCrypt) - rtt: 156ms
[2025-03-05 10:22:47] [NOTICE] [cs-madrid] OK (DNSCrypt) - rtt: 186ms
[2025-03-05 10:22:47] [NOTICE] [cs-berlin] OK (DNSCrypt) - rtt: 153ms
[2025-03-05 10:22:47] [NOTICE] [dnscry.pt-vancouver-ipv4] OK (DNSCrypt) - rtt: 268ms
[2025-03-05 10:22:47] [NOTICE] [dct-fr] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:48] [INFO] [dct-fr] the key validity period for this server is excessively long (368 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:48] [NOTICE] [dct-fr] OK (DNSCrypt) - rtt: 157ms
[2025-03-05 10:22:48] [NOTICE] [dnscry.pt-warsaw02-ipv4] OK (DNSCrypt) - rtt: 144ms
[2025-03-05 10:22:48] [NOTICE] [dnscry.pt-fujairah-ipv4] OK (DNSCrypt) - rtt: 265ms
[2025-03-05 10:22:48] [INFO] [nextdns-ultralow] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:48] [NOTICE] [nextdns-ultralow] OK (DoH) - rtt: 151ms
[2025-03-05 10:22:48] [NOTICE] [cs-ro] OK (DNSCrypt) - rtt: 164ms
[2025-03-05 10:22:48] [NOTICE] [dnscry.pt-libertylake-ipv4] OK (DNSCrypt) - rtt: 264ms
[2025-03-05 10:22:48] [NOTICE] [ibksturm] OK (DNSCrypt) - rtt: 172ms
[2025-03-05 10:22:48] [NOTICE] [cs-dc] OK (DNSCrypt) - rtt: 232ms
[2025-03-05 10:22:48] [NOTICE] [dnscry.pt-allentown-ipv4] OK (DNSCrypt) - rtt: 267ms
[2025-03-05 10:22:48] [NOTICE] [dnscry.pt-paris-ipv4] OK (DNSCrypt) - rtt: 153ms
[2025-03-05 10:22:48] [NOTICE] [cs-barcelona] OK (DNSCrypt) - rtt: 181ms
[2025-03-05 10:22:48] [NOTICE] [cs-mexico] OK (DNSCrypt) - rtt: 277ms
[2025-03-05 10:22:49] [NOTICE] [dnscry.pt-coventry-ipv4] OK (DNSCrypt) - rtt: 165ms
[2025-03-05 10:22:49] [NOTICE] [cs-belgium] OK (DNSCrypt) - rtt: 170ms
[2025-03-05 10:22:49] [NOTICE] [cs-milan] OK (DNSCrypt) - rtt: 174ms
[2025-03-05 10:22:49] [NOTICE] [dnscry.pt-hanoi-ipv4] OK (DNSCrypt) - rtt: 104ms
[2025-03-05 10:22:49] [NOTICE] [dnscry.pt-tampa-ipv4] OK (DNSCrypt) - rtt: 253ms
[2025-03-05 10:22:49] [NOTICE] [saldns02-conoha-ipv4] OK (DNSCrypt) - rtt: 229ms
[2025-03-05 10:22:50] [NOTICE] [pryv8boi] TIMEOUT
[2025-03-05 10:22:50] [NOTICE] [dnscry.pt-frankfurt-ipv4] OK (DNSCrypt) - rtt: 141ms
[2025-03-05 10:22:50] [INFO] [restena-doh-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:50] [NOTICE] [restena-doh-ipv4] OK (DoH) - rtt: 163ms
[2025-03-05 10:22:51] [NOTICE] [dnscry.pt-brisbane-ipv4] OK (DNSCrypt) - rtt: 339ms
[2025-03-05 10:22:51] [INFO] [quad101] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:51] [NOTICE] [quad101] OK (DoH) - rtt: 384ms
[2025-03-05 10:22:51] [NOTICE] [dnscry.pt-madrid-ipv4] OK (DNSCrypt) - rtt: 177ms
[2025-03-05 10:22:52] [NOTICE] [cs-poland] OK (DNSCrypt) - rtt: 168ms
[2025-03-05 10:22:52] [NOTICE] [dnscry.pt-ashburn-ipv4] OK (DNSCrypt) - rtt: 240ms
[2025-03-05 10:22:52] [NOTICE] [dnscry.pt-hafnarfjordur-ipv4] OK (DNSCrypt) - rtt: 187ms
[2025-03-05 10:22:52] [NOTICE] [cs-ore] OK (DNSCrypt) - rtt: 270ms
