| Nächste Überarbeitung | Vorhergehende Überarbeitung |
| knb:dohdot_en [2019/10/20 18:45] – angelegt Django | knb:dohdot_en [2024/12/28 18:18] (aktuell) – Replace defunkt dns leak test site with dnsleaktest.com dasskelett |
|---|
| Sep 16, 2019 | Sep 16, 2019 |
| ===== Background Informations ===== | ===== Background Informations ===== |
| Surely you've heard of the topic that is currently haunting [[https://www.golem.de/news/wegen-cloudflare-openbsd-deaktiviert-doh-im-firefox-browser-1909-143884.html|IT-News]]. Mozilla will integrate in Firefox [[https://cloudflare.com/|Cloudflare]] as DoH-Server and activate it by default. In itself, it's not a bad idea to encrypt DNS queries so that they can't be read in open networks (like free radio). However, it is a thorn in the side of many users and us to use a provider from America by default. | Surely you've heard of the topic that is currently haunting [[https://www.golem.de/news/wegen-cloudflare-openbsd-deaktiviert-doh-im-firefox-browser-1909-143884.html|IT-News]]. Mozilla will integrate in Firefox [[https://cloudflare.com/|Cloudflare]] as DoH-Server and activate it by default. In itself, it's not a bad idea to encrypt DNS queries so that they can't be read in open networks (like Freifunk). However, it is a thorn in the side of many users and us to use a provider from America by default. |
| |
| That's why we have set up a DoH/DoT server for you, which you can for example enter directly into Firefox, use via App or combine with another DNS server. | That's why we have set up a DoH/DoT server for you, which you can for example directly add to Firefox, use via App or combine with another DNS server. |
| |
| We also registered on the page of the [[https://dnscrypt.info/public-servers/|DNSCrypt-Project]], so that we can automatically register at the resolvers in the app [[https://apps.apple.com/de/app/dnscloak-secure-dns-client/id1452162351|DNSCloak]] (iOS) or at [[https://github.com/DNSCrypt/dnscrypt-proxy|dnscrypt-proxy]]. | We also registered on the page of the [[https://dnscrypt.info/public-servers/|DNSCrypt-Project]], so that we are automatically added in apps like [[https://apps.apple.com/de/app/dnscloak-secure-dns-client/id1452162351|DNSCloak]] (iOS) or [[https://github.com/DNSCrypt/dnscrypt-proxy|dnscrypt-proxy]]. |
| |
| Addresses: | Addresses: |
| * ''doh.ffmuc.net - 195.30.94.28 / 2001:608:a01::3'' | * ''doh.ffmuc.net - IPv4: 5.1.66.255 / 185.150.99.255 IPv6: 2001:678:e68:f000:: / 2001:678:ed0:f000::'' |
| * ''dot.ffmuc.net - 195.30.94.28 / 2001:608:a01::3'' | * ''dot.ffmuc.net - IPv4: 5.1.66.255 / 185.150.99.255 IPv6: 2001:678:e68:f000:: / 2001:678:ed0:f000::'' |
| | * https://doh.ffmuc.net/dns-query |
| |
| ===== Firefox ===== | ===== Firefox ===== |
| ==== Android < 9 ==== | ==== Android < 9 ==== |
| If you have an Android system that is older than Android 9, you will need to use other apps. | If you have an Android system that is older than Android 9, you will need to use other apps. |
| Our current recommendation is "Infra". ([[https://play.google.com/store/apps/details?id=app.intra|PlayStore-Link]]). | Our current recommendation is "Intra". ([[https://play.google.com/store/apps/details?id=app.intra|PlayStore-Link]]). |
| \\ | \\ |
| \\ | \\ |
| <code> forward-zone: | <code> forward-zone: |
| name: "." | name: "." |
| forward-addr: 195.30.94.28@853#dot.ffmuc.net | forward-addr: 5.1.66.255@853#dot.ffmuc.net |
| forward-addr: 2001:608:a01::3@853#dot.ffmuc.net | forward-addr: 2001:678:e68:f000::@853#dot.ffmuc.net |
| </code> | </code> |
| |
| ===== DNS leak-Test ===== | ===== DNS leak-Test ===== |
| If everything worked out, you can do a [[http://dns-leak.com/|DNSLeak-Test]] and the result should look like this: | If everything worked out, you can do a [[https://dnsleaktest.com/|DNS leak test]] and the result should look like this: |
| |
| {{ :knb:2019-09-16-doh-success.png?direct&800 |Bild: Ergebnis beim Testen via dns-leak.com}} | {{ :knb:dnsleaktest.png?direct&800 | Bild: Ergebnis beim Testen via dnsleaktest.com }} |
| | (It can also show a different set of IP addresses in the 5.1.66.0/24 IPv4 prefix from our other PoP in Vienna, Austria) |
| | |
| | Additional sites: |
| | * https://www.dnscheck.tools/ (also checks DNSSEC support of the resolver and IPv6) |
| |
| ===== Statistics ===== | ===== Statistics ===== |
| Of course there is also a detailed **[[https://stats.ffmuc.net/d/tlvoghcZk/doh-dot?orgId=1&refresh=1m|Statusseite]]** where you can see all possible statistics about the service. | Of course there is also a detailed **[[https://stats.ffmuc.net/d/tlvoghcZk/doh-dot?orgId=1&refresh=1m|Statusseite]]** where you can see all possible statistics about the service. |
| | |
| | <WRAP center round alert 80%> |
| | **Just to say it**: \\ |
| | \\ |
| | At Freifunk München, there are no logs that allow any conclusions to be drawn about the use. |
| | There are a few general counters: \\ |
| | \\ |
| | https://stats.ffmuc.net/d/tlvoghcZk/doh-dot \\ |
| | \\ |
| | And we have logs about requests/IP for rate-limits, but they only contain '**//that//**' and not '**//what//**'. |
| | |
| | </WRAP> |
| |
| ===== More about this topic ===== | ===== More about this topic ===== |