diff --git a/Archived/unbound/opennic.hints b/Archived/unbound/opennic.hints deleted file mode 100755 index ed8899b..0000000 --- a/Archived/unbound/opennic.hints +++ /dev/null @@ -1,29 +0,0 @@ -. 86400 IN NS ns9.opennic.glue. -. 86400 IN NS ns10.opennic.glue. -. 86400 IN NS ns12.opennic.glue. -. 86400 IN NS ns2.opennic.glue. -. 86400 IN NS ns5.opennic.glue. -. 86400 IN NS ns3.opennic.glue. -. 86400 IN NS ns11.opennic.glue. -. 86400 IN NS ns4.opennic.glue. -. 86400 IN NS ns6.opennic.glue. -. 86400 IN NS ns8.opennic.glue. - -ns2.opennic.glue. 7200 IN A 161.97.219.84 -ns2.opennic.glue. 7200 IN AAAA 2001:470:4212:10:0:100:53:10 -ns3.opennic.glue. 7200 IN A 104.168.144.17 -ns3.opennic.glue. 7200 IN AAAA 2001:470:8269::53 -ns4.opennic.glue. 7200 IN A 163.172.168.171 -ns5.opennic.glue. 7200 IN A 94.103.153.176 -ns5.opennic.glue. 7200 IN AAAA 2a02:990:219:1:ba:1337:cafe:3 -ns6.opennic.glue. 7200 IN A 207.192.71.13 -ns8.opennic.glue. 7200 IN A 178.63.116.152 -ns8.opennic.glue. 7200 IN AAAA 2a01:4f8:141:4281::999 -ns9.opennic.glue. 7200 IN A 174.138.48.29 -ns9.opennic.glue. 7200 IN AAAA 2604:a880:800:a1::2a:2001 -ns10.opennic.glue. 7200 IN A 188.226.146.136 -ns10.opennic.glue. 7200 IN AAAA 2001:470:1f04:ebf::2 -ns11.opennic.glue. 7200 IN A 45.55.97.204 -ns11.opennic.glue. 7200 IN AAAA 2604:a880:800:a1::14c1:1 -ns12.opennic.glue. 7200 IN A 79.124.7.81 -ns12.opennic.glue. 7200 IN AAAA 2a01:8740:1:ff13::ae67 \ No newline at end of file diff --git a/Archived/unbound/root.hints b/Archived/unbound/root.hints deleted file mode 100755 index 8f085dc..0000000 --- a/Archived/unbound/root.hints +++ /dev/null @@ -1,83 +0,0 @@ -. 86400 NS ns2.opennic.glue. -ns2.opennic.glue. 7200 A 161.97.219.84 -ns2.opennic.glue. 7200 AAAA 2001:470:4212:10:0:100:53:10 - -. 86400 NS ns3.opennic.glue. -ns3.opennic.glue. 7200 A 104.168.144.17 -ns3.opennic.glue. 7200 AAAA 2001:470:8269::53 - -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 diff --git a/Archived/unbound/unbound.conf b/Archived/unbound/unbound.conf deleted file mode 100755 index f0a0b68..0000000 --- a/Archived/unbound/unbound.conf +++ /dev/null @@ -1,60 +0,0 @@ - -# Unbound configuration file for Debian. -# -# See the unbound.conf(5) man page. -# -# See /usr/share/doc/unbound/examples/unbound.conf for a commented -# reference config file. -# -# The following line includes additional configuration files from the -# /etc/unbound/unbound.conf.d directory. - -include: "/etc/unbound/unbound.conf.d/*.conf" - -server: - directory: "/etc/unbound" - username: unbound - chroot: "/etc/unbound" - pidfile: "/etc/unbound/unbound.pid" - interface: 0.0.0.0@55 - interface: ::0@55 - access-control: 0.0.0.0/0 allow - access-control: ::/64 allow - logfile: "unbound.log" - statistics-interval: 0 - - do-ip4: yes - do-ip6: yes - do-udp: yes - do-tcp: yes - do-daemonize: yes - - prefetch: yes - qname-minimisation: yes - rrset-roundrobin: yes - use-caps-for-id: yes - verbosity: 0 - - #auto-trust-anchor-file: "root.key" - - hide-identity: yes - hide-version: yes - - minimal-responses: yes - - harden-short-bufsize: yes - harden-large-queries: yes - harden-glue: yes - harden-dnssec-stripped: yes - harden-below-nxdomain: yes - harden-referral-path: no - - do-not-query-localhost: no - - root-hints: "root.hints" - -# forward-zone: -# name: "." -# forward-addr: 185.228.168.9@853 -# forward-ssl-upstream: yes -# forward-first: yes diff --git a/Archived/unbound/unbound.conf.d/opennic.root.conf b/Archived/unbound/unbound.conf.d/opennic.root.conf deleted file mode 100755 index d5521be..0000000 --- a/Archived/unbound/unbound.conf.d/opennic.root.conf +++ /dev/null @@ -1,531 +0,0 @@ -server: -domain-insecure: "opennic.glue" - -auth-zone: - name: "opennic.glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/opennic.glue" - master: 161.97.219.84 - - - - - - -server: -domain-insecure: "dns.opennic.glue" - -auth-zone: - name: "dns.opennic.glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/dns.opennic.glue" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "micro" - -auth-zone: - name: "micro" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/micro" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "ing" - -auth-zone: - name: "ing" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ing" - master: 161.97.219.84 - - - - - - - - - -server: -domain-insecure: "glue" - -auth-zone: - name: "glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/glue" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "bbs" - -auth-zone: - name: "bbs" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bbs" - master: 161.97.219.84 - - - - - - - - - -server: -domain-insecure: "bit" - -auth-zone: - name: "bit" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bit" - master: 161.97.219.84 - - - -server: -domain-insecure: "chan" - -auth-zone: - name: "chan" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/chan" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "dyn" - -auth-zone: - name: "dyn" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/dyn" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "free" - -auth-zone: - name: "free" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/free" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "fur" - -auth-zone: - name: "fur" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/fur" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "geek" - -auth-zone: - name: "geek" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/geek" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "gopher" - -auth-zone: - name: "gopher" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/gopher" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "indy" - -auth-zone: - name: "indy" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/indy" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "libre" - -auth-zone: - name: "libre" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/libre" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "neo" - -auth-zone: - name: "neo" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/neo" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "null" - -auth-zone: - name: "null" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/null" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "oss" - -auth-zone: - name: "oss" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/oss" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "oz" - -auth-zone: - name: "oz" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/oz" - master: 161.97.219.84 - - - - - - -server: -domain-insecure: "parody" - -auth-zone: - name: "parody" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/parody" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "pirate" - -auth-zone: - name: "pirate" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/pirate" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "o" - -auth-zone: - name: "o" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/o" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "lib" - -auth-zone: - name: "lib" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/lib" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "coin" - -auth-zone: - name: "coin" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/coin" - master: 161.97.219.84 - - - - - - -server: -domain-insecure: "emc" - -auth-zone: - name: "emc" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/emc" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "bazar" - -auth-zone: - name: "bazar" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bazar" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "cyb" - -auth-zone: - name: "cyb" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/cyb" - master: 161.97.219.84 - - - - - - - -server: -domain-insecure: "ku" - -auth-zone: - name: "ku" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ku" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "te" - -auth-zone: - name: "te" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/te" - master: 161.97.219.84 - - - - - - - - -server: -domain-insecure: "uu" - -auth-zone: - name: "uu" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/uu" - master: 161.97.219.84 - - - - - - -server: -domain-insecure: "ti" - -auth-zone: - name: "ti" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ti" - master: 161.97.219.84 - - - - - - - diff --git a/Archived/unbound/unbound.conf.d/qname-minimisation.conf b/Archived/unbound/unbound.conf.d/qname-minimisation.conf deleted file mode 100755 index 94a2ab0..0000000 --- a/Archived/unbound/unbound.conf.d/qname-minimisation.conf +++ /dev/null @@ -1,9 +0,0 @@ -server: - # Send minimum amount of information to upstream servers to enhance - # privacy. Only sends minimum required labels of the QNAME and sets - # QTYPE to NS when possible. - - # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for - # details. - - qname-minimisation: yes diff --git a/Archived/unbound/unbound.conf.d/root.zone.conf b/Archived/unbound/unbound.conf.d/root.zone.conf deleted file mode 100755 index 1075ec3..0000000 --- a/Archived/unbound/unbound.conf.d/root.zone.conf +++ /dev/null @@ -1,16 +0,0 @@ -auth-zone: - name: "." - for-downstream: no - for-upstream: yes - fallback-enabled: yes - zonefile: "tld.zone" - master: 199.9.14.201 - master: 192.36.148.17 - master: 192.203.230 - master: 199.7.91.13 - master: 2001:503:ba3e::2:30 - master: 2001:500:84::b - master: 2001:500:2f::f - master: 2001:7fd::1 - master: 2620:0:2830:202::132 - master: 2620:0:2d0:202::132 \ No newline at end of file diff --git a/FAQ.md b/FAQ.md index 2295e8b..5ba14cf 100755 --- a/FAQ.md +++ b/FAQ.md @@ -24,24 +24,29 @@ curl -H 'content-type: application/dns-message' -vL -v 'https://doh-de.blahdns.c curl -H 'content-type: application/dns-message' -vL -v 'https://doh-ch.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C -// Kdig TLS with port 853, port 443 force include SNI (updated on July 19, 2019) +// Kdig on Ubuntu, Debian +apt install knot-dnsutils -kdig example.com @108.61.201.119 +tls -kdig example.com @2001:19f0:7001:1ded:5400:1ff:fe90:945b +tls -kdig example.com @159.69.198.101 +tls -kdig example.com @2a01:4f8:1c1c:6b4b::1 +tls -kdig example.com @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 +tls +// Kdig TLS with port 853, port 443 force include SNI (updated on August 1, 2019) -kdig example.com @108.61.201.119 +tls -p 443 +tls-sni=dot-jp.blahdns.com -kdig example.com @159.69.198.101 +tls -p 443 +tls-sni=dot-de.blahdns.com -kdig example.com @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 +tls +tls-sni=dot-ch.blahdns.com +kdig @108.61.201.119 +tls example.com +kdig @2001:19f0:7001:1ded:5400:1ff:fe90:945b +tls example.com +kdig @159.69.198.101 +tls example.com +kdig @2a01:4f8:1c1c:6b4b::1 +tls example.com +kdig @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 +tls example.com + +kdig @108.61.201.119 +tls -p 443 +tls-sni=dot-jp.blahdns.com example.com +kdig @159.69.198.101 +tls -p 443 +tls-sni=dot-de.blahdns.com example.com +kdig @2a01:4f8:1c1c:6b4b::1 +tls -p 