[2025-03-05 10:22:52] [NOTICE] [dnscry.pt-santaclara-ipv4] OK (DNSCrypt) - rtt: 300ms
[2025-03-05 10:22:52] [NOTICE] [cs-la] OK (DNSCrypt) - rtt: 298ms
[2025-03-05 10:22:53] [NOTICE] [quad9-dnscrypt-ip4-nofilter-ecs-pri] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:53] [INFO] [quad9-dnscrypt-ip4-nofilter-ecs-pri] the key validity period for this server is excessively long (365 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:53] [NOTICE] [quad9-dnscrypt-ip4-nofilter-ecs-pri] OK (DNSCrypt) - rtt: 34ms
[2025-03-05 10:22:53] [INFO] [quad9-dnscrypt-ip4-nofilter-ecs-pri] the key validity period for this server is excessively long (365 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:53] [NOTICE] [quad9-dnscrypt-ip4-nofilter-ecs-pri] OK (DNSCrypt) - rtt: 34ms - additional certificate
[2025-03-05 10:22:54] [NOTICE] [fluffycat-fr-02] TIMEOUT
[2025-03-05 10:22:54] [INFO] [dns4all-ipv4] TLS version: 304 - Protocol: h2 - Cipher suite: 4867
[2025-03-05 10:22:54] [NOTICE] [dns4all-ipv4] OK (DoH) - rtt: 103ms
[2025-03-05 10:22:57] [NOTICE] [quad9-dnscrypt-ip4-nofilter-pri] should upgrade to XChaCha20 for encryption
[2025-03-05 10:22:57] [INFO] [quad9-dnscrypt-ip4-nofilter-pri] the key validity period for this server is excessively long (365 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:57] [NOTICE] [quad9-dnscrypt-ip4-nofilter-pri] OK (DNSCrypt) - rtt: 34ms
[2025-03-05 10:22:57] [INFO] [quad9-dnscrypt-ip4-nofilter-pri] the key validity period for this server is excessively long (365 days), significantly reducing reliability and forward security.
[2025-03-05 10:22:57] [NOTICE] [quad9-dnscrypt-ip4-nofilter-pri] OK (DNSCrypt) - rtt: 34ms - additional certificate
[2025-03-05 10:22:58] [NOTICE] Sorted latencies:
[2025-03-05 10:22:58] [NOTICE] -    34ms quad9-dnscrypt-ip4-nofilter-ecs-pri
[2025-03-05 10:22:58] [NOTICE] -    34ms quad9-dnscrypt-ip4-nofilter-pri
[2025-03-05 10:22:58] [NOTICE] -    41ms jp.tiar.app-doh
[2025-03-05 10:22:58] [NOTICE] -    49ms jp.tiar.app
[2025-03-05 10:22:58] [NOTICE] -   103ms dns4all-ipv4
[2025-03-05 10:22:58] [NOTICE] -   104ms dnscry.pt-hanoi-ipv4
[2025-03-05 10:22:58] [NOTICE] -   109ms dnscry.pt-hochiminhcity-ipv4
[2025-03-05 10:22:58] [NOTICE] -   112ms dnscry.pt-moscow-ipv4
[2025-03-05 10:22:58] [NOTICE] -   121ms dnscry.pt-johor-ipv4
[2025-03-05 10:22:58] [NOTICE] -   122ms cs-lv
[2025-03-05 10:22:58] [NOTICE] -   126ms controld-uncensored
[2025-03-05 10:22:59] [NOTICE] -   130ms dnscry.pt-stockholm-ipv4
[2025-03-05 10:22:59] [NOTICE] -   131ms cs-finland
[2025-03-05 10:22:59] [NOTICE] -   131ms rethinkdns-doh
[2025-03-05 10:22:59] [NOTICE] -   132ms cs-dk
[2025-03-05 10:22:59] [NOTICE] -   132ms controld-unfiltered
[2025-03-05 10:22:59] [NOTICE] -   135ms uncensoreddns-dk-ipv4
[2025-03-05 10:22:59] [NOTICE] -   135ms dnscry.pt-helsinki-ipv4
