starred/hickory-dns

Fork 0

mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 11:15:54 +03:00

[GH-ISSUE #989] Resolver: cloudflare dns over tls possible future leak warning #585

New issue

Closed

opened 2026-03-15 23:18:13 +03:00 by kerem · 7 comments

kerem commented

2026-03-15 23:18:13 +03:00

Owner

Originally created by @nickbabcock on GitHub (Jan 12, 2020).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/989

Description

When resolving multiple addresses through a resolver configured for dns over tls using cloudflare's tls configuration, I'm seeing the following warning:

error notifying wait, possible future leak: Err(ProtoError { inner: requestor canceled })

This seems different than #355, so I opened a new issue.

Reproduce

use std::net::Ipv4Addr;
use tokio::runtime::Handle;
use trust_dns_resolver::config::{ResolverConfig, ResolverOpts};
use trust_dns_resolver::TokioAsyncResolver;

#[tokio::main]
async fn main() {
    env_logger::init();

    let args: Vec<String> = std::env::args().skip(1).collect();
    let resolver = TokioAsyncResolver::new(
        ResolverConfig::cloudflare_tls(),
        ResolverOpts::default(),
        Handle::current(),
    )
    .await
    .unwrap();

    for query in &args {
        let response = resolver.ipv4_lookup(query.as_str()).await.unwrap();
        let addresses: Vec<Ipv4Addr> = response.into_iter().collect();
        log::info!("Resolved {} to {:?}", query, addresses);
    }
}

RUST_LOG=info cargo run -- 'yahoo.com' 'google.com'

Happens for both the rustls backend and native-tls

Expected

The ipv4 addresses to be listed for each passed argument

Workaround:

Use quad 9 tls
Use plain dns
Hasn't seemed to effect anything.

System

OS: Ubuntu 18.04
Architecture: x86_64
rustc version: 1.40.0

Version

Crate: resolver
Version: 0.18.1

Originally created by @nickbabcock on GitHub (Jan 12, 2020). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/989 ### Description When resolving multiple addresses through a resolver configured for dns over tls using cloudflare's tls configuration, I'm seeing the following warning: ``` error notifying wait, possible future leak: Err(ProtoError { inner: requestor canceled }) ``` This seems different than #355, so I opened a new issue. ### Reproduce ```rust use std::net::Ipv4Addr; use tokio::runtime::Handle; use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; use trust_dns_resolver::TokioAsyncResolver; #[tokio::main] async fn main() { env_logger::init(); let args: Vec<String> = std::env::args().skip(1).collect(); let resolver = TokioAsyncResolver::new( ResolverConfig::cloudflare_tls(), ResolverOpts::default(), Handle::current(), ) .await .unwrap(); for query in &args { let response = resolver.ipv4_lookup(query.as_str()).await.unwrap(); let addresses: Vec<Ipv4Addr> = response.into_iter().collect(); log::info!("Resolved {} to {:?}", query, addresses); } } ``` ``` RUST_LOG=info cargo run -- 'yahoo.com' 'google.com' ``` Happens for both the rustls backend and native-tls ### Expected The ipv4 addresses to be listed for each passed argument ### Workaround: 1. Use quad 9 tls 2. Use plain dns 3. Hasn't seemed to effect anything. ### System - OS: Ubuntu 18.04 - Architecture: x86_64 - rustc version: 1.40.0 ### Version - Crate: resolver - Version: 0.18.1

kerem

2026-03-15 23:18:13 +03:00

closed this issue
added the
bug

crate:resolver

has workaround
labels

kerem commented

2026-03-15 23:18:29 +03:00

Author

Owner

@nickbabcock commented on GitHub (Jan 12, 2020):

Updated issue: quad 9 dns over tls works fine. It appears only cloudflare is effected.

@nickbabcock commented on GitHub (Jan 12, 2020): Updated issue: quad 9 dns over tls works fine. It appears only cloudflare is effected.

kerem commented

2026-03-15 23:18:34 +03:00

Author

Owner

@bluejekyll commented on GitHub (Jan 12, 2020):

Is it only the error message you’re seeing? Or are you seeing other poor behavior?

@bluejekyll commented on GitHub (Jan 12, 2020): Is it only the error message you’re seeing? Or are you seeing other poor behavior?

kerem commented

2026-03-15 23:18:39 +03:00

Author

Owner

@nickbabcock commented on GitHub (Jan 12, 2020):

No other error messages occurred. No poor behavior (the addresses are resolved correctly).

Under debug mode, quad9_tls looks to print an error:

[DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" }

Here are the raw debug logs

cloudflare_tls debug log

[2020-01-12T18:51:55Z DEBUG trust_dns_resolver::async_resolver] trust-dns resolver running
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_handle] querying: yahoo.com A
[2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.1.1.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None }
[2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.0.0.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None }
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] No cached session for DNSNameRef("cloudflare-dns.com")
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Not resuming any session
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] No cached session for DNSNameRef("cloudflare-dns.com")
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Not resuming any session
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Server supports tickets
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 }
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x05\xc60\x82\x05L\xa0\x03\x02\x01\x02\x02\x10\x01\xcc\xe3\x18\xde\x9fV\x7f\xab+$\x90\x1f\xad\xa7\x1d0\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r190128000000Z\x17\r210201120000Z0r1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x160\x14\x06\x03U\x04\x07\x13\rSan Francisco1\x190\x17\x06\x03U\x04\n\x13\x10Cloudflare, Inc.1\x1b0\x19\x06\x03U\x04\x03\x13\x12cloudflare-dns.com0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04\xc5 p\x8c BP(\x1e}DA|0y)\x1cc^\x1dD\x9b\xc5\xf7q:+\xde\xd2\xa2\xa4\xb1l=j\xc8w\xb8\xcb\x8f.PS\xfd\xf4\x18&\x7fa7\xed\xff\xc2\xbe\xe9\x0b]\xb9~\xe1\xdf\x1c\xe2t\xa3\x82\x03\xe80\x82\x03\xe40\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14p\x95\xdc\\\xa3\x8ef\x07\xdb\xcb\x81\x10\xc6\xab\xe7\xc3\xa8E\x7f\xa00\x81\xac\x06\x03U\x1d\x11\x04\x81\xa40\x81\xa1\x82\x12cloudflare-dns.com\x82\x14*.cloudflare-dns.com\x82\x0fone.one.one.one\x87\x04\x01\x01\x01\x01\x87\x04\x01\0\0\x01\x87\x04\xa2\x9f\x845\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x11\x11\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x10\x01\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\0d\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0d\0\x87\x04\xa2\x9f$\x01\x87\x04\xa2\x9f.\x010\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01h\x95\x1e\x14\x8b\0\0\x04\x03\0G0E\x02!\0\xe5\x9e\x83\xde1{E\x91\x1b2\xdd[4z\x8b\xe4\xdc\x82\xca\xb7Mq\xe9\xb8\x14t\xc9fA1H\xbc\x02 p\t\xf4\x94T\xa3\x88l\xc7\x9bg\x8e\x8c6I\xcc\xc8\x8f\xe5F\xa3\xd0\x9c.o\xd1\x8e\xf1\x191\x92J\0u\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01h\x95\x1e\x15l\0\0\x04\x03\0F0D\x02 P\xb4\x9fBL\xa1\xd7\xa8\x97\xc6\xffB'1w\x90e\x7f\xfa;\xc4\xeb?\x06M#\xf6\x17\\\xe4\xde\xe3\x02 \x10\xa1\xc6'\x1c\xbfb2\xa4\xed\x16Ht\xbed\xac \x8eMn&\xa43\xfd\xb2\x0cE\xe7\xc2C\xd1\xbc\0w\0\xbb\xd9\xdf\xbc\x1f\x8aq\xb5\x93\x94#\x97\xaa\x92{G8W\x95\n\xabR\xe8\x1a\x90\x96d6\x8e\x1e\xd1\x85\0\0\x01h\x95\x1e\x14\x91\0\0\x04\x03\0H0F\x02!\0\xbd\xce=0s9\x9aR\xe6\xb4\xbf\xb8\xbc\xea0\xe8\x80\x08!P\xc9\x8f\xa6L\x9f\x8b\xd0\x8fSp\x1d\xd1\x02!\0\xe3\xe4\xa2?=?\xe6Aq\xbe\xb9;\0\xa6\nv\xf7\xa5\x81]a\x8a#\xdb3f\x07c\xef\xf4\x04\x890\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020{>\xfa\x85}\x87L\xcb\xab\xfc\x8d\xd7F\xec\x1fvehk\xc2zeQ\x15\xab\xe0\x19\xb0N\xc3\xc9\x08{\x01^\x164\xb5>\xd3\xdd\x81\xac\xf6\xe7\xc9U\x05\x021\0\xcdG\xf9\x8d\xdc\xf5\xa7';\xe2X\x0e\xbap\xbb,\x11:p\xfbVo7\xc6\xa4\x98\x98\xc9?\xd3\xf9\xce^ \x0c\x11c8\x8aO@\xcam\xaa\xa5\xee\xd8\x99"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")]
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server DNS name is DNSName("cloudflare-dns.com")
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:51:55Z DEBUG rustls::client::hs] Server supports tickets
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 }
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x05\xc60\x82\x05L\xa0\x03\x02\x01\x02\x02\x10\x01\xcc\xe3\x18\xde\x9fV\x7f\xab+$\x90\x1f\xad\xa7\x1d0\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r190128000000Z\x17\r210201120000Z0r1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x160\x14\x06\x03U\x04\x07\x13\rSan Francisco1\x190\x17\x06\x03U\x04\n\x13\x10Cloudflare, Inc.1\x1b0\x19\x06\x03U\x04\x03\x13\x12cloudflare-dns.com0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04\xc5 p\x8c BP(\x1e}DA|0y)\x1cc^\x1dD\x9b\xc5\xf7q:+\xde\xd2\xa2\xa4\xb1l=j\xc8w\xb8\xcb\x8f.PS\xfd\xf4\x18&\x7fa7\xed\xff\xc2\xbe\xe9\x0b]\xb9~\xe1\xdf\x1c\xe2t\xa3\x82\x03\xe80\x82\x03\xe40\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14p\x95\xdc\\\xa3\x8ef\x07\xdb\xcb\x81\x10\xc6\xab\xe7\xc3\xa8E\x7f\xa00\x81\xac\x06\x03U\x1d\x11\x04\x81\xa40\x81\xa1\x82\x12cloudflare-dns.com\x82\x14*.cloudflare-dns.com\x82\x0fone.one.one.one\x87\x04\x01\x01\x01\x01\x87\x04\x01\0\0\x01\x87\x04\xa2\x9f\x845\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x11\x11\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x10\x01\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\0d\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0d\0\x87\x04\xa2\x9f$\x01\x87\x04\xa2\x9f.\x010\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01h\x95\x1e\x14\x8b\0\0\x04\x03\0G0E\x02!\0\xe5\x9e\x83\xde1{E\x91\x1b2\xdd[4z\x8b\xe4\xdc\x82\xca\xb7Mq\xe9\xb8\x14t\xc9fA1H\xbc\x02 p\t\xf4\x94T\xa3\x88l\xc7\x9bg\x8e\x8c6I\xcc\xc8\x8f\xe5F\xa3\xd0\x9c.o\xd1\x8e\xf1\x191\x92J\0u\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01h\x95\x1e\x15l\0\0\x04\x03\0F0D\x02 P\xb4\x9fBL\xa1\xd7\xa8\x97\xc6\xffB'1w\x90e\x7f\xfa;\xc4\xeb?\x06M#\xf6\x17\\\xe4\xde\xe3\x02 \x10\xa1\xc6'\x1c\xbfb2\xa4\xed\x16Ht\xbed\xac \x8eMn&\xa43\xfd\xb2\x0cE\xe7\xc2C\xd1\xbc\0w\0\xbb\xd9\xdf\xbc\x1f\x8aq\xb5\x93\x94#\x97\xaa\x92{G8W\x95\n\xabR\xe8\x1a\x90\x96d6\x8e\x1e\xd1\x85\0\0\x01h\x95\x1e\x14\x91\0\0\x04\x03\0H0F\x02!\0\xbd\xce=0s9\x9aR\xe6\xb4\xbf\xb8\xbc\xea0\xe8\x80\x08!P\xc9\x8f\xa6L\x9f\x8b\xd0\x8fSp\x1d\xd1\x02!\0\xe3\xe4\xa2?=?\xe6Aq\xbe\xb9;\0\xa6\nv\xf7\xa5\x81]a\x8a#\xdb3f\x07c\xef\xf4\x04\x890\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020{>\xfa\x85}\x87L\xcb\xab\xfc\x8d\xd7F\xec\x1fvehk\xc2zeQ\x15\xab\xe0\x19\xb0N\xc3\xc9\x08{\x01^\x164\xb5>\xd3\xdd\x81\xac\xf6\xe7\xc9U\x05\x021\0\xcdG\xf9\x8d\xdc\xf5\xa7';\xe2X\x0e\xbap\xbb,\x11:p\xfbVo7\xc6\xa4\x98\x98\xc9?\xd3\xf9\xce^ \x0c\x11c8\x8aO@\xcam\xaa\xa5\xee\xd8\x99"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")]
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server DNS name is DNSName("cloudflare-dns.com")
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 1952
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 1.1.1.1:853
[2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 49474
[2020-01-12T18:51:55Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 1.0.0.1:853
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 134
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 134
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 134
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z INFO  tmp] Resolved yahoo.com to [72.30.35.10, 98.137.246.7, 98.137.246.8, 98.138.219.231, 98.138.219.232, 72.30.35.9]
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_handle] querying: google.com A
[2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.1.1.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None }
[2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.0.0.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None }
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(1.1.1.1:853)
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down
[2020-01-12T18:51:56Z WARN  trust_dns_proto::xfer] error notifying wait, possible future leak: Err(ProtoError { inner: 
    