443 +tls-sni=dot-de.blahdns.com example.com +kdig @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 +tls +tls-sni=dot-ch.blahdns.com example.com // TLS certificate validation kdig -d @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 +tls-sni=dot-ch.blahdns.com +tls-ca +tls-host=dot-ch.blahdns.com example.com kdig -d @108.61.201.119 -p 443 +tls-sni=dot-jp.blahdns.com +tls-ca +tls-host=dot-jp.blahdns.com example.com kdig -d @2001:19f0:7001:1ded:5400:1ff:fe90:945b -p 443 +tls-sni=dot-jp.blahdns.com +tls-ca +tls-host=dot-jp.blahdns.com example.com kdig -d @159.69.198.101 -p 443 +tls-sni=dot-de.blahdns.com +tls-ca +tls-host=dot-de.blahdns.com example.com -kdig -d @159.69.198.101 -p 443 +tls-sni=dot-de.blahdns.com +tls-ca +tls-host=dot-de.blahdns.com example.com +kdig -d @2a0a:e5c0:2:2:0:c8ff:fe68:bf48 -p 443 +tls-sni=dot-de.blahdns.com +tls-ca +tls-host=dot-de.blahdns.com example.com + ``` ## Mac OSX Mojave use Openssl TLS 1.3 diff --git a/LICENSE b/LICENSE deleted file mode 100755 index cf7d6fc..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2018 Oo Kang Zheng - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md index 8eaea46..fbb523f 100755 --- a/README.md +++ b/README.md @@ -1,9 +1,13 @@ * If you are developer using those services, both are blocked by default. `data.mob.com, google-analytics, googleadservices, amazon-adsystem, crashlytics.com analytics.yahoo, doubleclick.net, hm.baidu.com, etc.. ` -* Switzerland server is online, DoT added Port 853 (July 19, 2019) 🥂 +* Japan server has been reinstall and updated to Vultr High frequency VPS for faster speed at August 2, 2019 🥳 -* Germany and Japan server certs both renewed at June 25, 2019 🥳 +* Germany server has been reinstall at August 2, 2019 🥳 + +* Switzerland server is online, DoT added Port 443, 853 (July 19, 2019) 🥂 + +* Germany and Japan server certs both renewed at August 2, 2019 🥳 * For more old announcements, go [here](https://github.com/ookangzheng/blahdns/issues/36) @@ -14,35 +18,26 @@ * No ECS, DNSSEC ready, No logs, OpenNIC ## Server status -* Server status [UPTimeRobot](https://stats.blahdns.com) | [Dnsprivacy.org](https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/) +* Server status [UpTimeRobot](https://stats.blahdns.com) | [Dnsprivacy.org](https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/) ## Server architecture ```bash Server (August 2, 2019 -- Germany, Japan) |-- Let's Encrypt SSL -<<<<<<< HEAD -|-- Knot-resolver (Rpz, OpenNIC, Icann) -======= |-- Knot-resolver (OpenNIC, ICANN) ->>>>>>> a1b78f4... Update README.md | |-- DNSCryptv2 (dnsdist, port 8443) | |-- doh-server (DoH, GET, POST -- m13253) | |-- |-- DoH (HAProxy, port 443, TLS 1.3, require SNI) |-- DoT (HAProxy, port 853, 443, TLS 1.3, require SNI) -<<<<<<< HEAD -Server (July 29, 2019 -- Switzerland) -|-- Let's Encrypt SSL -|-- Knot-resolver (Rpz, OpenNIC, Icann) -======= Server (August 2, 2019 -- Switzerland) |-- Let's Encrypt SSL |-- Knot-resolver (OpenNIC, ICANN, forward-upstream to quad9) ->>>>>>> a1b78f4... Update README.md | |-- DNSCryptv2 (dnsdist, port 8443) -| |-- DoT (dnsdist, port 853, TLS 1.3) -| |-- DoH (dnsdist, port 443, TLS 1.3) +| |-- doh-server (DoH, GET, POST -- m13253) +| |-- |-- DoH (HAProxy, port 443, TLS 1.3, require SNI) +|-- DoT (HAProxy, port 853, 443, TLS 1.3, require SNI) ``` ## Config file / Client @@ -57,8 +52,7 @@ Server (August 2, 2019 -- Switzerland) * DNS-over-HTTPS: * https://doh-ch.blahdns.com/dns-query * IPv6: sdns://AgMAAAAAAAAAIFsyYTBhOmU1YzA6MjoyOjA6YzhmZjpmZTY4OmJmNDhdABJkb2gtY2guYmxhaGRucy5jb20KL2Rucy1xdWVyeQ - - * DNS-over-TLS: dot-ch.blahdns.com, ports 853 + * DNS-over-TLS: dot-ch.blahdns.com, ports 853, 443 * DNSCrypt v2, port 8443: * IPv6: sdns://AQMAAAAAAAAAJVsyYTBhOmU1YzA6MjoyOjA6YzhmZjpmZTY4OmJmNDhdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t diff --git a/client-conf/img-source/._nebulo-doh.jpg b/client-conf/img-source/._nebulo-doh.jpg deleted file mode 100755 index 7596631..0000000 Binary files a/client-conf/img-source/._nebulo-doh.jpg and /dev/null differ diff --git a/client-conf/img-source/._nebulo-dot.jpg b/client-conf/img-source/._nebulo-dot.jpg deleted file mode 100755 index e91067d..0000000 Binary files a/client-conf/img-source/._nebulo-dot.jpg and /dev/null differ diff --git a/client-conf/stubby/stubby.yml b/client-conf/stubby/stubby.yml index c24b33b..333314d 100755 --- a/client-conf/stubby/stubby.yml +++ b/client-conf/stubby/stubby.yml @@ -1,5 +1,4 @@ -## TLS_pubkey_pinset updated on July 19, 2019 -## expires `2019-09-23 07:04:40 UTC' +## TLS_pubkey_pinset updated on August 1, 2019 resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: @@ -18,66 +17,73 @@ listen_addresses: - 0::1@54 upstream_recursive_servers: + - address_data: 108.61.201.119 + tls_port: 443 + tls_auth_name: "dot-jp.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= + + - address_data: 108.61.201.119 + tls_port: 853 + tls_auth_name: "dot-jp.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= + - address_data: 159.69.198.101 + tls_port: 443 + tls_auth_name: "dot-de.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: sYrnkH4aRY6M9eP1Uut38GNTXK0xg7wD+Euy/xdW9xc= + + - address_data: 159.69.198.101 + tls_port: 853 + tls_auth_name: "dot-de.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: sYrnkH4aRY6M9eP1Uut38GNTXK0xg7wD+Euy/xdW9xc= + + - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b + tls_port: 443 + tls_auth_name: "dot-jp.