[2025-03-05 10:22:59] [NOTICE] -   137ms cs-swe
[2025-03-05 10:22:59] [NOTICE] -   137ms dnscry.pt-riga-ipv4
[2025-03-05 10:22:59] [NOTICE] -   137ms uncensoreddns-ipv4
[2025-03-05 10:22:59] [NOTICE] -   138ms cs-norway
[2025-03-05 10:22:59] [NOTICE] -   138ms dnscry.pt-vilnius-ipv4
[2025-03-05 10:22:59] [NOTICE] -   139ms dnscry.pt-sandefjord-ipv4
[2025-03-05 10:22:59] [NOTICE] -   139ms dnscry.pt-copenhagen-ipv4
[2025-03-05 10:22:59] [NOTICE] -   141ms dnscry.pt-hudiksvall-ipv4
[2025-03-05 10:22:59] [NOTICE] -   141ms dnscry.pt-frankfurt-ipv4
[2025-03-05 10:22:59] [NOTICE] -   142ms dnscry.pt-bratislava-ipv4
[2025-03-05 10:22:59] [NOTICE] -   144ms dnscry.pt-tbilisi-ipv4
[2025-03-05 10:22:59] [NOTICE] -   144ms dnscry.pt-warsaw02-ipv4
[2025-03-05 10:22:59] [NOTICE] -   144ms dct-de
[2025-03-05 10:22:59] [NOTICE] -   147ms dnscry.pt-tuusula-ipv4
[2025-03-05 10:22:59] [NOTICE] -   148ms dnscry.pt-prague-ipv4
[2025-03-05 10:22:59] [NOTICE] -   149ms scaleway-ams
[2025-03-05 10:22:59] [NOTICE] -   150ms dnscry.pt-naaldwijk-ipv4
[2025-03-05 10:22:59] [NOTICE] -   151ms dnscry.pt-amsterdam-ipv4
[2025-03-05 10:22:59] [NOTICE] -   151ms dns.digitalsize.net
[2025-03-05 10:22:59] [NOTICE] -   151ms nextdns-ultralow
[2025-03-05 10:22:59] [NOTICE] -   152ms dns.digitale-gesellschaft.ch
[2025-03-05 10:22:59] [NOTICE] -   153ms cs-de
[2025-03-05 10:22:59] [NOTICE] -   153ms ksol.io-ns2-dnscrypt-ipv4
[2025-03-05 10:22:59] [NOTICE] -   153ms artikel10-doh-ipv4
[2025-03-05 10:22:59] [NOTICE] -   153ms cs-dus3
[2025-03-05 10:22:59] [NOTICE] -   153ms cs-berlin
[2025-03-05 10:22:59] [NOTICE] -   153ms dnscry.pt-paris-ipv4
[2025-03-05 10:22:59] [NOTICE] -   154ms dnscry.pt-dusseldorf-ipv4
[2025-03-05 10:22:59] [NOTICE] -   154ms dnscry.pt-vienna-ipv4
[2025-03-05 10:22:59] [NOTICE] -   155ms dnscry.pt-geneva-ipv4
[2025-03-05 10:22:59] [NOTICE] -   155ms fdn
[2025-03-05 10:22:59] [NOTICE] -   156ms bortzmeyer
[2025-03-05 10:22:59] [NOTICE] -   156ms doh.ffmuc.net-2
[2025-03-05 10:22:59] [NOTICE] -   156ms ams-dnscrypt-nl
[2025-03-05 10:22:59] [NOTICE] -   156ms digitalprivacy.diy-dnscrypt-ipv4
[2025-03-05 10:22:59] [NOTICE] -   156ms dnscrypt.uk-ipv4
[2025-03-05 10:22:59] [NOTICE] -   157ms nwps.fi
[2025-03-05 10:22:59] [NOTICE] -   157ms nic.cz
[2025-03-05 10:22:59] [NOTICE] -   157ms dct-fr
[2025-03-05 10:22:59] [NOTICE] -   158ms mullvad-doh
[2025-03-05 10:22:59] [NOTICE] -   158ms cs-austria
[2025-03-05 10:22:59] [NOTICE] -   158ms doh.appliedprivacy.net
[2025-03-05 10:22:59] [NOTICE] -   159ms dnscry.pt-yerevan-ipv4
[2025-03-05 10:22:59] [NOTICE] -   159ms cs-manchester
[2025-03-05 10:22:59] [NOTICE] -   160ms cs-ch
[2025-03-05 10:22:59] [NOTICE] -   160ms dnscry.pt-luxembourg-ipv4
[2025-03-05 10:22:59] [NOTICE] -   160ms cs-serbia
[2025-03-05 10:22:59] [NOTICE] -   161ms dnscry.pt-frankfurt02-ipv4
