almost all doh server but cloudflare error: TLS handshake error: -7780

[rampageX]

doh_client -p 6666 -h 0.0.0.0 -u sdns://AgEAAAAAAAAADDEwMy44Ni40OS4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBRkb2gxLmVpZWlkbnMuY29tOjQ0MwovZG5zLXF1ZXJ5
16.02.2019 22:15:42.560 [tid=17590] Using sdns uri: sdns://AgEAAAAAAAAADDEwMy44Ni40OS4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBRkb2gxLmVpZWlkbnMuY29tOjQ0MwovZG5zLXF1ZXJ5
16.02.2019 22:15:42.560 [tid=17590] Configuration for remote DNS-over-HTTPS server (provided in sdns:// uri, may differ from actual server options):
16.02.2019 22:15:42.561 [tid=17590]     Server supports DNSSEC
16.02.2019 22:15:42.561 [tid=17590]     Server may log requests
16.02.2019 22:15:42.561 [tid=17590]     Server may block requests
16.02.2019 22:15:42.561 [tid=17590]     Address: 103.86.49.31
16.02.2019 22:15:42.561 [tid=17590]     Port: not specified (using 443)
16.02.2019 22:15:42.561 [tid=17590]     Cert pin: 3e:1a:1a:0f:6c:53:f3:e9:7a:49:2d:57:08:4b:5b:98:07:05:9e:e0:57:ab:15:05:87:6f:d8:3f:da:3d:b8:38
16.02.2019 22:15:42.561 [tid=17590]     Path: /dns-query
16.02.2019 22:15:42.561 [tid=17590]     Host: doh1.eieidns.com:443
16.02.2019 22:15:42.616 [tid=17590] Listening for DNS requests on 0.0.0.0 port 6666
16.02.2019 22:15:47.337 [tid=17590] Connecting to 103.86.49.31 port 443
16.02.2019 22:15:49.679 [tid=17590] TLS handshake error: -7280
16.02.2019 22:15:55.867 [tid=17590] Connecting to 103.86.49.31 port 443
16.02.2019 22:15:56.260 [tid=17590] TLS handshake error: -7280

and dig:

dig -p 6666 twitter.com
;; Warning: query response not set

; <<>> DiG 9.13.1 <<>> -p 6666 twitter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22936
;; flags: rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6a11abd79ac886e2 (echoed)
;; QUESTION SECTION:
;twitter.com.			IN	A

;; Query time: 293 msec
;; SERVER: 127.0.0.1#6666(127.0.0.1)
;; WHEN: Sat Feb 16 22:16:57 CST 2019
;; MSG SIZE  rcvd: 52

I search net found some mbedTLS related problem. Should we need update mbedTLS or replace with wolfSSL (TLSv1.3 support)?

[sfionov]

Sorry, I have no time to maintain this project at this time. May be this will be changed in future.

You may try lightweight dnsproxy from @AdguardTeam written in Golang:
https://github.com/AdguardTeam/dnsproxy
Or more configurable and flexible dnscrypt-proxy from @DNSCrypt written in Golang:
https://github.com/jedisct1/dnscrypt-proxy

[rampageX]

Ok, thanks anyway.