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= + + - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b + tls_port: 853 + tls_auth_name: "dot-jp.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= + + - address_data: 2a01:4f8:1c1c:6b4b::1 + tls_port: 443 + tls_auth_name: "dot-de.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: sYrnkH4aRY6M9eP1Uut38GNTXK0xg7wD+Euy/xdW9xc= + + - address_data: 2a01:4f8:1c1c:6b4b::1 + tls_port: 853 + tls_auth_name: "dot-de.blahdns.com" + tls_pubkey_pinset: + - digest: "sha256" + value: sYrnkH4aRY6M9eP1Uut38GNTXK0xg7wD+Euy/xdW9xc= + - address_data: 2a0a:e5c0:2:2:0:c8ff:fe68:bf48 tls_port: 853 tls_auth_name: "dot-ch.blahdns.com" tls_pubkey_pinset: - digest: "sha256" value: i1jLFbRK0/Aj/eQO4qxG6SqlJOCf70zwJb3z7JDFyPs= - - - address_data: 108.61.201.119 - tls_port: 443 - tls_auth_name: "dot-jp.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= - - address_data: 108.61.201.119 - tls_port: 853 - tls_auth_name: "dot-jp.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= - - - address_data: 159.69.198.101 + - address_data: 2a0a:e5c0:2:2:0:c8ff:fe68:bf48 tls_port: 443 - tls_auth_name: "dot-de.blahdns.com" + tls_auth_name: "dot-ch.blahdns.com" tls_pubkey_pinset: - digest: "sha256" - value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c= - - - address_data: 159.69.198.101 - tls_port: 853 - tls_auth_name: "dot-de.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c= - - - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b - tls_port: 443 - tls_auth_name: "dot-jp.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= - - - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b - tls_port: 853 - tls_auth_name: "dot-jp.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4= - - - address_data: 2a01:4f8:1c1c:6b4b::1 - tls_port: 443 - tls_auth_name: "dot-de.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c= - - - address_data: 2a01:4f8:1c1c:6b4b::1 - tls_port: 853 - tls_auth_name: "dot-de.blahdns.com" - tls_pubkey_pinset: - - digest: "sha256" - value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c= + value: i1jLFbRK0/Aj/eQO4qxG6SqlJOCf70zwJb3z7JDFyPs= + diff --git a/server-conf/dnsdist.conf b/server-conf/dnsdist.conf deleted file mode 100755 index 26e3c52..0000000 --- a/server-conf/dnsdist.conf +++ /dev/null @@ -1,52 +0,0 @@ --- When an IPv6 IP:PORT combination is needed, the bracketed syntax from RFC 3986 should be used. e.g. “[2001:DB8:14::C0FF:FEE]:5300” --- https://dnsdist.org/reference/config.html?highlight=servfail - ---addTLSLocal('0.0.0.0', '/etc/letsencrypt/live/dns.jp.blahdns.com/fullchain.pem', '/etc/letsencrypt/live/dns.jp.blahdns.com/privkey.pem', { doTCP=true, reusePort=true }) ---addTLSLocal("[::]", '/etc/letsencrypt/live/dns.jp.blahdns.com/fullchain.pem', '/etc/letsencrypt/live/dns.jp.blahdns.com/privkey.pem', { doTCP=true, reusePort=true}) - -addDNSCryptBind("0.0.0.0:8443", "2.dnscrypt-cert.blahdns.com", "/etc/dnsdist/ssl.cert", "/etc/dnsdist/ssl.key") -addDNSCryptBind("[::]:8443", "2.dnscrypt-cert.blahdns.com", "/etc/dnsdist/ssl.cert", "/etc/dnsdist/ssl.key") - -addLocal('0.0.0.0:53', { doTCP=true, reusePort=true}) -addLocal('[::]:53', { doTCP=true, reusePort=true}) - -addAction(MaxQPSIPRule(10, 32, 48), DropAction()) -addAction(QTypeRule(dnsdist.ANY) ,DropAction()) -addAction(QTypeRule(dnsdist.PTR) ,DropAction()) - --- Force TCP -addAction(AndRule({NotRule(OrRule({QTypeRule(dnsdist.TXT), QTypeRule(dnsdist.A), QTypeRule(dnsdist.AAAA)})),TCPRule(false)}), TCAction()) - - -setACL({'0.0.0.0/0', '::/0' }) - --- https://dnsdist.org/reference/constants.html#dnsaction --- https://dnsdist.org/rules-actions.html#addLuaAction --- https://stackoverflow.com/questions/11271547/does-lua-have-or-comparisons - -local dbr = dynBlockRulesGroup() -dbr:setQTypeRate(dnsdist.PTR, 5, 10, "Exceeded PTR rate", 60) -dbr:setQTypeRate(dnsdist.TXT, 5, 10, "Exceeded TXT rate", 60) -dbr:setQTypeRate(dnsdist.SOA, 5, 10, "Exceeded SOA rate", 60) -dbr:setQTypeRate(dnsdist.MX, 3, 10, "Exceeded MX rate", 60) -dbr:setQTypeRate(dnsdist.SRV, 3, 10, "Exceeded SRV rate", 60) -dbr:setQTypeRate(dnsdist.NS, 3, 10, "Exceeded PTR rate", 60) -dbr:setQTypeRate(dnsdist.SIG, 3, 10, "Exceeded PTR rate", 60) - -function maintenance() - dbr:apply() -end - -newServer({address="127.0.0.1:50", checkType="A", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false}) -newServer({address="[::1]:50", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false}) - -newServer({address="[::1]:51", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false}) --- function luarule(dq) --- if(dq.qtype==dnsdist.ANY) --- then --- return DNSAction.ServFail --- else --- return DNSAction.None --- end --- end --- addLuaAction(AllRule(), luarule) diff --git a/server-conf/fail2ban.sh b/server-conf/fail2ban.sh deleted file mode 100755 index 8a4c6f8..0000000 --- a/server-conf/fail2ban.sh +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/bash - -CHECK_OS(){ - if [[ -f /etc/redhat-release ]];then - release="centos" - elif cat /etc/issue | grep -q -E -i "debian";then - release="debian" - elif cat /etc/issue | grep -q -E -i "ubuntu";then - release="ubuntu" - elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then - release="centos" - elif cat /proc/version | grep -q -E -i "debian";then - release="debian" - elif cat /proc/version | grep -q -E -i "ubuntu";then - release="ubuntu" - elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then - release="centos" - fi -} - -GET_SETTING_FAIL2BAN_INFO(){ - read -p "允许SSH登陆失败次数,默认10:" BLOCKING_THRESHOLD - if [[ ${BLOCKING_THRESHOLD} = "" ]];then - BLOCKING_THRESHOLD='10' - fi - - read -p "SSH登陆失败次数超过${BLOCKING_THRESHOLD}次时,封禁时长(h),默认8760:" BLOCKING_TIME_H - if [[ ${BLOCKING_TIME_H} = "" ]];then - BLOCKING_TIME_H='8760' - fi - - BLOCKING_TIME_S=$(expr ${BLOCKING_TIME_H} \* 3600) -} - -INSTALL_FAIL2BAN(){ - if [ ! -e /etc/fail2ban/jail.local ];then - CHECK_OS - case "${release}" in - centos) - GET_SETTING_FAIL2BAN_INFO - yum -y install epel-release - yum -y install fail2ban;; - debian|ubuntu) - GET_SETTING_FAIL2BAN_INFO - apt-get -y install fail2ban;; - *) - echo "请使用CentOS,Debian,Ubuntu系统.";; - esac - else - echo "fail2ban已经安装了.";exit - fi -} - -REMOVE_FAIL2BAN(){ - if [ -e /etc/fail2ban/jail.local ];then - CHECK_OS - case "${release}" in - centos) - service fail2ban stop - yum -y remove fail2ban - rm -rf /etc/fail2ban/jail.local;; - debian|ubuntu) - service fail2ban stop - apt-get -y remove fail2ban - rm -rf /etc/fail2ban/jail.local;; - esac - else - echo "fail2ban尚未安装.";exit - fi -} - -SETTING_FAIL2BAN(){ - CHECK_OS - case "${release}" in - centos) - echo "[DEFAULT] -ignoreip = 127.0.0.1 -bantime = 86400 -maxretry = 3 -findtime = 1800 - -[ssh-iptables] -enabled = true -filter = sshd -action = iptables[name=SSH, port=ssh, protocol=tcp] -logpath = /var/log/secure -maxretry = ${BLOCKING_THRESHOLD} -findtime = 3600 -bantime = ${BLOCKING_TIME_S}" > /etc/fail2ban/jail.local - if [ -e /usr/bin/systemctl ];then - systemctl restart fail2ban - systemctl enable fail2ban - systemctl restart sshd - else - service fail2ban restart - chkconfig fail2ban on - service ssh restart - fi;; - debian|ubuntu) - echo "[DEFAULT] -ignoreip = 127.0.0.1 -bantime = 86400 -maxretry = ${BLOCKING_THRESHOLD} -findtime = 1800 - -[ssh-iptables] -enabled = true -filter = sshd -action = iptables[name=SSH, port=ssh, protocol=tcp] -logpath = /var/log/auth.log -maxretry = ${BLOCKING_THRESHOLD} -findtime = 3600 -bantime = ${BLOCKING_TIME_S}" > /etc/fail2ban/jail.local - service fail2ban restart - service ssh restart;; - esac -} - -VIEW_RUN_LOG(){ - CHECK_OS - case "${release}" in - centos) - tail -f /var/log/secure;; - debian|ubuntu) - tail -f /var/log/auth.log;; - esac -} - -case "${1}" in - install) - INSTALL_FAIL2BAN - SETTING_FAIL2BAN;; - uninstall) - REMOVE_FAIL2BAN;; - status) - echo -e "\033[41;37m【进程】\033[0m";ps aux | grep fail2ban - echo;echo -e "\033[41;37m【状态】\033[0m";fail2ban-client ping - echo;echo -e "\033[41;37m【Service】\033[0m";service fail2ban status;; - blocklist|bl) - if [ -e /etc/fail2ban/jail.local ];then - fail2ban-client status ssh-iptables - else - echo "fail2ban尚未安装.";exit - fi;; - unlock|ul) - if [ -e /etc/fail2ban/jail.local ];then - if [[ "${2}" = "" ]];then - read -p "请输入需要解封的IP:" UNLOCK_IP - if [[ ${UNLOCK_IP} = "" ]];then - echo "不允许空值,请重试.";exit - else - fail2ban-client set ssh-iptables unbanip ${UNLOCK_IP} - fi - else - fail2ban-client set ssh-iptables unbanip ${2} - fi - else - echo "fail2ban尚未安装.";exit - fi;; - more) - echo "【参考文章】 -https://www.fail2ban.org -https://linux.cn/article-5067-1.html - -【更多命令】 -fail2ban-client -h";; - runlog) - VIEW_RUN_LOG;; - start) - service fail2ban start;; - stop) - service fail2ban stop;; - restart) - service fail2ban restart;; - *) - echo "bash fail2ban.sh {install|uninstall|runlog|more}" - echo "bash fail2ban.sh {start|stop|restart|status}" - echo "bash fail2ban.sh {blocklist|unlock}";; -esac - -#END diff --git a/server-conf/haproxy.cfg b/server-conf/haproxy.cfg deleted file mode 100755 index 86d4ee2..0000000 --- a/server-conf/haproxy.cfg +++ /dev/null @@ -1,151 +0,0 @@ -## NEW HTTP2 CONFIG ### -## Thanks to DNSWARDEN.com author: @bhanupratapys - -global - no log - chroot /var/lib/haproxy - user haproxy - group haproxy - pidfile /var/run/haproxy.pid - tune.ssl.default-dh-param 2048 - - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - ssl-dh-param-file /etc/haproxy/dhparam.pem - ssl-default-bind-ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 - ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets -defaults - option dontlognull - retries 1 - timeout connect 5s - timeout check 5s - timeout queue 10s - timeout client 60s - timeout client-fin 1s - timeout server-fin 1s - timeout server 30s - timeout tunnel 10m - timeout http-request 10s - -#bind :::443 v4v6 ssl crt /etc/haproxy/dot-jp.blahdns.pem alpn h2,http/1.1 -#bind :::443 v4v6 tfo ssl crt /etc/haproxy/dot-jp.blahdns.pem - -frontend front_end_dot_853 - mode tcp - bind 0.0.0.0:853 - bind :::853 - acl tls req.ssl_hello_type 1 - tcp-request inspect-delay 2s - tcp-request content accept if tls - use_backend dot-uncensor if { req_ssl_sni -i dot-jp.blahdns.com } - default_backend dot-uncensor - -frontend front_end_doh_dot_443 - mode tcp - bind 0.0.0.0:443 - bind :::443 - acl tls req.ssl_hello_type 1 - tcp-request inspect-delay 2s - tcp-request content accept if tls - use_backend doh-front if { req_ssl_sni -i doh-jp.blahdns.com } - use_backend dot-uncensor if { req_ssl_sni -i dot-jp.blahdns.com } - default_backend dot-uncensor - -frontend dot-in-uncensor - mode tcp - bind 127.150.150.150:15000 ssl crt /etc/haproxy/dot-jp.blahdns.pem - default_backend dot-servers-uncensor - -frontend doh-in - mode http - bind 127.250.250.250:25000 ssl crt /etc/haproxy/dot-jp.blahdns.pem alpn h2 - acl adblock_url path_beg -i /dns-query - use_backend doh-servers-uncensor if adblock_url - - -backend dot-uncensor - mode tcp - #balance source - server dot-uncensor-haproxy-ssl 127.150.150.150:15000 check - -backend doh-front - mode tcp - #balance source - server doh-haproxy-ssl 127.250.250.250:25000 check - - -backend dot-servers-uncensor - mode tcp - server dns-uncensor 127.0.0.1:50 - - -backend doh-servers-uncensor - mode http - http-response del-header server - http-response del-header x-powered-by - http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" - server doh-proxy-uncensor 127.0.0.1:3000 - -### End #### - -### Start old config as backup, igonre it ### - -global - #log /dev/log local0 - no log - chroot /var/lib/haproxy - user haproxy - group haproxy - maxconn 3000 - pidfile /var/run/haproxy.pid - tune.ssl.default-dh-param 2048 - #ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20 - ssl-default-bind-ciphers TLS13-CHACHA20-POLY1305-SHA256:EECDH+CHACHA20:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 - ssl-default-bind-options no-tls-tickets no-sslv3 no-tlsv10 no-tlsv11 - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - -defaults - option dontlognull - option http-server-close - retries 1 - option http-use-htx - maxconn 3000 - timeout check 5s - timeout queue 10s - timeout client 30s - timeout client-fin 3s - timeout server-fin 3s - timeout server 30s - timeout tunnel 5m - timeout http-request 10s - option http-keep-alive - -frontend doh-in - #mode tcp - no log - #bind *:443 ssl crt /etc/haproxy/dot-jp.blahdns.pem alpn h2 - bind :::443 v4v6 tfo ssl crt /etc/haproxy/dot-jp.blahdns.pem - http-response set-header Strict-Transport-Security "max-age=31536000" - tcp-request inspect-delay 2s - tcp-request content accept if HTTP - tcp-request content accept if { req.ssl_hello_type 1 } - use_backend dot-server if { req.ssl_hello_type 1 } - acl dns_url path_beg -i /dns-query - - use_backend doh-server if dns_url - #use_backend doh-server if HTTP - default_backend dot-server - -#listen http-in - -backend dot-server - mode tcp - server dns 127.0.0.1:50 maxconn 20 - -backend doh-server - #http-response set-header Strict-Transport-Security "max-age=31536000" - option forwardfor - server doh-proxy 127.0.0.1:3000 maxconn 20 diff --git a/server-conf/knot-tls.service b/server-conf/knot-tls.service deleted file mode 100755 index 5fa8a9c..0000000 --- a/server-conf/knot-tls.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Knot-tls -After=syslog.target -After=network.target - -[Service] -Type=simple -User=root -Group=root -WorkingDirectory=/etc/knot-resolver/ -ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s QUIT $MAINPID -ExecStartPre=/root/clean.sh -ExecStartPost=/bin/sleep 0.1 -ExecStart=kresd -c /etc/knot-resolver/kresd-tls.conf -f 1 -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/server-conf/kresd.conf b/server-conf/kresd.conf deleted file mode 100755 index 6b4fa7c..0000000 --- a/server-conf/kresd.conf +++ /dev/null @@ -1,72 +0,0 @@ -modules = { - 'policy', - 'hints > iterate', - 'serve_stale < cache', - 'workarounds < iterate', - 'predict' -} - ---modules.unload('cache') ---modules.unload('hints') ---modules.unload('priming') ---modules.unload('ta_sentinel') ---modules.unload('ta_signal_query') ---modules.unload('detect_time_jump') ---modules.unload('detect_time_skew') - -net.listen({'::1', '127.0.0.1'}, 55) -hints.add_hosts('/etc/knot-resolver/hints.list') - --- Disallow ANY & PTR queries -policy.add(function (req, query) - if query.stype == kres.type.ANY then - return policy.DROP - elseif query.stype == kres.type.PTR then - return policy.DROP - end -end) - ---policy.add(function (req, query) --- if query.stype == kres.type.TXT or query.stype == kres.type.SRV or query.stype == kres.type.NS or query.stype == kres.type.MX or query.stype == kres.type.SOA or query.stype == kres.type.PTR then --- return policy.TC --- end ---end) - --- qname minimalization true ---option('NO_MINIMIZE', false) - --- Cache size -cache.size = 150 * MB ---cache.min_ttl(300) --- Force cache timeout every 5 sec ---cache.max_ttl(5) - - - -policy.add(policy.rpz(policy.DENY, '/etc/knot-resolver/rpz.blacklist')) - --- OpenNIC -opennicTrees = policy.todnames({'uu','ti','te','ku','lib','emc','coin','baza','glue','parody','pirate','oss','oz','bit','dns.opennic.glue','bbs','chan','cyb','dyn','fur','gopher','geek','opennic.glue','o','neo','indy','libre', 'null'}) - --- Beware: the rule order is important, as STUB is not a chain action. -policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), opennicTrees)) -policy.add(policy.suffix(policy.STUB({'::1@52'}), opennicTrees)) - --- Disable cache -view:addr('0.0.0.0/0', policy.all(policy.FLAGS({'NO_CACHE'}))) -view:addr('::/0', policy.all(policy.FLAGS({'NO_CACHE'}))) - ---view:addr('198.252.153.0/24', function (req, qry) return policy.PASS end) ---view:addr('204.13.164.0/24', function (req, qry) return policy.PASS end) ---view:addr('199.254.238.0/24', function (req, qry) return policy.PASS end) ---view:addr('199.58.80.128/25', function (req, qry) return policy.PASS end) ---view:addr('199.58.81.137/25', function (req, qry) return policy.PASS end) ---view:addr('10.0.1.0/24', function (req, qry) return policy.PASS end) ---view:addr('10.0.2.0/24', function (req, qry) return policy.PASS end) ---view:addr('127.0.0.1', function (req, qry) return policy.PASS end) ---- Drop everything that hasn't matched --- view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end) --- policy.add(policy.all(policy.FORWARD('::1@51'))) - --- Disable dnssec, if need so --- trust_anchors.negative = { '.' } diff --git a/server-conf/monitor-kresd.sh b/server-conf/monitor-kresd.sh deleted file mode 100755 index 1477b04..0000000 --- a/server-conf/monitor-kresd.sh +++ /dev/null @@ -1,34 +0,0 @@ -#if lsof -Pi :50 -sUDP:LISTEN -t >/dev/null ; then -# echo "running" -#else -# echo "not running" -#fi - -#netstat -ln | grep ":50 " 2>&1 > /dev/null -#if [ $? -eq 1 ]; then -# echo Starting Meteor; -#fi - -!