Skip to content

kdig TLS, handshake failed (A TLS fatal alert has been received.)

I am trying DNS resolution via HTTPS. Other popular servers (google, cloudflare) work fine, but fail to run with free.bravedns.com, which is one of the URLs provided by the curl project here: https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

kdig -d @free.bravedns.com +https=/dns-query +https-get example.com -t A -4

;; DEBUG: Querying for owner(example.com.), class(1), type(1), server(free.bravedns.com), port(443), protocol(TCP)
;; WARNING: TLS, handshake failed (A TLS fatal alert has been received.)
;; WARNING: TLS, handshake failed (A TLS fatal alert has been received.)
;; WARNING: TLS, handshake failed (A TLS fatal alert has been received.)
;; ERROR: failed to query server free.bravedns.com@443(TCP)

Resolving the same domain using the same server with curl works fine though:

curl -H 'accept: application/dns-json' 'https://free.bravedns.com/dns-query?name=example.com&type=A'

"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"example.com","type":1}],"Answer":[{"name":"example.com","type":1,"TTL":77546,"data":"93.184.216.34"}]}

Similarly, I could use doh-jp.blahdns.com with curl but got errors with kdig.

kdig -d @doh-jp.blahdns.com +https=/dns-query example.com -t A -4 +timeout=15

;; DEBUG: Querying for owner(example.com.), class(1), type(1), server(doh-jp.blahdns.com), port(443), protocol(TCP)
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG:  #1, CN=dot-jp.blahdns.com
;; DEBUG:      SHA-256 PIN: gIoiNFxX1Nw+7/pVsmUKBU941bMBYjEYuB2T9drULOM=
;; DEBUG:  #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG:      SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, skipping certificate verification
;; WARNING: TLS, peer has closed the connection
;; ERROR: failed to query server doh-jp.blahdns.com@443(TCP)
curl -H 'accept: application/dns-json' 'https://doh-jp.blahdns.com/dns-query?name=example.com&type=A'

{"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"example.com.","type":1}],"Answer":[{"name":"example.com.","type":1,"TTL":26102,"Expires":"Thu, 05 Nov 2020 13:36:21 UTC","data":"93.184.216.34"},{"name":"example.com.","type":46,"TTL":26102,"Expires":"Thu, 05 Nov 2020 13:36:21 UTC","data":"A 8 2 86400 20201115051118 20201025154454 62811 example.com. P8BE247EZ54+DZ1aZOVDYv3MxnxT+XAmd1W41PyBCB0QopMxAe7l6brVVXQtfDwsY6wL71BKZL7eTsyWYP9x4JQTYeY6UIwXeuOQ+uS8A+fGlQBaaPCIZCw0JQQTCCmCmmrrwpkIDAiunF0UOeRZl3CzE5QOX0lw4db/3M6nIKg="}]}
Edited by Windy G