    requestor canceled })
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(1.0.0.1:853)
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Resuming session
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Resuming session
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Server agreed to resume
[2020-01-12T18:51:56Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 13454
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 1.0.0.1:853
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:51:56Z DEBUG rustls::client::hs] Server agreed to resume
[2020-01-12T18:51:56Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 10654
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 1.1.1.1:853
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 55
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 55
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 55
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer
[2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:51:56Z INFO  tmp] Resolved google.com to [172.217.6.110]

quad9_tls debug log

[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::async_resolver] trust-dns resolver running
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_handle] querying: yahoo.com A
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(9.9.9.9:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None }
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V6([2620:fe::fe]:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None }
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" }
    
    io error }
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] No cached session for DNSNameRef("dns.quad9.net")
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] Not resuming any session
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] Server supports tickets
[2020-01-12T18:52:13Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 }
[2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x06\x910\x82\x06\x17\xa0\x03\x02\x01\x02\x02\x10\x05\xeb|\xa2j\x17N\xa0\x81\x0c\x01\x92A\xe7\xde\x060\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r180920000000Z\x17\r200924120000Z0[1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x110\x0f\x06\x03U\x04\x07\x13\x08Berkeley1\x0e0\x0c\x06\x03U\x04\n\x13\x05Quad91\x140\x12\x06\x03U\x04\x03\x0c\x0b*.quad9.net0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04}\x8b\xd7\x1d\x03\x85\r\x18%\xb34\x1c)\xa1'\xd4\xac\x01%H\x8a\xa0\xf1\xea\x02\xb9\xd8Q,\x08j\xacrV\xec\xfa=\xa6\xa0\x9fI\tU\x8e\xac\xfe\xb9s\x17\\\x02\xfbx\xcc$\x91\x94oC#\x89\x0e\x1df\xa3\x82\x04\xca0\x82\x04\xc60\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x7f\xa9\x12\xa5\xd7\xc6\x8bH\x02\xc7=*En@\x1e@`\xf4\x970\x82\x01\x8d\x06\x03U\x1d\x11\x04\x82\x01\x840\x82\x01\x80\x82\x0b*.quad9.net\x82\tquad9.net\x87\x04\t\t\t\t\x87\x04\t\t\t\n\x87\x04\t\t\t\x0b\x87\x04\t\t\t\x0c\x87\x04\t\t\t\r\x87\x04\t\t\t\x0e\x87\x04\t\t\t\x0f\x87\x04\x95pp\t\x87\x04\x95pp\n\x87\x04\x95pp\x0b\x87\x04\x95pp\x0c\x87\x04\x95pp\r\x87\x04\x95pp\x0e\x87\x04\x95pp\x0f\x87\x04\x95ppp\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\t\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x10\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x11\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x12\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x13\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x14\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x15\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\xfe\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\t\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x10\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x11\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x12\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x13\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x14\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x150\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01e\xf8\xe3_M\0\0\x04\x03\0G0E\x02 Uv\x8c\x05y\xf7kY\xf2\x8bJN\x1c\x93\x94\xa3\x97\xb8\xc1\xa1h\xd6\xa9\xceq(\xbeB\x84\x12\xdf\xc4\x02!\0\xdf\xf5\xe4mCv\xce\xcbbb\xf9b8Py\xdf\x11v4\n\xf1\rxY^\xd7\xde\\\xd3\t\x95\xea\0v\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01e\xf8\xe3`\x18\0\0\x04\x03\0G0E\x02 3\xbf\xbap\x92[\x92\xbcj\x0e\tD!o<\x96!\xb9\x99\x83\xed\xf1\xeeA\x91w\xf2k\xe8[F\xf0\x02!\0\xd8,j@\x91\xb2\x94\xf3\xba'\xd2wy\x16\xa3\xa9\xb7\x96i\xde\x19\xe8\tI\x1d\x85}\x14c\xc1\x9b\xb6\0v\0\xeeK\xbd\xb7u\xce`\xba\xe1Bi\x1f\xab\xe1\x9ef\xa3\x0f~_\xb0r\xd8\x83\0\xc4{\x89z\xa8\xfd\xcb\0\0\x01e\xf8\xe3_r\0\0\x04\x03\0G0E\x02 E\x8c/\xbb\x8bh\x08p9g\xa2fB\xb4M\xd15CI\xc6j\r\xcd\xbe\x95\x98`|\xffWI\xa1\x02!\0\xf6c\x8f\x90\x12T\xe3=Z\xabLM\xa9\xe8\x01L,\x96\xe2\x97v1\xf9\xb2D\x92\xb9\r\xd6\xa6\x8a\n0\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020&\xf2W6@\xd1I\xbd\x9a/\"-`\x9e\xaan\x0bY\xfc\x8d\xab\x08\x182N\x1d\t5\xde\x8e\x11\x1d\xcf N\xafG\xcb1\x83-\xf3\x82\xffAk\xfe\x0c\x021\0\xbb( \xa5\xc6\xd2\xec\x04k\xa6\xfbe=\x82\xadq&\xf7\xc2nz\x97\xb3m\xfc\xb9j@$\xf3mRu\xe5\xe2%W\x1cQ\xbd7\xb6a<U\x12\xcdt"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")]
[2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Server DNS name is DNSName("dns.quad9.net")
[2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 53810
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 9.9.9.9:853
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 134
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 134
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 134
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:13Z INFO  tmp] Resolved yahoo.com to [98.138.219.232, 98.137.246.8, 98.137.246.7, 98.138.219.231, 72.30.35.10, 72.30.35.9]
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_handle] querying: google.com A
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(9.9.9.9:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None }
[2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V6([2620:fe::fe]:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None }
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" }
    
