Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide DNS-over-HTTPS and DNS-over-TLS #285

Closed
ameshkov opened this issue Jun 11, 2018 · 10 comments
Closed

Provide DNS-over-HTTPS and DNS-over-TLS #285

ameshkov opened this issue Jun 11, 2018 · 10 comments
Assignees
@hmage @IldarKamalov
Labels
enhancement P2: High
Milestone
v0.93

Comments

@ameshkov
Copy link
Member

ameshkov commented Jun 11, 2018
edited
Loading

Subj

Details on the task: #285 (comment)
@ameshkov ameshkov added this to the v2.0 Server-side milestone Jun 11, 2018
@ameshkov ameshkov mentioned this issue Jun 11, 2018
Closed
@ashwarsadh
Copy link

Dns over TLS support should be more prioritized due to addition of Proavte DNS over TLS option inbuilt in Android 9 pie
This will allow native adblocking in Android and allow adblocking over Mobile Data, moreover it is more battery efficient approach than Adblock VPN

@ghost
Copy link

ghost commented Sep 19, 2018

That's compelling.
So you point all your mobiles and laptops to your own DNS running on docker with Cloudland and you have privacy for DNS requests and no ADS.
Finally ..

@KrasnayaPloshchad
Copy link

DNSCrypt-proxy support DoH too, and the server can be accepted via sdns:// stamp.

@ameshkov ameshkov modified the milestones: v0.91, v0.92 Oct 31, 2018
@Bluscream
Copy link

Is DNSCrypt the same as sdns:// or tls:// ?

@ameshkov
Copy link
Member Author

ameshkov commented Nov 1, 2018

No, it's a protocol, while sdns is a form of recording DNS server address

@Bluscream
Copy link

Ah okay that means we need outgoing and icoming support for all three

@ibksturm
Copy link

ibksturm commented Dec 7, 2018
edited
Loading

news?

loud thinking (i‘ll better go to bed... maybe)

it would be nice if theres a maintained list of dnscrypt servers (maybe a copy or a reference of franks work with dnscrypt-proxy) , doh (see abouve) and dot (see dnsprivacy.com)

maybe users will be able to click their resolvers, i think theres easyer to endusers

@ashwarsadh
Copy link

ashwarsadh commented Dec 13, 2018 via email

@ameshkov
Copy link
Member Author

ameshkov commented Jan 22, 2019
edited
Loading

DOH support has been added to dnsproxy in v0.9.11: https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.9.11

Here's what we need to do now:

  1. Add new settings section, check the mockup: https://uploads.adguard.com/up04_54sep_Diagrams_-_AGHome_Encryption__Moqups.png
  2. Use these new settings fields on both Web and DNS server initialization
  3. If any certificate in the chain is about to expire (<30 days), show a non-dismissable warning topline with the following text: "Your SSL certificate is about to expire. Update Encryption settings."

Validation rules:

  1. Check that the text entered to the "Certificates" field is a list of PEM-encoded certificates.
  2. Check that the text entered to the "Private key" field is a PEM-encoded private key.
  3. If server name is specified, check that it matches subaltnames of any of the specified certificates.
  4. HTTPS and TLS ports are different positive integers in the range of 80-65535. Setting HTTPS or TLS to 0 disables DOH/DOT.

@ameshkov ameshkov mentioned this issue Jan 23, 2019
Closed
@ameshkov
Copy link
Member Author

Done: #590

@ameshkov ameshkov mentioned this issue Apr 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hmage hmage

@IldarKamalov IldarKamalov

Labels
enhancement P2: High
Projects
None yet
Milestone
v0.93
Development

No branches or pull requests
7 participants
@hmage @IldarKamalov @Bluscream @ameshkov @KrasnayaPloshchad @ashwarsadh @ibksturm