[2025-03-05 10:22:59] [NOTICE] -   161ms cs-london
[2025-03-05 10:22:59] [NOTICE] -   162ms dnscry.pt-nuremberg-ipv4
[2025-03-05 10:22:59] [NOTICE] -   162ms dnscry.pt-sofia-ipv4
[2025-03-05 10:22:59] [NOTICE] -   163ms fluffycat-fr-01
[2025-03-05 10:22:59] [NOTICE] -   163ms restena-doh-ipv4
[2025-03-05 10:22:59] [NOTICE] -   164ms cs-czech
[2025-03-05 10:22:59] [NOTICE] -   164ms scaleway-fr
[2025-03-05 10:22:59] [NOTICE] -   164ms cs-ro
[2025-03-05 10:22:59] [NOTICE] -   165ms dnscry.pt-budapest-ipv4
[2025-03-05 10:22:59] [NOTICE] -   165ms cs-fr
[2025-03-05 10:22:59] [NOTICE] -   165ms dnscry.pt-tallinn-ipv4
[2025-03-05 10:22:59] [NOTICE] -   165ms dnscry.pt-coventry-ipv4
[2025-03-05 10:22:59] [NOTICE] -   166ms njalla-doh
[2025-03-05 10:22:59] [NOTICE] -   166ms cs-slovakia
[2025-03-05 10:22:59] [NOTICE] -   166ms faelix-uk-ipv4
[2025-03-05 10:22:59] [NOTICE] -   167ms dnscry.pt-london-ipv4
[2025-03-05 10:22:59] [NOTICE] -   167ms ffmuc.net
[2025-03-05 10:22:59] [NOTICE] -   168ms dnscry.pt-chisinau-ipv4
[2025-03-05 10:22:59] [NOTICE] -   168ms dnscrypt.pl
[2025-03-05 10:22:59] [NOTICE] -   168ms cs-poland
[2025-03-05 10:22:59] [NOTICE] -   170ms wikimedia
[2025-03-05 10:22:59] [NOTICE] -   170ms dnscry.pt-dublin-ipv4
[2025-03-05 10:22:59] [NOTICE] -   170ms cs-belgium
[2025-03-05 10:22:59] [NOTICE] -   171ms dnscry.pt-manchester-ipv4
[2025-03-05 10:22:59] [NOTICE] -   171ms cs-nl
[2025-03-05 10:22:59] [NOTICE] -   171ms cs-rome
[2025-03-05 10:22:59] [NOTICE] -   172ms dnscry.pt-redditch-ipv4
[2025-03-05 10:22:59] [NOTICE] -   172ms ibksturm
[2025-03-05 10:22:59] [NOTICE] -   174ms dnscry.pt-oradea-ipv4
[2025-03-05 10:22:59] [NOTICE] -   174ms doh-crypto-sx
[2025-03-05 10:22:59] [NOTICE] -   174ms cs-milan
[2025-03-05 10:22:59] [NOTICE] -   175ms dnscry.pt-munich-ipv4
[2025-03-05 10:22:59] [NOTICE] -   176ms cs-bulgaria
[2025-03-05 10:22:59] [NOTICE] -   177ms dnscry.pt-madrid-ipv4
[2025-03-05 10:22:59] [NOTICE] -   181ms dnscry.pt-bucharest-ipv4
[2025-03-05 10:22:59] [NOTICE] -   181ms cs-barcelona
[2025-03-05 10:22:59] [NOTICE] -   182ms sth-doh-se
[2025-03-05 10:22:59] [NOTICE] -   182ms dnscry.pt-brussels-ipv4
[2025-03-05 10:22:59] [NOTICE] -   183ms a-and-a
[2025-03-05 10:22:59] [NOTICE] -   185ms dnscry.pt-athens-ipv4
[2025-03-05 10:22:59] [NOTICE] -   186ms dnscry.pt-amsterdam02-ipv4
[2025-03-05 10:22:59] [NOTICE] -   186ms cs-madrid
[2025-03-05 10:22:59] [NOTICE] -   187ms dnscry.pt-hafnarfjordur-ipv4
[2025-03-05 10:22:59] [NOTICE] -   188ms serbica
[2025-03-05 10:22:59] [NOTICE] -   195ms dnscry.pt-kyiv-ipv4
[2025-03-05 10:22:59] [NOTICE] -   196ms ams-doh-nl
[2025-03-05 10:22:59] [NOTICE] -   198ms doh.ffmuc.net
[2025-03-05 10:22:59] [NOTICE] -   201ms dnscry.pt-kharkiv-ipv4
[2025-03-05 10:22:59] [NOTICE] -   202ms dnscry.pt-telaviv-ipv4