    io error }
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(9.9.9.9:853)
[2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down
[2020-01-12T18:52:13Z DEBUG rustls::client::hs] Resuming session
[2020-01-12T18:52:14Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-01-12T18:52:14Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[2020-01-12T18:52:14Z DEBUG rustls::client::hs] Server agreed to resume
[2020-01-12T18:52:14Z DEBUG rustls::client::tls12] Session saved
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }]
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 18696
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 9.9.9.9:853
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 55
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 55
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 55
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer
[2020-01-12T18:52:14Z DEBUG trust_dns_proto::rr::record_data] reading A
[2020-01-12T18:52:14Z INFO  tmp] Resolved google.com to [172.217.15.110]

The only thing that pops up to me is that the cloudflare enques two messages (one to 1.1.1.1, 1.0.0.1) when quad9 does only one (only to ... 9.9.9.9).

When I use a cloudflare_tls config of

pub fn cloudflare_tls() -> ResolverConfig {
    ResolverConfig::from_parts(
        None,
        vec![],
        NameServerConfigGroup::from_ips_tls(
            &[IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1))],
            853,
            "cloudflare-dns.com".to_string(),
        ),
    )
}

I do not see the warning (maybe because it now only sends one message?) 🤔

@nickbabcock commented on GitHub (Jan 12, 2020): No other error messages occurred. No poor behavior (the addresses are resolved correctly). Under debug mode, quad9_tls looks to print an error: ``` [DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" } ``` Here are the raw debug logs <details> <summary>cloudflare_tls debug log</summary> ``` [2020-01-12T18:51:55Z DEBUG trust_dns_resolver::async_resolver] trust-dns resolver running [2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_handle] querying: yahoo.com A [2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.1.1.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None } [2020-01-12T18:51:55Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.0.0.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None } [2020-01-12T18:51:55Z DEBUG rustls::client::hs] No cached session for DNSNameRef("cloudflare-dns.com") [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Not resuming any session [2020-01-12T18:51:55Z DEBUG rustls::client::hs] No cached session for DNSNameRef("cloudflare-dns.com") [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Not resuming any session [2020-01-12T18:51:55Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Server supports tickets [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 } [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x05\xc60\x82\x05L\xa0\x03\x02\x01\x02\x02\x10\x01\xcc\xe3\x18\xde\x9fV\x7f\xab+$\x90\x1f\xad\xa7\x1d0\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r190128000000Z\x17\r210201120000Z0r1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x160\x14\x06\x03U\x04\x07\x13\rSan Francisco1\x190\x17\x06\x03U\x04\n\x13\x10Cloudflare, Inc.1\x1b0\x19\x06\x03U\x04\x03\x13\x12cloudflare-dns.com0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04\xc5 p\x8c BP(\x1e}DA|0y)\x1cc^\x1dD\x9b\xc5\xf7q:+\xde\xd2\xa2\xa4\xb1l=j\xc8w\xb8\xcb\x8f.PS\xfd\xf4\x18&\x7fa7\xed\xff\xc2\xbe\xe9\x0b]\xb9~\xe1\xdf\x1c\xe2t\xa3\x82\x03\xe80\x82\x03\xe40\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14p\x95\xdc\\\xa3\x8ef\x07\xdb\xcb\x81\x10\xc6\xab\xe7\xc3\xa8E\x7f\xa00\x81\xac\x06\x03U\x1d\x11\x04\x81\xa40\x81\xa1\x82\x12cloudflare-dns.com\x82\x14*.cloudflare-dns.com\x82\x0fone.one.one.one\x87\x04\x01\x01\x01\x01\x87\x04\x01\0\0\x01\x87\x04\xa2\x9f\x845\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x11\x11\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x10\x01\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\0d\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0d\0\x87\x04\xa2\x9f$\x01\x87\x04\xa2\x9f.\x010\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01h\x95\x1e\x14\x8b\0\0\x04\x03\0G0E\x02!\0\xe5\x9e\x83\xde1{E\x91\x1b2\xdd[4z\x8b\xe4\xdc\x82\xca\xb7Mq\xe9\xb8\x14t\xc9fA1H\xbc\x02 p\t\xf4\x94T\xa3\x88l\xc7\x9bg\x8e\x8c6I\xcc\xc8\x8f\xe5F\xa3\xd0\x9c.o\xd1\x8e\xf1\x191\x92J\0u\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01h\x95\x1e\x15l\0\0\x04\x03\0F0D\x02 P\xb4\x9fBL\xa1\xd7\xa8\x97\xc6\xffB'1w\x90e\x7f\xfa;\xc4\xeb?\x06M#\xf6\x17\\\xe4\xde\xe3\x02 \x10\xa1\xc6'\x1c\xbfb2\xa4\xed\x16Ht\xbed\xac \x8eMn&\xa43\xfd\xb2\x0cE\xe7\xc2C\xd1\xbc\0w\0\xbb\xd9\xdf\xbc\x1f\x8aq\xb5\x93\x94#\x97\xaa\x92{G8W\x95\n\xabR\xe8\x1a\x90\x96d6\x8e\x1e\xd1\x85\0\0\x01h\x95\x1e\x14\x91\0\0\x04\x03\0H0F\x02!\0\xbd\xce=0s9\x9aR\xe6\xb4\xbf\xb8\xbc\xea0\xe8\x80\x08!P\xc9\x8f\xa6L\x9f\x8b\xd0\x8fSp\x1d\xd1\x02!\0\xe3\xe4\xa2?=?\xe6Aq\xbe\xb9;\0\xa6\nv\xf7\xa5\x81]a\x8a#\xdb3f\x07c\xef\xf4\x04\x890\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020{>\xfa\x85}\x87L\xcb\xab\xfc\x8d\xd7F\xec\x1fvehk\xc2zeQ\x15\xab\xe0\x19\xb0N\xc3\xc9\x08{\x01^\x164\xb5>\xd3\xdd\x81\xac\xf6\xe7\xc9U\x05\x021\0\xcdG\xf9\x8d\xdc\xf5\xa7';\xe2X\x0e\xbap\xbb,\x11:p\xfbVo7\xc6\xa4\x98\x98\xc9?