I am trying to configure stubby on 24.10.0 ( I have a working 23.05 working fine ) but all I get is:
STUBBY: *FAILURE* no valid transports or upstreams available!
The config file is standard , i basically only change the trigger , but that should not even matter if I am testing using dig:
dig cnn.com @127.0.0.1 -p5453
; <<>> DiG 9.20.4 <<>> +search cnn.com @127.0.0.1 -p5453
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62892
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
config stubby 'global'
option manual '0'
option trigger 'wan2'
# option triggerdelay '2'
list dns_transport 'GETDNS_TRANSPORT_TLS'
option tls_authentication '1'
option tls_query_padding_blocksize '128'
# option tls_connection_retries '2'
# option tls_backoff_time '3600'
# option timeout '5000'
# option dnssec_return_status '0'
option appdata_dir '/var/lib/stubby'
# option trust_anchors_backoff_time 2500
# option dnssec_trust_anchors '/var/lib/stubby/getdns-root.key'
option edns_client_subnet_private '1'
option idle_timeout '10000'
option round_robin_upstreams '1'
list listen_address '127.0.0.1@5453'
#list listen_address '0::1@5453'
option log_level '7'
# option command_line_arguments ''
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
# Upstream resolvers are specified using 'resolver' sections.
config resolver
option address '2606:4700:4700::1111'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '2606:4700:4700::1001'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '1.1.1.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '1.0.0.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
With log_level debug I have:
daemon.err stubby[4808]: [19:55:00.817474] STUBBY: 1.0.0.1 : Conn opened: TLS - Strict Profile
daemon.err stubby[4808]: [19:55:00.819091] STUBBY: 1.0.0.1 : Conn closed: TLS - *Failure*
daemon.err stubby[4808]: [19:55:00.819307] STUBBY: 2606:4700:4700::1111 : Conn closed: TLS - Resps= 0, Timeouts = 0, Curr_auth = None, Keepalive(ms)= 0
daemon.err stubby[4808]: [19:55:00.819376] STUBBY: 2606:4700:4700::1111 : Upstream : TLS - Resps= 0, Timeouts = 0, Best_auth = None
daemon.err stubby[4808]: [19:55:00.819433] STUBBY: 2606:4700:4700::1111 : Upstream : TLS - Conns= 0, Conn_fails= 2, Conn_shuts= 0, Backoffs = 4
daemon.err stubby[4808]: [19:55:00.819504] STUBBY: 2606:4700:4700::1111 : Upstream : !Backing off TLS on this upstream - Will retry again in 4s at Thu Feb 27 19:55:04 2025
daemon.err stubby[4808]: [19:55:00.819639] STUBBY: 2606:4700:4700::1001 : Conn closed: TLS - Resps= 0, Timeouts = 0, Curr_auth = None, Keepalive(ms)= 0
daemon.err stubby[4808]: [19:55:00.819701] STUBBY: 2606:4700:4700::1001 : Upstream : TLS - Resps= 0, Timeouts = 0, Best_auth = None
daemon.err stubby[4808]: [19:55:00.819752] STUBBY: 2606:4700:4700::1001 : Upstream : TLS - Conns= 0, Conn_fails= 2, Conn_shuts= 0, Backoffs = 3
daemon.err stubby[4808]: [19:55:00.819816] STUBBY: 2606:4700:4700::1001 : Upstream : !Backing off TLS on this upstream - Will retry again in 4s at Thu Feb 27 19:55:04 2025
daemon.err stubby[4808]: [19:55:00.819872] STUBBY: 1.0.0.1 : Conn closed: TLS - Resps= 0, Timeouts = 0, Curr_auth = None, Keepalive(ms)= 0
daemon.err stubby[4808]: [19:55:00.819926] STUBBY: 1.0.0.1 : Upstream : TLS - Resps= 0, Timeouts = 0, Best_auth = None
daemon.err stubby[4808]: [19:55:00.819980] STUBBY: 1.0.0.1 : Upstream : TLS - Conns= 0, Conn_fails= 2, Conn_shuts= 0, Backoffs = 5
daemon.err stubby[4808]: [19:55:00.820044] STUBBY: 1.0.0.1 : Upstream : !Backing off TLS on this upstream - Will retry again in 8s at Thu Feb 27 19:55:08 2025
daemon.err stubby[4808]: [19:55:00.820520] STUBBY: 1.1.1.1 : Conn closed: TLS - *Failure*
daemon.err stubby[4808]: [19:55:00.820574] STUBBY: 1.0.0.1 : Upstream : No valid upstreams for TLS... promoting this backed-off upstream for re-try...
daemon.err stubby[4808]: [19:55:00.820938] STUBBY: 1.0.0.1 : Conn opened: TLS - Strict Profile
daemon.err stubby[4808]: [19:55:00.820993] STUBBY: *FAILURE* no valid transports or upstreams available!
daemon.err stubby[4808]: [19:55:00.821388] STUBBY: 1.1.1.1 : Conn closed: TLS - Resps= 0, Timeouts = 0, Curr_auth = None, Keepalive(ms)= 0
daemon.err stubby[4808]: [19:55:00.821458] STUBBY: 1.1.1.1 : Upstream : TLS - Resps= 0, Timeouts = 0, Best_auth = None
daemon.err stubby[4808]: [19:55:00.821509] STUBBY: 1.1.1.1 : Upstream : TLS - Conns= 0, Conn_fails= 2, Conn_shuts= 0, Backoffs = 5
daemon.err stubby[4808]: [19:55:00.821575] STUBBY: 1.1.1.1 : Upstream : !Backing off TLS on this upstream - Will retry again in 2s ...
Any ideas ?