[2025-03-05 10:22:59] [NOTICE] -   202ms dnscry.pt-lisbon-ipv4
[2025-03-05 10:22:59] [NOTICE] -   218ms dnscry.pt-mumbai-ipv4
[2025-03-05 10:22:59] [NOTICE] -   226ms v.dnscrypt.uk-ipv4
[2025-03-05 10:22:59] [NOTICE] -   226ms saldns03-conoha-ipv4
[2025-03-05 10:22:59] [NOTICE] -   228ms dnscry.pt-halifax-ipv4
[2025-03-05 10:22:59] [NOTICE] -   229ms dnscry.pt-toronto-ipv4
[2025-03-05 10:22:59] [NOTICE] -   229ms saldns02-conoha-ipv4
[2025-03-05 10:22:59] [NOTICE] -   231ms dnscry.pt-montreal-ipv4
[2025-03-05 10:22:59] [NOTICE] -   232ms cs-dc
[2025-03-05 10:22:59] [NOTICE] -   235ms cs-montreal
[2025-03-05 10:22:59] [NOTICE] -   235ms dnscry.pt-philadelphia-ipv4
[2025-03-05 10:22:59] [NOTICE] -   239ms dnscry.pt-flint-ipv4
[2025-03-05 10:22:59] [NOTICE] -   240ms dnscry.pt-ashburn-ipv4
[2025-03-05 10:22:59] [NOTICE] -   241ms dnscrypt.ca-ipv4
[2025-03-05 10:22:59] [NOTICE] -   242ms dnscry.pt-portedwards-ipv4
[2025-03-05 10:22:59] [NOTICE] -   243ms dnscry.pt-bengaluru-ipv4
[2025-03-05 10:22:59] [NOTICE] -   243ms cs-pt
[2025-03-05 10:22:59] [NOTICE] -   244ms dnscry.pt-atlanta-ipv4
[2025-03-05 10:22:59] [NOTICE] -   245ms dnscry.pt-grandrapids-ipv4
[2025-03-05 10:22:59] [NOTICE] -   245ms dnscry.pt-detroit-ipv4
[2025-03-05 10:22:59] [NOTICE] -   250ms dnscrypt.ca-ipv4-doh
[2025-03-05 10:22:59] [NOTICE] -   250ms dnscry.pt-islamabad-ipv4
[2025-03-05 10:22:59] [NOTICE] -   253ms dnscry.pt-durham-ipv4
[2025-03-05 10:22:59] [NOTICE] -   253ms dnscry.pt-tampa-ipv4
[2025-03-05 10:22:59] [NOTICE] -   255ms dnscry.pt-dallas-ipv4
[2025-03-05 10:22:59] [NOTICE] -   256ms dnscry.pt-chicago-ipv4
[2025-03-05 10:22:59] [NOTICE] -   257ms nextdns
[2025-03-05 10:22:59] [NOTICE] -   257ms dnscry.pt-kansascity-ipv4
[2025-03-05 10:22:59] [NOTICE] -   261ms plan9dns-nj
[2025-03-05 10:22:59] [NOTICE] -   261ms dnscry.pt-miami-ipv4
[2025-03-05 10:22:59] [NOTICE] -   261ms cs-tx
[2025-03-05 10:22:59] [NOTICE] -   261ms cs-il2
[2025-03-05 10:22:59] [NOTICE] -   264ms dnscry.pt-libertylake-ipv4
[2025-03-05 10:22:59] [NOTICE] -   265ms deffer-dns.au
[2025-03-05 10:22:59] [NOTICE] -   265ms dnscry.pt-calgary-ipv4
[2025-03-05 10:22:59] [NOTICE] -   265ms dnscry.pt-fujairah-ipv4
[2025-03-05 10:22:59] [NOTICE] -   266ms dnscry.pt-spokane-ipv4
[2025-03-05 10:23:00] [NOTICE] -   267ms dnscry.pt-ottoville-ipv4
[2025-03-05 10:23:00] [NOTICE] -   267ms dnscry.pt-allentown-ipv4
[2025-03-05 10:23:00] [NOTICE] -   268ms dnscry.pt-vancouver-ipv4
[2025-03-05 10:23:00] [NOTICE] -   269ms plan9dns-nj-doh
[2025-03-05 10:23:00] [NOTICE] -   270ms cs-ga
[2025-03-05 10:23:00] [NOTICE] -   270ms cs-ore
[2025-03-05 10:23:00] [NOTICE] -   274ms dnscry.pt-lasvegas-ipv4
[2025-03-05 10:23:00] [NOTICE] -   275ms dnscry.pt-lagos-ipv4
[2025-03-05 10:23:00] [NOTICE] -   276ms dnscry.pt-saltlakecity-ipv4