\xd3\xf9\xce^ \x0c\x11c8\x8aO@\xcam\xaa\xa5\xee\xd8\x99"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")] [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server DNS name is DNSName("cloudflare-dns.com") [2020-01-12T18:51:55Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:51:55Z DEBUG rustls::client::hs] Server supports tickets [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 } [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x05\xc60\x82\x05L\xa0\x03\x02\x01\x02\x02\x10\x01\xcc\xe3\x18\xde\x9fV\x7f\xab+$\x90\x1f\xad\xa7\x1d0\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r190128000000Z\x17\r210201120000Z0r1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x160\x14\x06\x03U\x04\x07\x13\rSan Francisco1\x190\x17\x06\x03U\x04\n\x13\x10Cloudflare, Inc.1\x1b0\x19\x06\x03U\x04\x03\x13\x12cloudflare-dns.com0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04\xc5 p\x8c BP(\x1e}DA|0y)\x1cc^\x1dD\x9b\xc5\xf7q:+\xde\xd2\xa2\xa4\xb1l=j\xc8w\xb8\xcb\x8f.PS\xfd\xf4\x18&\x7fa7\xed\xff\xc2\xbe\xe9\x0b]\xb9~\xe1\xdf\x1c\xe2t\xa3\x82\x03\xe80\x82\x03\xe40\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14p\x95\xdc\\\xa3\x8ef\x07\xdb\xcb\x81\x10\xc6\xab\xe7\xc3\xa8E\x7f\xa00\x81\xac\x06\x03U\x1d\x11\x04\x81\xa40\x81\xa1\x82\x12cloudflare-dns.com\x82\x14*.cloudflare-dns.com\x82\x0fone.one.one.one\x87\x04\x01\x01\x01\x01\x87\x04\x01\0\0\x01\x87\x04\xa2\x9f\x845\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x11\x11\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\x10\x01\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0\0d\x87\x10&\x06G\0G\0\0\0\0\0\0\0\0\0d\0\x87\x04\xa2\x9f$\x01\x87\x04\xa2\x9f.\x010\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01h\x95\x1e\x14\x8b\0\0\x04\x03\0G0E\x02!\0\xe5\x9e\x83\xde1{E\x91\x1b2\xdd[4z\x8b\xe4\xdc\x82\xca\xb7Mq\xe9\xb8\x14t\xc9fA1H\xbc\x02 p\t\xf4\x94T\xa3\x88l\xc7\x9bg\x8e\x8c6I\xcc\xc8\x8f\xe5F\xa3\xd0\x9c.o\xd1\x8e\xf1\x191\x92J\0u\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01h\x95\x1e\x15l\0\0\x04\x03\0F0D\x02 P\xb4\x9fBL\xa1\xd7\xa8\x97\xc6\xffB'1w\x90e\x7f\xfa;\xc4\xeb?\x06M#\xf6\x17\\\xe4\xde\xe3\x02 \x10\xa1\xc6'\x1c\xbfb2\xa4\xed\x16Ht\xbed\xac \x8eMn&\xa43\xfd\xb2\x0cE\xe7\xc2C\xd1\xbc\0w\0\xbb\xd9\xdf\xbc\x1f\x8aq\xb5\x93\x94#\x97\xaa\x92{G8W\x95\n\xabR\xe8\x1a\x90\x96d6\x8e\x1e\xd1\x85\0\0\x01h\x95\x1e\x14\x91\0\0\x04\x03\0H0F\x02!\0\xbd\xce=0s9\x9aR\xe6\xb4\xbf\xb8\xbc\xea0\xe8\x80\x08!P\xc9\x8f\xa6L\x9f\x8b\xd0\x8fSp\x1d\xd1\x02!\0\xe3\xe4\xa2?=?\xe6Aq\xbe\xb9;\0\xa6\nv\xf7\xa5\x81]a\x8a#\xdb3f\x07c\xef\xf4\x04\x890\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020{>\xfa\x85}\x87L\xcb\xab\xfc\x8d\xd7F\xec\x1fvehk\xc2zeQ\x15\xab\xe0\x19\xb0N\xc3\xc9\x08{\x01^\x164\xb5>\xd3\xdd\x81\xac\xf6\xe7\xc9U\x05\x021\0\xcdG\xf9\x8d\xdc\xf5\xa7';\xe2X\x0e\xbap\xbb,\x11:p\xfbVo7\xc6\xa4\x98\x98\xc9?\xd3\xf9\xce^ \x0c\x11c8\x8aO@\xcam\xaa\xa5\xee\xd8\x99"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")] [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Server DNS name is DNSName("cloudflare-dns.com") [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 1952 [2020-01-12T18:51:55Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 1.1.1.1:853 [2020-01-12T18:51:55Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:55Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 49474 [2020-01-12T18:51:55Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 1.0.0.1:853 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 134 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 134 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 134 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z INFO tmp] Resolved yahoo.com to [72.30.35.10, 98.137.246.7, 98.137.246.8, 98.138.219.231, 98.138.219.232, 72.30.35.9] [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_handle] querying: google.com A [2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.1.1.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None } [2020-01-12T18:51:56Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(1.0.0.1:853), protocol: Tls, tls_dns_name: Some("cloudflare-dns.com"), tls_config: None } [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(1.1.1.1:853) [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down [2020-01-12T18:51:56Z WARN trust_dns_proto::xfer] error notifying wait, possible future leak: Err(ProtoError { inner: requestor canceled }) [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(1.0.0.1:853) [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Resuming session [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Resuming session [2020-01-12T18:51:56Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Server agreed to resume [2020-01-12T18:51:56Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 13454 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 1.0.0.1:853 [2020-01-12T18:51:56Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:51:56Z DEBUG rustls::client::hs] Server agreed to resume [2020-01-12T18:51:56Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }] [2020-01-12T18:51:56Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 10654 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 1.1.1.1:853 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 55 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 55 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 55 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0 [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes [2020-01-12T18:51:56Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer [2020-01-12T18:51:56Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:51:56Z INFO tmp] Resolved google.com to [172.217.6.110] ``` </details> <details> <summary>quad9_tls debug log</summary> ``` [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::async_resolver] trust-dns resolver running [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_handle] querying: yahoo.com A [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }] [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(9.9.9.9:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None } [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V6([2620:fe::fe]:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None } [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" } io error } [2020-01-12T18:52:13Z DEBUG rustls::client::hs] No cached session for DNSNameRef("dns.quad9.net") [2020-01-12T18:52:13Z DEBUG rustls::client::hs] Not resuming any session [2020-01-12T18:52:13Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:52:13Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:52:13Z DEBUG rustls::client::hs] Server supports tickets [2020-01-12T18:52:13Z DEBUG rustls::client::tls12] ECDHE curve is ECParameters { curve_type: NamedCurve, named_group: X25519 } [2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Server cert is [Certificate(b"0\x82\x06\x910\x82\x06\x17\xa0\x03\x02\x01\x02\x02\x10\x05\xeb|\xa2j\x17N\xa0\x81\x0c\x01\x92A\xe7\xde\x060\n\x06\x08*\x86H\xce=\x04\x03\x020L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0\x1e\x17\r180920000000Z\x17\r200924120000Z0[1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x110\x0f\x06\x03U\x04\x07\x13\x08Berkeley1\x0e0\x0c\x06\x03U\x04\n\x13\x05Quad91\x140\x12\x06\x03U\x04\x03\x0c\x0b*.quad9.net0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04}\x8b\xd7\x1d\x03\x85\r\x18%\xb34\x1c)\xa1'\xd4\xac\x01%H\x8a\xa0\xf1\xea\x02\xb9\xd8Q,\x08j\xacrV\xec\xfa=\xa6\xa0\x9fI\tU\x8e\xac\xfe\xb9s\x17\\\x02\xfbx\xcc$\x91\x94oC#\x89\x0e\x1df\xa3\x82\x04\xca0\x82\x04\xc60\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x7f\xa9\x12\xa5\xd7\xc6\x8bH\x02\xc7=*En@\x1e@`\xf4\x970\x82\x01\x8d\x06\x03U\x1d\x11\x04\x82\x01\x840\x82\x01\x80\x82\x0b*.quad9.net\x82\tquad9.net\x87\x04\t\t\t\t\x87\x04\t\t\t\n\x87\x04\t\t\t\x0b\x87\x04\t\t\t\x0c\x87\x04\t\t\t\r\x87\x04\t\t\t\x0e\x87\x04\t\t\t\x0f\x87\x04\x95pp\t\x87\x04\x95pp\n\x87\x04\x95pp\x0b\x87\x04\x95pp\x0c\x87\x04\x95pp\r\x87\x04\x95pp\x0e\x87\x04\x95pp\x0f\x87\x04\x95ppp\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\t\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x10\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x11\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x12\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x13\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x14\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\x15\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\0\0\xfe\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\t\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x10\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x11\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x12\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x13\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x14\x87\x10& \0\xfe\0\0\0\0\0\0\0\0\0\xfe\0\x150\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x07\x800\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020i\x06\x03U\x1d\x1f\x04b0`0.\xa0,\xa0*\x86(http://crl3.digicert.com/ssca-ecc-g1.crl0.\xa0,\xa0*\x86(http://crl4.digicert.com/ssca-ecc-g1.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020{\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04o0m0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0E\x06\x08+\x06\x01\x05\x05\x070\x02\x869http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\00\x82\x01~\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01n\x04\x82\x01j\x01h\0v\0\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\0\0\x01e\xf8\xe3_M\0\0\x04\x03\0G0E\x02 Uv\x8c\x05y\xf7kY\xf2\x8bJN\x1c\x93\x94\xa3\x97\xb8\xc1\xa1h\xd6\xa9\xceq(\xbeB\x84\x12\xdf\xc4\x02!\0\xdf\xf5\xe4mCv\xce\xcbbb\xf9b8Py\xdf\x11v4\n\xf1\rxY^\xd7\xde\\\xd3\t\x95\xea\0v\0\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\0\0\x01e\xf8\xe3`\x18\0\0\x04\x03\0G0E\x02 3\xbf\xbap\x92[\x92\xbcj\x0e\tD!o<\x96!\xb9\x99\x83\xed\xf1\xeeA\x91w\xf2k\xe8[F\xf0\x02!\0\xd8,j@\x91\xb2\x94\xf3\xba'\xd2wy\x16\xa3\xa9\xb7\x96i\xde\x19\xe8\tI\x1d\x85}\x14c\xc1\x9b\xb6\0v\0\xeeK\xbd\xb7u\xce`\xba\xe1Bi\x1f\xab\xe1\x9ef\xa3\x0f~_\xb0r\xd8\x83\0\xc4{\x89z\xa8\xfd\xcb\0\0\x01e\xf8\xe3_r\0\0\x04\x03\0G0E\x02 E\x8c/\xbb\x8bh\x08p9g\xa2fB\xb4M\xd15CI\xc6j\r\xcd\xbe\x95\x98`|\xffWI\xa1\x02!\0\xf6c\x8f\x90\x12T\xe3=Z\xabLM\xa9\xe8\x01L,\x96\xe2\x97v1\xf9\xb2D\x92\xb9\r\xd6\xa6\x8a\n0\n\x06\x08*\x86H\xce=\x04\x03\x02\x03h\00e\x020&\xf2W6@\xd1I\xbd\x9a/\"-`\x9e\xaan\x0bY\xfc\x8d\xab\x08\x182N\x1d\t5\xde\x8e\x11\x1d\xcf N\xafG\xcb1\x83-\xf3\x82\xffAk\xfe\x0c\x021\0\xbb( \xa5\xc6\xd2\xec\x04k\xa6\xfbe=\x82\xadq&\xf7\xc2nz\x97\xb3m\xfc\xb9j@$\xf3mRu\xe5\xe2%W\x1cQ\xbd7\xb6a<U\x12\xcdt"), Certificate(b"0\x82\x03\xac0\x82\x02\x94\xa0\x03\x02\x01\x02\x02\x10\n\xcb(\xbaF^\xe59\x08vtp\xf3\xcd\xc6\x120\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\00a1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\x190\x17\x06\x03U\x04\x0b\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA0\x1e\x17\r130308120000Z\x17\r230308120000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1&0$\x06\x03U\x04\x03\x13\x1dDigiCert ECC Secure Server CA0v0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\0\"\x03b\0\x04\xe2\x08B\xeaw\xd8$\xde\xa0,d\xa4\x13\xce@\x9c#r\xa9\x02\n\x0e7?!6\xb8\x8dS\x14\xf6\xd5\x91\x95K\xf3\x96\x02\x8dq\x1e\xc4\xd8\xcb\xa7\x9f^\xef\xa0\xe6\x7fZ\x92\x11\x96So\xeb\xc0\xcb?