From c0ea02a12b563e05e60f7f4c8174af82c5c6b287 Mon Sep 17 00:00:00 2001
From: Harm Vos
Date: Thu, 22 Nov 2018 08:56:28 +0100
Subject: [PATCH] add stubby
---
stubby/docs/index.md | 49 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
create mode 100644 stubby/docs/index.md
diff --git a/stubby/docs/index.md b/stubby/docs/index.md
new file mode 100644
index 0000000..e8e8e43
--- /dev/null
+++ b/stubby/docs/index.md
@@ -0,0 +1,49 @@
+## stubby
+Get it here ! [Stubby](https://github.com/getdnsapi/stubby)
+For more information read [dnsprivacy](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby)
+
+Stubby runs on Windows, maxOS and *nix.
+
+`configuration of stubby`
+
+````
+resolution_type: GETDNS_RESOLUTION_STUB
+dnssec_return_status: GETDNS_EXTENSION_TRUE
+dns_transport_list:
+ - GETDNS_TRANSPORT_TLS
+tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+tls_query_padding_blocksize: 256
+edns_client_subnet_private : 1
+idle_timeout: 10000
+listen_addresses:
+ - 127.0.0.1
+ - 0::1
+round_robin_upstreams: 1
+upstream_recursive_servers:
+# The RUG NS servers
+ - address_data: 129.125.4.130
+ tls_auth_name: "dnsres1.nic.rug.nl"
+ tls_pubkey_pinset:
+ - digest: "sha256"
+ value:
+ - address_data: 129.125.4.133
+ tls_auth_name: "dnsres2.nic.rug.nl"
+ tls_pubkey_pinset:
+ - digest: "sha256"
+ value:
+
+````
+
+`De tls_pubkey_pinset value is a verification string, to get it :`
+
+````
+echo | openssl s_client -connect '129.125.4.130:853' 2>/dev/null \
+| openssl x509 -pubkey -noout | openssl pkey -pubin -outform der \
+| openssl dgst -sha256 -binary | openssl enc -base64
+
+````
+
+`Or use this one ;)`
+````
+I96hqJ3Iv9Rpu4ukrDwhsmOGUertpS20JpA2gwilHrA
+````