[2025-03-05 10:23:00] [NOTICE] -   277ms dnscry.pt-denver-ipv4
[2025-03-05 10:23:00] [NOTICE] -   277ms dnscry.pt-hongkong02-ipv4
[2025-03-05 10:23:00] [NOTICE] -   277ms plan9dns-fl
[2025-03-05 10:23:00] [NOTICE] -   277ms cs-mexico
[2025-03-05 10:23:00] [NOTICE] -   278ms plan9dns-mx
[2025-03-05 10:23:00] [NOTICE] -   279ms plan9dns-mx-doh
[2025-03-05 10:23:00] [NOTICE] -   279ms cs-vancouver
[2025-03-05 10:23:00] [NOTICE] -   280ms dnscry.pt-tokyo-ipv4
[2025-03-05 10:23:00] [NOTICE] -   282ms dnscry.pt-jacksonville-ipv4
[2025-03-05 10:23:00] [NOTICE] -   284ms plan9dns-fl-doh
[2025-03-05 10:23:00] [NOTICE] -   285ms dnscry.pt-losangeles-ipv4
[2025-03-05 10:23:00] [NOTICE] -   285ms dnscry.pt-phoenix-ipv4
[2025-03-05 10:23:00] [NOTICE] -   286ms cs-nc
[2025-03-05 10:23:00] [NOTICE] -   287ms dnscry.pt-tokyo02-ipv4
[2025-03-05 10:23:00] [NOTICE] -   288ms dnscry.pt-fremont-ipv4
[2025-03-05 10:23:00] [NOTICE] -   292ms dnscry.pt-portland-ipv4
[2025-03-05 10:23:00] [NOTICE] -   294ms cs-nv
[2025-03-05 10:23:00] [NOTICE] -   298ms cs-ireland
[2025-03-05 10:23:00] [NOTICE] -   298ms cs-singapore
[2025-03-05 10:23:00] [NOTICE] -   298ms dnscry.pt-losangeles02-ipv4
[2025-03-05 10:23:00] [NOTICE] -   298ms cs-la
[2025-03-05 10:23:00] [NOTICE] -   300ms dnscry.pt-taipeh-ipv4
[2025-03-05 10:23:00] [NOTICE] -   300ms dnscry.pt-santaclara-ipv4
[2025-03-05 10:23:00] [NOTICE] -   301ms dnscry.pt-singapore-ipv4
[2025-03-05 10:23:00] [NOTICE] -   301ms dnscry.pt-taos-ipv4
[2025-03-05 10:23:00] [NOTICE] -   320ms cs-sydney
[2025-03-05 10:23:00] [NOTICE] -   320ms dnscry.pt-seattle-ipv4
[2025-03-05 10:23:00] [NOTICE] -   325ms dnscry.pt-johannesburg-ipv4
[2025-03-05 10:23:00] [NOTICE] -   333ms dnscry.pt-lima02-ipv4
[2025-03-05 10:23:00] [NOTICE] -   339ms dnscry.pt-bogota-ipv4
[2025-03-05 10:23:00] [NOTICE] -   339ms dnscry.pt-brisbane-ipv4
[2025-03-05 10:23:00] [NOTICE] -   341ms cs-brazil
[2025-03-05 10:23:00] [NOTICE] -   357ms dnscry.pt-hongkong-ipv4
[2025-03-05 10:23:00] [NOTICE] -   372ms dnscry.pt-saopaulo-ipv4
[2025-03-05 10:23:00] [NOTICE] -   380ms dnscry.pt-valdivia-ipv4
[2025-03-05 10:23:00] [NOTICE] -   384ms quad101
[2025-03-05 10:23:00] [NOTICE] -   394ms jp.tiarap.org
[2025-03-05 10:23:00] [NOTICE] -   411ms dnscry.pt-seoul-ipv4
[2025-03-05 10:23:00] [NOTICE] -   412ms dnscry.pt-auckland-ipv4
[2025-03-05 10:23:00] [NOTICE] -   435ms cs-tokyo
[2025-03-05 10:23:00] [NOTICE] -   476ms dnscry.pt-singapore02-ipv4
[2025-03-05 10:23:00] [NOTICE] -   501ms dnscry.pt-sydney-ipv4
[2025-03-05 10:23:00] [NOTICE] -   506ms dnscry.pt-sydney02-ipv4
[2025-03-05 10:23:00] [NOTICE] Server with the lowest initial latency: quad9-dnscrypt-ip4-nofilter-ecs-pri (rtt: 34ms)
[2025-03-05 10:23:00] [NOTICE] dnscrypt-proxy is ready - live servers: 204
[2025-03-05 10:24:47] [NOTICE] Stopped

