DNS Server / SSL problem with Mozilla

4 posts / 0 new
Last post
#1 Sat, 04/08/2017 - 08:16
BobGeorge

DNS Server / SSL problem with Mozilla

I'm running a DNS server on localhost (127.0.0.1) on an Ubuntu laptop.

I've configured this DNS server to be the primary DNS server for the laptop. That is, I've added "supersede domain-name-servers 127.0.0.1;" to "dhclient.conf" so that the local DNS is used instead of the name servers provided via DHCP.

This all works just fine for accessing any website, except for Mozilla's servers.

Here is the verbose output of using curl to access Mozilla's main website:

$ curl -v https://www.mozilla.org/
*   Trying 69.172.201.153...
* Connected to www.mozilla.org (69.172.201.153) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the push function
* Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the push function

I'm noticing mention of TLS (gnutls) and certificates there in the error output, and "http://www.mozilla.org/" (not HTTPS) works (though this is useless, as Mozilla have, like Google and others, moved over to always using HTTPS and the HTTP address is only a redirection to the HTTPS, but I do get an error-free response with curl to the HTTP address).

So I'm thinking that this is an SSL error of some sort. But this isn't happening with other HTTPS sites, only those coming from Mozilla's servers.

What's going on here and would I go about fixing this?

(The inability to access Mozilla's servers is kind of annoying because the reason for running a DNS and web server on a laptop is to have a local web server for PHP web development. And Mozilla's MDN is a very useful web development resource for information, but their servers are the only ones I can't access through this local set-up.)

Tue, 04/11/2017 - 11:36
volk

Are you behind a proxy Internet connection? Ubuntu has some weird issues with gnutls.

Try updating it first.

Tue, 04/11/2017 - 11:57 (Reply to #2)
BobGeorge

No, no proxy.

I mean, it's a laptop on wi-fi, so it's behind a NAT. But that's all.

And, well, the thing is that every other HTTPS site - Google, YouTube, etc. - works just fine and dandy.

It's only Mozilla's servers that are having this issue. No other site I've tried does this. Just Mozilla.

Fri, 06/09/2017 - 22:43
lvlpost
lvlpost's picture

Do you change Google Public DNS 8.8.8.8 / 8.8.4.4

Topic locked