dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity

numa.toml documented odoh entries; 404 #138

New Issue
Closed
opened 2026-04-23 11:31:40 +08:00 by bcookatpcsd · 1 comment
bcookatpcsd commented 2026-04-23 11:31:40 +08:00 (Migrated from github.com)
Copy Link

Using the current numa.toml for reference

[2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:49773 | A gspe35-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:50743 | A gsp-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.484Z INFO  numa::ctx] 192.168.188.190:49773 | A gspe35-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms
[2026-04-23T03:00:18.484Z INFO  numa::ctx] 192.168.188.190:50743 | A gsp-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms
[2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:58962 | HTTPS gsp-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.484Z INFO  numa::ctx] 192.168.188.190:58962 | HTTPS gsp-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms
[2026-04-23T03:00:18.488Z ERROR numa::ctx] 192.168.188.190:53833 | HTTPS gspe35-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.488Z INFO  numa::ctx] 192.168.188.190:53833 | HTTPS gspe35-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 103ms
[2026-04-23T03:00:18.492Z ERROR numa::ctx] 192.168.188.198:57768 | A android.clients.google.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.492Z INFO  numa::ctx] 192.168.188.198:57768 | A android.clients.google.com | SERVFAIL | SERVFAIL | 104ms
[2026-04-23T03:00:18.603Z ERROR numa::ctx] 192.168.188.198:50414 | HTTPS android.clients.google.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found:
[2026-04-23T03:00:18.603Z INFO  numa::ctx] 192.168.188.198:50414 | HTTPS android.clients.google.com | SERVFAIL | SERVFAIL | 105ms

docs - not working

[upstream]
	mode = "odoh"
	relay = "https://odoh-relay.numa.rs/proxy"
	target = "https://odoh.cloudflare-dns.com/dns-query"

Possibly incorporate some logic from here:

https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-relays.md
https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md

working.. different relay (thank you Frank..)

[upstream]
	mode = "odoh"
	relay = "https://odoh-relay.edgecompute.app"
	target = "https://odoh.cloudflare-dns.com/dns-query"

not working of course..

	target = [ "https://odoh.cloudflare-dns.com/dns-query", "https://odoh.crypto.sx/dns-query" ]

Q: is it rfc technically possibly to support multiple relay servers? would think so..

(random thought)

where/what is bootstrap dns to resolve the target and relay?

I see the docs on target_ip and relay_ip which is what made me think of how the names are being resolved?

Thank you in advance.

Image
Using the current numa.toml for reference ``` [2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:49773 | A gspe35-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:50743 | A gsp-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.484Z INFO numa::ctx] 192.168.188.190:49773 | A gspe35-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms [2026-04-23T03:00:18.484Z INFO numa::ctx] 192.168.188.190:50743 | A gsp-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms [2026-04-23T03:00:18.484Z ERROR numa::ctx] 192.168.188.190:58962 | HTTPS gsp-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.484Z INFO numa::ctx] 192.168.188.190:58962 | HTTPS gsp-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 100ms [2026-04-23T03:00:18.488Z ERROR numa::ctx] 192.168.188.190:53833 | HTTPS gspe35-ssl.ls.apple.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.488Z INFO numa::ctx] 192.168.188.190:53833 | HTTPS gspe35-ssl.ls.apple.com | SERVFAIL | SERVFAIL | 103ms [2026-04-23T03:00:18.492Z ERROR numa::ctx] 192.168.188.198:57768 | A android.clients.google.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.492Z INFO numa::ctx] 192.168.188.198:57768 | A android.clients.google.com | SERVFAIL | SERVFAIL | 104ms [2026-04-23T03:00:18.603Z ERROR numa::ctx] 192.168.188.198:50414 | HTTPS android.clients.google.com | UPSTREAM ERROR | ODoH relay returned 404 Not Found: [2026-04-23T03:00:18.603Z INFO numa::ctx] 192.168.188.198:50414 | HTTPS android.clients.google.com | SERVFAIL | SERVFAIL | 105ms ``` docs - not working ``` [upstream] mode = "odoh" relay = "https://odoh-relay.numa.rs/proxy" target = "https://odoh.cloudflare-dns.com/dns-query" ``` Possibly incorporate some logic from here: https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-relays.md https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md working.. different relay (thank you Frank..) ``` [upstream] mode = "odoh" relay = "https://odoh-relay.edgecompute.app" target = "https://odoh.cloudflare-dns.com/dns-query" ``` not working of course.. ``` target = [ "https://odoh.cloudflare-dns.com/dns-query", "https://odoh.crypto.sx/dns-query" ] ``` Q: is it rfc technically possibly to support multiple relay servers? would think so.. (random thought) where/what is bootstrap dns to resolve the target and relay? I see the docs on target_ip and relay_ip which is what made me think of how the names are being resolved? Thank you in advance. <img width="916" height="602" alt="Image" src="https://github.com/user-attachments/assets/d4cd2244-b69d-4dfb-a54a-9b012b3247e1" />
razvandimescu commented 2026-04-23 16:09:04 +08:00 (Migrated from github.com)
Copy Link

@bcookatpcsd thanks again man!! #139 was the problem ...

On target_ip / relay_ip: when Numa is the system resolver, resolving odoh.cloudflare-dns.com has to ask someone, and if it asks itself you get a chicken-and-egg deadlock. Numa ships a bootstrap resolver (plain UDP to 1.1.1.1 / 9.9.9.9 for numa -originated HTTPS lookups) to break that loop. target_ip / relay_ip are per-hostname overrides that also close the last privacy gap - without them the bootstrap resolver learns which ODoH endpoint you're using in cleartext; with them, the ODoH relay/target names never leave your box

I'll add an enhancement ticket for multi-relay support

@bcookatpcsd thanks again man!! #139 was the problem ... On target_ip / relay_ip: when Numa is the system resolver, resolving odoh.cloudflare-dns.com has to ask someone, and if it asks itself you get a chicken-and-egg deadlock. Numa ships a bootstrap resolver (plain UDP to 1.1.1.1 / 9.9.9.9 for numa -originated HTTPS lookups) to break that loop. target_ip / relay_ip are per-hostname overrides that also close the last privacy gap - without them the bootstrap resolver learns which ODoH endpoint you're using in cleartext; with them, the ODoH relay/target names never leave your box I'll add an enhancement ticket for multi-relay support
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 dependencies
Pull requests that update a dependency file
 docker
Pull requests that update docker code
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 github_actions
Pull requests that update GitHub Actions code
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 rust
Pull requests that update rust code
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/numa#138
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?