userdoc:tt_dns_tls_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
userdoc:tt_dns_tls_proxy [2020/06/03 09:30]
abelbeck [DNS-TLS Proxy server list] 		userdoc:tt_dns_tls_proxy [2020/12/14 17:23]
abelbeck [DNS-TLS Proxy Server]
Line 1: Line 1:
 ====== DNS-TLS Proxy Server ====== ====== DNS-TLS Proxy Server ======
  
-AstLinux now supports the [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby|getdns/stubby]] package, a local DNS Privacy stub resolver using DNS-over-TLS+AstLinux supports the [[https://nlnetlabs.nl/projects/unbound/about/|unbound]] package, functioning as a local DNS proxy forwarder using DNS-over-TLS.
-Getdns/Stubby encrypts local DNS queries forwarded to upstream recursive DNS-TLS servers.+
  
-The ''stubby'' local service functions as a DNS forwarder, used in conjunction with dnsmasq, encrypting and authenticating requests using the DNS-TLS protocol and passing them to an upstream DNS-TLS server.+The ''unbound'' local service functions as a DNS forwarder, used in conjunction with dnsmasq, encrypting and authenticating requests using the DNS-TLS protocol and passing them to an upstream DNS-TLS server.
  
-!!Info ->!! DNS and Privacy talk by [[https://www.youtube.com/watch?v=gQfjEFZNlLg|Sara Dickinson]], Sinodun YouTube+!!NoteAstLinux 1.3.3 through 1.4.0 offered DNS-TLS but used ''stubby''!!
  
-!!Note: AstLinux 1.3.or later is required!!+!!Note: AstLinux 1.4.or later uses unbound!!
  
 ==== DNS-TLS Proxy Configuration ==== ==== DNS-TLS Proxy Configuration ====
Line 50: Line 49:
  
 Below is a list of IPv4-only and IPv4/IPv6 entries for various public "anycast" DNS-TLS servers. Below is a list of IPv4-only and IPv4/IPv6 entries for various public "anycast" DNS-TLS servers.
- 
-!!Tip ->!! [[wp>EDNS_Client_Subnet|EDNS (Client Subnet)]] includes subnet info for your host so CDNs get the closest server.  A grey-area privacy leak, but possibly a better DNS result for geo-diverse servers. 
  
 **Quad9 DNSSEC (block threats/malware)** **Quad9 DNSSEC (block threats/malware)**
Line 63: Line 60:
   9.9.9.9~dns.quad9.net   9.9.9.9~dns.quad9.net
  
-**Quad9 DNSSEC+EDNS (block threats/malware)**+**Quad9 (no filtering, no upstream DNSSEC)**
  
 IPv4-only: IPv4-only:
-  9.9.9.11~dns.quad9.net +  9.9.9.10~dns.quad9.net 
-  149.112.112.11~dns.quad9.net+  149.112.112.10~dns.quad9.net
  
 IPv4/IPv6: IPv4/IPv6:
-  2620:fe::11~dns.quad9.net +  2620:fe::10~dns.quad9.net 
-  9.9.9.11~dns.quad9.net+  9.9.9.10~dns.quad9.net
  
 **Cloudflare DNSSEC (no filtering)** **Cloudflare DNSSEC (no filtering)**
  • userdoc/tt_dns_tls_proxy.txt
  • Last modified: 2023/02/17 19:38
  • by abelbeck