Issue with ip-domain subdomain

[chernesk]

Hello!

Trying to set up boringproxy with takingnames.io new domain name. When I choose option 2 in boringproxy, I see this:

No admin domain set. Select an option below:                                                                                          
Enter '1' to input manually
Enter '2' to configure through TakingNames.io
2
2023/01/31 21:46:06 Get bootstrap domain
2023/01/31 21:46:07 IP domain request failed

Doing a little more digging, I see that it's trying to do a subdomain request using the namedrop-go client. If I do that from the command line I see:

chernesk@boringproxy:~$ curl https://takingnames.io/ip-domain
Too many records returned. Please contact support.

Let me know if I can be of service.

[anderspitman]

Hi @chernesk, thanks for the report. I'll look into this right away.

[anderspitman]

Ah ok the problem was obvious. Can you try again?

[anderspitman]

Actually, I think you're going to hit another different issue. Apparently the takingnames.live domain has been put on ServerHold. I suspect some people have been abusing the free subdomains I've handed out. Even though you're using a domain you've purchased, it still uses a takingnames.live "bootstrap domain" for the boringproxy integration for security purposes. Working on a fix for this now.

[anderspitman]

Alright @chernesk I believe this will work now, as long as you're using a purchased domain from TakingNames.io. Please let me know if you keep having issues.

[chernesk]

Will take a look later tonight or tomorrow AM. I purchased a domain through takingnames.io today. Will confirm.

Thank you for the quick fix!

[chernesk]

Alright @chernesk I believe this will work now, as long as you're using a purchased domain from TakingNames.io. Please let me know if you keep having issues.

I definitely get past that point that I was having issues on. I get the QR code and the link. I had to disable ipv6 on my machine (for the callbacks), but I got this when boringproxy was trying to get the SSL cert:

2023/02/01 00:55:07 Get bootstrap domain 2023/02/01 00:55:12 redacted-ip.tkip.live: obtaining certificate: [ip-redacted.tkip.live] Obtain: [ip-redacted.tkip.live] solving challenges: ip-redacted.tkip.live: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/ordernum/info) (ca=https://acme-v02.api.letsencrypt.org/directory)

I'm sure that it's my issue, but do you know why it would be returning tkip.live instead of my domain.live domain?

I'm glad to troubleshoot this over some other medium if it would help.

Basically, trying to use a domaint that I purchased today from TakingNames.io to use with boringproxy. Server on a digitalocean vm and client will be behind a natted firewall.

Thank you!

[anderspitman]

Thanks for the additional info. First, to answer your question, it's using tkip.live domains just for the intermediate steps. Basically, the NameDrop protocol is based on the OAuth2 authorization code flow. Part of that involves your browser redirecting back to the client app, which in this case is boringproxy. Rather than redirect straight to the IP address with plain HTTP, TakingNames.io creates a temporary DNS record for your IP address, which lets boringproxy get a domain from Let's Encrypt. It's only used for transferring the code, but should be slightly more secure than sending raw HTTP.

Now, to solve your problem. Before you go any further with NameDrop, can you confirm that settings the DNS records manually on TakingNames.io to point to your boringproxy instance works?

Also, what settings are you using for TLS Termination when creating the tunnel in boringproxy?

Thanks!