Where does it happen?

Windows 7 X64 SP1, dnscrypt 2.1.7 (patched with golang - patcher) and 2.15 (the same story)

How do we replicate the issue?

The problem is reproduced on the newly installed Windows 7 X64 SP1 on Virtualbox and on the host system

Set in the settings

server_names = ['google', 'cloudflare', 'yandex']

Expected behavior (i.e. solution)

Resolving through resolvers bypassing x509 error
@dapphp
Copy link

dapphp commented Mar 7, 2025

Try installing and trusting http://i.pki.goog/wr2.crt and see if that fixes. dnscrypt-proxy uses the crypto/tls package for handling SSL/TLS connections. This package uses the system's certificate store on Windows. The google ca cert was created on Dec 13 09:00:00 2023 GMT so Windows 7 wouldn't know about it since it doesn't get updates or security updates. It also can't run recent versions of Firefox or Chrome, so, watch out for malware.

@Baltazar500
Copy link
Author

Already tried. Without effect. I also tried various tricks with updating the full set of root certificates - without effect :( Under a very old linux in VirtualBox there are no problems :/ On smartphones with an old android, too everything is OK :/

@dapphp
Copy link

dapphp commented Mar 8, 2025

Ah, bummer. I didn't look closely enough at the verification error message either.

tls: failed to verify certificate: x509: certificate is valid for 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844, 2001:4860:4860::6464, 2001:4860:4860::64, not 8.8.4.4

The apparent server IP is included in the list of subject alt names but the ssl verification routine doesn't seem to be matching on it properly 🤔

@lifenjoiner
Copy link
Member

On Win10 22H2, at least yandex is working on my side.

The error message is puzzling.
I guess you should install the crypto-suite patches, considering your OS.

@Baltazar500
Copy link
Author

@lifenjoiner,

I guess you should install the crypto-suite patches, considering your OS.

KB4474419? Or what other patches? KB4474419 I installed. No effect :(

@jedisct1
Copy link
Member

jedisct1 commented Mar 8, 2025

Maybe some antivirus or spyware hijacking HTTPS traffic?

@lifenjoiner
Copy link
Member

I don't use Win7 any more. You check it out:

Got a summary by asking DeepSeek: What are the https features missing on Windows 7 SP1 compared to Windows 10?
KB3033929 basically.
Image

https://github.com/XTLS/go-win7/blob/build/README-eng.md#go-121 recommends KB4490628.
Image

More details:
Google DNS has 2 SHA256withRSA certs: https://www.ssllabs.com/ssltest/analyze.html?d=dns.google.com&s=8.8.4.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jedisct1 @dapphp @Baltazar500 @lifenjoiner