\xae\xfd[?G$\xe7\x9a\x07.\x96\xbe\xa8/\xbbW\x18\xafq\xa4\xbdx:\x1e\xe8[<kd\x11+\xcc4+\x8c\xa3\x82\x01!0\x82\x01\x1d0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\00\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x8604\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04(0&0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0B\x06\x03U\x1d\x1f\x04;0907\xa05\xa03\x861http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=\x06\x03U\x1d \x0460402\x06\x04U\x1d \00*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa3\x9d\xe6\x1f\xf9\xda9O\xc0n\xe8\x91\xcb\x95\xa5\xda1\xe2\n\x9f0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2=\xd1U0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\0\x03\x82\x01\x01\0\xc7\x8a\xa0CK\xect\xc9\xc5\xab\xd5\x1f056n\x98V{H\xac\x05c\xae{\x9aW$W\xcco\xfa\xde\xabm\x9c\xc7\xb6\xba\xec\xce\xe7\xcasd\xdb\xdf\x047\n\0I\xb3?\x9f&\xad\x91\x8c \xe8\x1f\x88\x0e*\xfbf7\xc80\xe8\xd2\xc2$\xa7EH-\xea\x01PJ1\x94\x13\xdf\x8d_\xda*\xbbI<a\xf3y\xc8\x9cf\x92\x1a\x96*\xf4{6X\xa3,A\x10t\x1a\xd3\xedH\xb6\xd2\xbb\x8a\x06Eq3\x100zz\x98!\xdd$\xb9\xec\x9c\xb5\x92\x07\xad\x83\xc6\xc4j\xf8w\xe65\xbe\x13\x0f'd\xb2C\xbf\x83\xe9wV\xdb\x08\x87\x94G\x14\xf5_(\xaf\xa3hL\x83\x8f`\xf7\x96\x80y\x85jv&\x9d\x95\x0c \x03\x8d>\xeez(edf\xa4\xd9\x83\xea\x99t\xcdnM}\x1c\xeb\x8d\xb2\xc5\xaf\x16\x1bN\xc8\xf3U\xea\x888\x114\x1d\x11\xaf?\x07\xa8Oj\xd2t\x11/*\xfcs\xb7_\xc2\x15C\x05l\xd6}\xda\x02\xbd\"\x9bO\xd3\xf9w")] [2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Server DNS name is DNSName("dns.quad9.net") [2020-01-12T18:52:13Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [yahoo, com] }, query_type: A, query_class: IN }] [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 53810 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 38 to: 9.9.9.9:853 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 134 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 134 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 134 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0 [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes [2020-01-12T18:52:13Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:13Z INFO tmp] Resolved yahoo.com to [98.138.219.232, 98.137.246.8, 98.137.246.7, 98.138.219.231, 72.30.35.10, 72.30.35.9] [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_handle] querying: google.com A [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server_pool] sending request: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }] [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(9.9.9.9:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None } [2020-01-12T18:52:13Z DEBUG trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V6([2620:fe::fe]:853), protocol: Tls, tls_dns_name: Some("dns.quad9.net"), tls_config: None } [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] stream errored while connecting: ProtoError { inner: Os { code: 101, kind: Other, message: "Network is unreachable" } io error } [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_multiplexer] stream is done: TCP(9.9.9.9:853) [2020-01-12T18:52:13Z DEBUG trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down [2020-01-12T18:52:13Z DEBUG rustls::client::hs] Resuming session [2020-01-12T18:52:14Z DEBUG rustls::client::hs] ALPN protocol is None [2020-01-12T18:52:14Z DEBUG rustls::client::hs] Using ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [2020-01-12T18:52:14Z DEBUG rustls::client::hs] Server agreed to resume [2020-01-12T18:52:14Z DEBUG rustls::client::tls12] Session saved [2020-01-12T18:52:14Z DEBUG trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: false, labels: [google, com] }, query_type: A, query_class: IN }] [2020-01-12T18:52:14Z DEBUG trust_dns_proto::xfer::dns_multiplexer] sending message id: 18696 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] sending message len: 39 to: 9.9.9.9:853 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::LenBytes: 0 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] got length: 55 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] move ReadTcpState::Bytes: 55 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] in ReadTcpState::Bytes: 55 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] reset ReadTcpState::LenBytes: 0 [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] returning bytes [2020-01-12T18:52:14Z DEBUG trust_dns_proto::tcp::tcp_stream] returning buffer [2020-01-12T18:52:14Z DEBUG trust_dns_proto::rr::record_data] reading A [2020-01-12T18:52:14Z INFO tmp] Resolved google.com to [172.217.15.110] ``` </details> The only thing that pops up to me is that the cloudflare enques two messages (one to 1.1.1.1, 1.0.0.1) when quad9 does only one (only to ... 9.9.9.9). When I use a cloudflare_tls config of ```rust pub fn cloudflare_tls() -> ResolverConfig { ResolverConfig::from_parts( None, vec![], NameServerConfigGroup::from_ips_tls( &[IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1))], 853, "cloudflare-dns.com".to_string(), ), ) } ``` I do not see the warning (maybe because it now only sends one message?) 🤔

