Skip to content

Adding NoAds/NoTrackers support to Dns Over TLS

ebal requested to merge 45_DoT_noads into master

Closes https://gitlab.com/libreops/org/-/issues/45

Testing

default DoT (port 853)

$ kdig @116.202.176.26 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
www3.l.google.com.
172.217.168.206

no-ads DoT (port 854)

$ kdig @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
0.0.0.0

With Debug

DoT - 853

$ kdig -d @116.202.176.26 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
;; DEBUG: Querying for owner(analytics.google.com.), class(1), type(1), server(116.202.176.26), port(853), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG:  #1, CN=libredns.gr
;; DEBUG:      SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG:  #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG:      SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted. 
www3.l.google.com.
172.217.168.206

DoT - 854

$ kdig -d @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
;; DEBUG: Querying for owner(analytics.google.com.), class(1), type(1), server(116.202.176.26), port(854), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG:  #1, CN=libredns.gr
;; DEBUG:      SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG:  #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG:      SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted. 
0.0.0.0

but in general it works

$ kdig -d @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr google.com +short;; DEBUG: Querying for owner(google.com.), class(1), type(1), server(116.202.176.26), port(854), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG:  #1, CN=libredns.gr
;; DEBUG:      SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG:  #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG:      SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted. 
172.217.20.110

Merge request reports