Adding NoAds/NoTrackers support to Dns Over TLS
Closes https://gitlab.com/libreops/org/-/issues/45
Testing
default DoT (port 853)
$ kdig @116.202.176.26 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
www3.l.google.com.
172.217.168.206
no-ads DoT (port 854)
$ kdig @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
0.0.0.0
With Debug
DoT - 853
$ kdig -d @116.202.176.26 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
;; DEBUG: Querying for owner(analytics.google.com.), class(1), type(1), server(116.202.176.26), port(853), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, CN=libredns.gr
;; DEBUG: SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG: #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG: SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
www3.l.google.com.
172.217.168.206
DoT - 854
$ kdig -d @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr analytics.google.com +short
;; DEBUG: Querying for owner(analytics.google.com.), class(1), type(1), server(116.202.176.26), port(854), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, CN=libredns.gr
;; DEBUG: SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG: #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG: SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
0.0.0.0
but in general it works
$ kdig -d @116.202.176.26#854 +tls-ca +tls-host=dot.libredns.gr google.com +short;; DEBUG: Querying for owner(google.com.), class(1), type(1), server(116.202.176.26), port(854), protocol(TCP)
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, CN=libredns.gr
;; DEBUG: SHA-256 PIN: V0Y0pvWkAwOPkNSPxDyZd/vJ2bo40ylADWJFu/ubPlM=
;; DEBUG: #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG: SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
172.217.20.110