50 lines
1.2 KiB
Markdown
50 lines
1.2 KiB
Markdown
## stubby
|
|
Get it here ! [Stubby](https://github.com/getdnsapi/stubby)
|
|
For more information read [dnsprivacy](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby)
|
|
</br>
|
|
Stubby runs on Windows, maxOS and *nix.
|
|
|
|
`configuration of stubby`
|
|
|
|
````
|
|
resolution_type: GETDNS_RESOLUTION_STUB
|
|
dnssec_return_status: GETDNS_EXTENSION_TRUE
|
|
dns_transport_list:
|
|
- GETDNS_TRANSPORT_TLS
|
|
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
|
|
tls_query_padding_blocksize: 256
|
|
edns_client_subnet_private : 1
|
|
idle_timeout: 10000
|
|
listen_addresses:
|
|
- 127.0.0.1
|
|
- 0::1
|
|
round_robin_upstreams: 1
|
|
upstream_recursive_servers:
|
|
# The RUG NS servers
|
|
- address_data: 129.125.4.130
|
|
tls_auth_name: "dnsres1.nic.rug.nl"
|
|
tls_pubkey_pinset:
|
|
- digest: "sha256"
|
|
value:
|
|
- address_data: 129.125.4.133
|
|
tls_auth_name: "dnsres2.nic.rug.nl"
|
|
tls_pubkey_pinset:
|
|
- digest: "sha256"
|
|
value:
|
|
|
|
````
|
|
|
|
`De tls_pubkey_pinset value is a verification string, to get it :`
|
|
|
|
````
|
|
echo | openssl s_client -connect '129.125.4.130:853' 2>/dev/null \
|
|
| openssl x509 -pubkey -noout | openssl pkey -pubin -outform der \
|
|
| openssl dgst -sha256 -binary | openssl enc -base64
|
|
|
|
````
|
|
|
|
`Or use this one ;)`
|
|
````
|
|
I96hqJ3Iv9Rpu4ukrDwhsmOGUertpS20JpA2gwilHrA
|
|
````
|