add stubby

2018-11-22 08:56:28 +01:00 · 2018-11-22 08:56:28 +01:00 · c0ea02a12b
commit c0ea02a12b
1 changed files with 49 additions and 0 deletions
--- a/stubby/docs/index.md
+++ b/stubby/docs/index.md
@ -0,0 +1,49 @@
+## stubby
+Get it here ! [Stubby](https://github.com/getdnsapi/stubby)  
+For more information read [dnsprivacy](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby)
+</br>
+Stubby runs on Windows, maxOS and *nix.
+
+`configuration of stubby`
+
+````
+resolution_type: GETDNS_RESOLUTION_STUB
+dnssec_return_status: GETDNS_EXTENSION_TRUE
+dns_transport_list:
+  - GETDNS_TRANSPORT_TLS
+tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+tls_query_padding_blocksize: 256
+edns_client_subnet_private : 1
+idle_timeout: 10000
+listen_addresses:
+  - 127.0.0.1
+  -  0::1
+round_robin_upstreams: 1
+upstream_recursive_servers:
+# The RUG NS servers
+  - address_data: 129.125.4.130
+    tls_auth_name: "dnsres1.nic.rug.nl"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 
+  - address_data: 129.125.4.133
+    tls_auth_name: "dnsres2.nic.rug.nl"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 
+
+````
+
+`De tls_pubkey_pinset value is a verification string, to get it :`
+
+````
+echo | openssl s_client -connect '129.125.4.130:853' 2>/dev/null \ 
+| openssl x509 -pubkey -noout | openssl pkey -pubin -outform der \ 
+| openssl dgst -sha256 -binary | openssl enc -base64
+
+````
+
+`Or use this one ;)`
+````
+I96hqJ3Iv9Rpu4ukrDwhsmOGUertpS20JpA2gwilHrA
+````