userdoc:tt_dns_tls_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_dns_tls_proxy [2018/04/27 11:12]
abelbeck [DNS-TLS Proxy server list]
userdoc:tt_dns_tls_proxy [2023/02/17 19:38] (current)
abelbeck
Line 1: Line 1:
 ====== DNS-TLS Proxy Server ====== ====== DNS-TLS Proxy Server ======
  
-AstLinux now supports the [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby|getdns/stubby]] package, a local DNS Privacy stub resolver using DNS-over-TLS+AstLinux supports the [[https://nlnetlabs.nl/projects/unbound/about/|unbound]] package, functioning as a local DNS proxy forwarder using DNS-over-TLS.
-Getdns/Stubby encrypts local DNS queries forwarded to upstream recursive DNS-TLS servers.+
  
-The ''stubby'' local service functions as a DNS forwarder, used in conjunction with dnsmasq, encrypting and authenticating requests using the DNS-TLS protocol and passing them to an upstream DNS-TLS server.+The ''unbound'' local service functions as a DNS forwarder, used in conjunction with dnsmasq, encrypting and authenticating requests using the DNS-TLS protocol and passing them to an upstream DNS-TLS server.
  
-!!Info ->!! DNS and Privacy talk by [[https://www.youtube.com/watch?v=gQfjEFZNlLg|Sara Dickinson]], Sinodun YouTube+!!NoteAstLinux 1.3.3 through 1.4.0 supported DNS-TLS!! but used ''stubby''
  
-!!Note: AstLinux 1.3.or later is required!!+!!Note: AstLinux 1.4.or later!! uses ''unbound''
  
 ==== DNS-TLS Proxy Configuration ==== ==== DNS-TLS Proxy Configuration ====
Line 22: Line 21:
 By default DNS-TLS is disabled, to enable, select "enabled" from the menu and click **Save Settings** and then **Restart DNS-TLS**. By default DNS-TLS is disabled, to enable, select "enabled" from the menu and click **Save Settings** and then **Restart DNS-TLS**.
  
-{{:userdoc:dns_tls-default-config1.jpg?nolink|DNS-TLS Default Configuration}}+{{:userdoc:dns_tls-default-config1x.jpg?nolink|DNS-TLS Default Configuration}}
  
-The "Query Server(s)" selection defines the stubby ''round_robin_upstreams'' configuration. By default, only the first upstream recursive server entry is used to handle all DNS queries. If that server becomes unavailable then the next server in the list will be used to handle all DNS queries. +\\
- +
-!!Tip ->!! The default "one until unavailable, then next" generally yields the best performance. +
- +
-{{:userdoc:dns_tls-default-config1a.jpg?nolink|DNS-TLS Default Configuration}} +
- +
-If you want to enable the stubby ''round_robin_upstreams'' configuration, select the "across all available server(s)" option.  In this case all DNS queries will be sequentially distributed across all the upstream recursive server entries.+
  
 {{:userdoc:dns_tls-default-config2.jpg?nolink|DNS-TLS Default Configuration}} {{:userdoc:dns_tls-default-config2.jpg?nolink|DNS-TLS Default Configuration}}
Line 42: Line 35:
 The default [[https://quad9.net/|Quad9]] DNS-TLS provider is an "anycast" server, so it should provide reasonable performance throughout the world. The default [[https://quad9.net/|Quad9]] DNS-TLS provider is an "anycast" server, so it should provide reasonable performance throughout the world.
  
-If your external connection supports native IPv6, you may want to add the Quad9 IPv6 server.+Below is a list of IPv4-only and IPv4/IPv6 entries for various public "anycast" DNS-TLS servers.
  
-  2620:fe::fe~dns.quad9.net+**Quad9 DNSSEC (block threats/malware)** 
 + 
 +IPv4-only:
   9.9.9.9~dns.quad9.net   9.9.9.9~dns.quad9.net
   149.112.112.112~dns.quad9.net   149.112.112.112~dns.quad9.net
  
-If you prefer [[https://cloudflare-dns.com/|Cloudflare]]the IPv4 DNS-TLS "anycast" servers are:+IPv4/IPv6: 
 +  2620:fe::fe~dns.quad9.net 
 +  9.9.9.9~dns.quad9.net 
 + 
 +**Quad9 (no filteringno upstream DNSSEC)** 
 + 
 +IPv4-only: 
 +  9.9.9.10~dns.quad9.net 
 +  149.112.112.10~dns.quad9.net 
 + 
 +IPv4/IPv6: 
 +  2620:fe::10~dns.quad9.net 
 +  9.9.9.10~dns.quad9.net 
 + 
 +**Cloudflare DNSSEC (no filtering)**
  
 +IPv4-only:
   1.1.1.1~cloudflare-dns.com   1.1.1.1~cloudflare-dns.com
   1.0.0.1~cloudflare-dns.com   1.0.0.1~cloudflare-dns.com
  
-or, Cloudflare IPv6 DNS-TLS servers: +IPv4/IPv6:
   2606:4700:4700::1111~cloudflare-dns.com   2606:4700:4700::1111~cloudflare-dns.com
-  2606:4700:4700::1001~cloudflare-dns.com+  1.1.1.1~cloudflare-dns.com 
 + 
 +**Cloudflare DNSSEC (block malware)** 
 + 
 +IPv4-only: 
 +  1.1.1.2~cloudflare-dns.com 
 +  1.0.0.2~cloudflare-dns.com 
 + 
 +IPv4/IPv6: 
 +  2606:4700:4700::1112~cloudflare-dns.com 
 +  1.1.1.2~cloudflare-dns.com 
 + 
 +**Cloudflare DNSSEC (block malware/adult)** 
 + 
 +IPv4-only: 
 +  1.1.1.3~cloudflare-dns.com 
 +  1.0.0.3~cloudflare-dns.com 
 + 
 +IPv4/IPv6: 
 +  2606:4700:4700::1113~cloudflare-dns.com 
 +  1.1.1.3~cloudflare-dns.com 
 + 
 +**Google DNSSEC (no filtering)** 
 + 
 +IPv4-only: 
 +  8.8.8.8~dns.google 
 +  8.8.4.4~dns.google 
 + 
 +IPv4/IPv6: 
 +  2001:4860:4860::8888~dns.google 
 +  8.8.8.8~dns.google 
 + 
 +**NextDNS DNSSEC (block threats/malware/trackers/ads)** [[https://nextdns.io/|NextDNS Setup]]\\ 
 +(Replace the ''xxxxxx'' with your unique Endpoint ID) 
 + 
 +IPv4-only: 
 +  45.90.28.0~xxxxxx.dns.nextdns.io 
 +  45.90.30.0~xxxxxx.dns.nextdns.io 
 + 
 +IPv4/IPv6: 
 +  45.90.28.0~xxxxxx.dns.nextdns.io 
 +  2a07:a8c0::~xxxxxx.dns.nextdns.io 
 +  45.90.30.0~xxxxxx.dns.nextdns.io 
 +  2a07:a8c1::~xxxxxx.dns.nextdns.io
  
-Additional DNS-TLS public servers can be found here: [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers|DNS Privacy Recursive Servers]]+\\ 
 +Additional DNS-TLS public servers can be found here: [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers|DNS Privacy Public Resolvers]]
  
 +\\
  
 ==== Display DNS-TLS Status ==== ==== Display DNS-TLS Status ====
  • userdoc/tt_dns_tls_proxy.1524845563.txt.gz
  • Last modified: 2018/04/27 11:12
  • by abelbeck