kerem commented

2026-03-15 23:18:44 +03:00

Author

Owner

@bluejekyll commented on GitHub (Jan 12, 2020):

This could definitely be related to #933, I haven’t had a chance to look into that one.

@bluejekyll commented on GitHub (Jan 12, 2020): This could definitely be related to #933, I haven’t had a chance to look into that one.

kerem commented

2026-03-15 23:18:50 +03:00

Author

Owner

@nickbabcock commented on GitHub (Jan 15, 2020):

Yeah it's a bit related to #933, but I can only reproduce it with dns over tls. I don't see the error with plain dns sent to multiple IPs. (I haven't tried dns over tcp to see if that is the culprit), and if it helps, the warning is not spurious -- it repros every time.

A bit of more info, I was able to get the warning to appear with multiple ips for quad 9

pub fn quad_9_tls() -> ResolverConfig {
    ResolverConfig::from_parts(
        None,
        vec![],
        NameServerConfigGroup::from_ips_tls(
            &[
                IpAddr::V4(Ipv4Addr::new(9, 9, 9, 9)),
                IpAddr::V4(Ipv4Addr::new(149,112,112,112))
            ],
            853,
            "dns.quad9.net".to_string(),
        ),
    )
}

So it seems like the best workaround for those that want to rely on (the experimental) dns over tls, to use a NameServerConfigGroup with one ip (ResolverConfig::quad9_tls() or create your own with 1.1.1.1)

@nickbabcock commented on GitHub (Jan 15, 2020): Yeah it's a bit related to #933, but I can only reproduce it with dns over tls. I don't see the error with plain dns sent to multiple IPs. (I haven't tried dns over tcp to see if that is the culprit), and if it helps, the warning is not spurious -- it repros every time. A bit of more info, I was able to get the warning to appear with multiple ips for quad 9 ```rust pub fn quad_9_tls() -> ResolverConfig { ResolverConfig::from_parts( None, vec![], NameServerConfigGroup::from_ips_tls( &[ IpAddr::V4(Ipv4Addr::new(9, 9, 9, 9)), IpAddr::V4(Ipv4Addr::new(149,112,112,112)) ], 853, "dns.quad9.net".to_string(), ), ) } ``` So it seems like the best workaround for those that want to rely on (the experimental) dns over tls, to use a `NameServerConfigGroup` with one ip (`ResolverConfig::quad9_tls()` or create your own with `1.1.1.1`)

kerem commented

2026-03-15 23:18:55 +03:00

Author

Owner

@nickbabcock commented on GitHub (Apr 7, 2020):

Not sure if this is quite fixed, using the latest master branch (git+https://github.com/bluejekyll/trust-dns#76a3776d8840b4915390f241cda94d1f12b0df73), I still receive the following warning with the reproducible snippet in OP

[2020-04-07T11:31:34Z INFO  tmp] Resolved yahoo.com to [98.137.246.8, 98.138.219.231, 98.137.246.7, 98.138.219.232, 72.30.35.9, 72.30.35.10]
[2020-04-07T11:31:34Z WARN  trust_dns_proto::xfer] error notifying wait, possible future leak: Err(ProtoError { kind: Message("requestor canceled"), backtrack: None })
[2020-04-07T11:31:34Z INFO  tmp] Resolved google.com to [216.58.192.142]

Let me know if I can be of assistance.

@nickbabcock commented on GitHub (Apr 7, 2020): Not sure if this is quite fixed, using the latest master branch (`git+https://github.com/bluejekyll/trust-dns#76a3776d8840b4915390f241cda94d1f12b0df73`), I still receive the following warning with the reproducible snippet in OP ``` [2020-04-07T11:31:34Z INFO tmp] Resolved yahoo.com to [98.137.246.8, 98.138.219.231, 98.137.246.7, 98.138.219.232, 72.30.35.9, 72.30.35.10] [2020-04-07T11:31:34Z WARN trust_dns_proto::xfer] error notifying wait, possible future leak: Err(ProtoError { kind: Message("requestor canceled"), backtrack: None }) [2020-04-07T11:31:34Z INFO tmp] Resolved google.com to [216.58.192.142] ``` Let me know if I can be of assistance.

kerem commented

2026-03-15 23:19:00 +03:00

Author

Owner

@bluejekyll commented on GitHub (Apr 7, 2020):

Thank you for check. I’ll reopen.

@bluejekyll commented on GitHub (Apr 7, 2020): Thank you for check. I’ll reopen.

kerem referenced this issue

2026-03-16 02:11:38 +03:00

[PR #585] [MERGED] Fix two separate integer overflows from substractions #1531