/bin/bash - -# Check if gedit is running -# -x flag only match processes whose name (or command line if -f is -# specified) exactly match the pattern. - -if ps -e | grep dnscrypt-wrap -then - echo "Dnscrypt wrapper is running" -else - /root/dns/dnscrypt-start.sh - echo "Dnscrypt is Stopped" -fi - -if pgrep -x "kresd" -then - echo "kresd is Running" -else - echo "kresd is Stopped and restart service " - /root/kresd.sh - #service knot-tls stop - #service knot-tls start -fi diff --git a/server-conf/restart.sh b/server-conf/restart.sh deleted file mode 100755 index 086768f..0000000 --- a/server-conf/restart.sh +++ /dev/null @@ -1,14 +0,0 @@ -## Cronjob every 6 hours clear logs and restart services - -cd /var/log - -rm -rf haproxy.log* -rm -rf daemon.log* -rm -rf messages* -rm -rf syslog* -rm -rf user* -rm -rf kern* -rm -rf debug* - -service haproxy restart -service doh-server restart diff --git a/server-conf/unbound/bind.keys b/server-conf/unbound/bind.keys deleted file mode 100755 index 1e04453..0000000 --- a/server-conf/unbound/bind.keys +++ /dev/null @@ -1,5 +0,0 @@ -trusted-keys { -. 257 3 8 "AwEAAaq+qqsdDHByq/DFR5/u23qcDNOQJzjYBcSfjrGNLdY2+vY+ubhu iz0hG1xk5D+dK78Eh58wZ3tQnsRr3bVNVfcovlx/rdwuw5blez2TT0Et 4IF/3b/RpMpCwSSOWTMGvi0EwIMNsjYWEZlRjcWku3cnAAvSD3YdaRW2 JCKsbkK5OQp2YjuQgIOL7J6f8mN6nkfAWd9L2U9H+TSEnx8gqqkXIEIR WcbdWN1FiCdy3L8CaHbZcttzx5lLOGrjPW+raXn+KaQSU+WW9n2PPOZb NUrQnsW/DJ+b+soNQQbhwFlp/av5VzaxB7/57vEKqj71x+Xu8S0sGpLc Xrkf5p3ri93ScLsJOT11fIlMRIwcKsWZEIIyYzuQeq8MoVTenvN6re/y 872Vb6JBHbBMk0JmsRwkXltz9PINWyvVyqM3PA1bJ4fz8QbqXnTnJiR/ yylhcE8rjPUtnf29NyDN7Co9JzPwnwE74F3k3R18w45L8E5Dt5it2PIA 9/rb6GDMrPAPsa1X82qNLzcboosMj9vT7Ofg8M+x2/VYt6u4xX4glZRa vyjTs6qGfzFS+Z44zrIP4CtNa0fL0AwJ/wsK4YJSX0xZ6/CJI/NNXeSg G5vfMw04kUDI9d9oO9jkAhYDmTaOI6C5nVTymAs3uje8/mZlo/pUSllB 0DkpTgd5PTAwQsA1"; -. 256 3 8 "AwEAAcnclWrEkYgk+zGEAtbUoFpkKojImn4go0WwsD3TyGq5Mp7Xb5yv yO3VzcGLyeMJ1p55PFTij4xXR+LiXlzdjIgvy8JloXDh6Pg3mhQ/x6YR aWjkstFbeTicyR94Q7ns7/0tqcR/4kjvcK/haViADuamvt0flv04wBeq ZaJBdj5TLYXfYCYr8QVvlryvHf6SCF9Xwgo/34iP+T0EH1yGL4HASeHL Cn8Kh5zTsIbefAvjkPPv7T23xeiT0FfJ4AJim9tMU5DYZFPU4J5Gtsk9 LIFBju5TAlbXf9nldM9WfESP/ZPBvLlrPeNzXrSEbyqkE72xtpr/3ckY jZd5aODWCmhp3tTc/UBcZxzw4IcJ3j5cmdTnrnOlLOA4DXnkB1Ts90BM G00ySdBeXeW0abKOiCH/qqdWlPR3jLEZth9y5WWHVIcY5JsjbpQnv85A YaQYzUA2W79oM1XoQ35EB5PHPs3lCMJ/42zDmbhJ2n7m2xx3DbCnzHTt H9Fsqi1+8s8LNQAbQeINBkiDeyeEpY2CFVz222zEusCOj/cbWuirBqMD WjIajMwBpF2z0x8FznahSEoR+djYNpXpv9pFcl4rYTCqnQcKy0PUoGrs 8X4OzLW7egrAWodF3z7KieAMyK09/0qBf7rtB8qOLR7NiFA/UYvkZTwz E74ZGP9Y4kOi0lA5"; -. 256 3 8 "AwEAAetFT8ZCzhqTOT7em1LxFynu1zwZXwu0qzSNtO8ABxfls+QfDMxB 4jUdOkAVJKG313bS9rHwUqG3Sg2fPGmdo4xzt3ps9/Tmh6c657r5zYTd tlAy3tjU2G7VUWnbwwHFAIe4R9ajnScvdNfFZpUalrxT3FsfLbTfhnt3 HZljYbyVYi9v8H+gweoBGfq5xIrNwKz4DNu217GWtZaOGhPcS2HYgqDD 0BuRxYwAkoiphcoHwc9QOHIMWlN9Wdw1+udpHZ43Oysp8EXqF2miYljd 3EprDthfZ0MU0xqbHzLbtPQCVQir3HymJxTbrpE1fpKbKyXlyRqSUxTL ONud5BQISb0="; -}; diff --git a/server-conf/unbound/opennic.hints b/server-conf/unbound/opennic.hints deleted file mode 100755 index 40c48d1..0000000 --- a/server-conf/unbound/opennic.hints +++ /dev/null @@ -1,26 +0,0 @@ -;; ANSWER SECTION: -. 86400 IN NS ns2.opennic.glue. -. 86400 IN NS ns6.opennic.glue. -. 86400 IN NS ns5.opennic.glue. -. 86400 IN NS ns8.opennic.glue. -. 86400 IN NS ns9.opennic.glue. -. 86400 IN NS ns10.opennic.glue. -. 86400 IN NS ns4.opennic.glue. - -;; ADDITIONAL SECTION: -ns2.opennic.glue. 7200 IN A 161.97.219.84 -ns2.opennic.glue. 7200 IN AAAA 2001:470:4212:10::100:53:10 -ns4.opennic.glue. 7200 IN A 163.172.168.171 -ns5.opennic.glue. 7200 IN A 94.103.153.176 -ns5.opennic.glue. 7200 IN AAAA 2a02:990:219:1:ba:1337:cafe:3 -ns6.opennic.glue. 7200 IN A 207.192.71.13 -ns8.opennic.glue. 7200 IN A 178.63.116.152 -ns8.opennic.glue. 7200 IN AAAA 2a01:4f8:141:4281::999 -ns9.opennic.glue. 7200 IN A 174.138.48.29 -ns9.opennic.glue. 7200 IN AAAA 2604:a880:800:a1::2a:2001 -ns10.opennic.glue. 7200 IN A 188.226.146.136 -ns10.opennic.glue. 7200 IN AAAA 2001:470:1f04:ebf::2 - -;; Query time: 212 msec -;; SERVER: 174.138.48.29#53(174.138.48.29) -;; WHEN: Wed Oct 31 15:28:13 CST 2018 \ No newline at end of file diff --git a/server-conf/unbound/unbound.conf b/server-conf/unbound/unbound.conf deleted file mode 100755 index 2aba02a..0000000 --- a/server-conf/unbound/unbound.conf +++ /dev/null @@ -1,127 +0,0 @@ -server: - interface: 127.0.0.1@48 - interface: ::1@48 - access-control: 127.0.0.1 allow - access-control: ::1 allow - #access-control: 0.0.0.0/0 allow - #access-control: ::/0 allow - prefer-ip6: yes - delay-close: 1500 - do-ip4: yes - do-ip6: yes - do-tcp: yes - do-udp: yes - do-not-query-localhost: no - verbosity: 0 - log-time-ascii: no - log-servfail: no - client-subnet-always-forward: yes - aggressive-nsec: yes - harden-dnssec-stripped: yes # if 'no', disable dnssec - harden-short-bufsize: yes - harden-large-queries: yes - harden-glue: yes - harden-below-nxdomain: yes - harden-referral-path: yes - use-caps-for-id: yes - qname-minimisation: yes - qname-minimisation-strict: no #some domain might be failed to request - so-reuseport: yes - minimal-responses: yes - deny-any: yes - - rrset-roundrobin: yes - prefetch: yes - prefetch-key: yes - - serve-expired: yes - serve-expired-ttl: 86400 # max 1 day - #serve-expired-ttl-reset: no - hide-identity: yes - hide-version: yes - hide-trustanchor: yes - edns-tcp-keepalive: yes - #edns-tcp-keepalive-timeout: 12000 # 2min - #tcp-idle-timeout: 30000 # 30 sec - - num-threads: 1 - msg-cache-slabs: 1 - rrset-cache-slabs: 1 - key-cache-slabs: 1 - infra-cache-slabs: 1 - - msg-cache-size: 54m # default 4m - rrset-cache-size: 108m # rrset=msg*2 # default 4m - key-cache-size: 54m # default 4m - neg-cache-size: 27m # default 1m - infra-cache-numhosts: 50000 - # dnscrypt-shared-secret-cache-size: 13m # default 4m - # dnscrypt-nonce-cache-size: 13m # default 4m - - outgoing-range: 4096 - incoming-num-tcp: 100 - outgoing-num-tcp: 100 - neg-cache-size: 25m - - unwanted-reply-threshold: 10000000 - cache-min-ttl: 90 - cache-max-ttl: 900 - infra-host-ttl: 3600 - val-bogus-ttl: 120 - cache-max-negative-ttl: 10 # Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. Default is 3600. This applies to nxdomain and nodata answers. - infra-cache-numhosts: 50000 - - auto-trust-anchor-file: "/var/lib/unbound/root.key" - - # Refence: https://github.com/publicarray/dns-resolver-infra/blob/master/unbound/unbound.conf - - local-zone: example. static - local-zone: local. static - local-zone: i2p. static - local-zone: home. static - local-zone: zghjccbob3n0. static - local-zone: dhcp. static - local-zone: lan. static - local-zone: localdomain. static - local-zone: ip. static - local-zone: internal. static - local-zone: openstacklocal. static - local-zone: dlink. static - local-zone: gateway. static - local-zone: corp. static - local-zone: workgroup. static - local-zone: belkin. static - local-zone: davolink. static - local-zone: z. static - local-zone: domain. static - local-zone: virtualmin. static - - private-address: 0.0.0.0/8 # Should not be on the Internet (only valid as source address) - private-address: 10.0.0.0/8 # Private networks - private-address: 127.0.0.0/8 # Loopback, spam-blocklists (RBL) (https://www.dnsbl.info/) e.g. "dig +short 0.0.0.0.zen.spamhaus.org" will stop working (https://www.spamhaus.org/zen/, https://www.spamhaus.org/faq/section/DNSBL%20Usage#202) - private-address: 169.254.0.0/16 # link-local (networks without DHCP) - private-address: 172.16.0.0/12 # Private networks - private-address: 192.168.0.0/16 # Private networks - private-address: 255.255.255.255/32 # Broadcast destination - ## IPv6 - private-address: ::/128 # Unspecified addresses (only valid as source address) - private-address: ::1/128 # Loopback - private-address: 2001:db8::/32 # Documentation addresses used for documentation purposes such as user manuals, RFCs, etc. (RFC3849) - # private-address: ::ffff:0:0/96 # IPv4-mapped IPv6 addresses (depreciated and should not be on the public internet) (blocks potentially valid addresses / gives wrong result from DNS Benchmark) - private-address: fe80::/10 # IP address autoconfiguration (link-local unicast, Private network) - private-address: fc00::/7 # Unique Local Addresses (Private network) - # private-address: fec0::/10 # Depreciated site networks - # private-address: 2002::/16 # 6to4 (deprecated) - # private-address: 64:ff9b::/96 # 6to4 "Well-Known" Prefix - # private-address: 2001::/32 # Teredo - private-address: 2001:10::/28 # ORCHID - # private-address: ff00::/8 # Multicast - ## Selected IPv4 mapped addresses from IPv4 above (fixes potentially wrong result from DNS Benchmark if blocking all of ::ffff:0:0/96) - private-address: ::ffff:0.0.0.0/120 # Private IPv4-mapped addresses - private-address: ::ffff:10.0.0.0/120 # Private IPv4-mapped addresses - private-address: ::ffff:127.0.0.1/120 # Loopback IPv4-mapped addresses, spam-blocklists (RBL) - private-address: ::ffff:169.254.0.0/112 # Link-local IPv4-mapped addresses - private-address: ::ffff:172.16.0.0/116 # Private IPv4-mapped addresses - private-address: ::ffff:192.168.0.0/112 # Private IPv4-mapped addresses - private-address: ::ffff:255.255.255.255/128 # Broadcast IPv4-mapped addresses - diff --git a/server-conf/unbound/unbound.conf.d/opennic.root.conf b/server-conf/unbound/unbound.conf.d/opennic.root.conf deleted file mode 100755 index b4f90dd..0000000 --- a/server-conf/unbound/unbound.conf.d/opennic.root.conf +++ /dev/null @@ -1,468 +0,0 @@ -server: -domain-insecure: "opennic.glue" - -auth-zone: - name: "opennic.glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/opennic.glue" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - -server: -domain-insecure: "dns.opennic.glue" - -auth-zone: - name: "dns.opennic.glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/dns.opennic.glue" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "micro" - -auth-zone: - name: "micro" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/micro" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "ing" - -auth-zone: - name: "ing" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ing" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "glue" - -auth-zone: - name: "glue" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/glue" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "bbs" - -auth-zone: - name: "bbs" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bbs" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "bit" - -auth-zone: - name: "bit" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bit" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "chan" - -auth-zone: - name: "chan" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/chan" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "dyn" - -auth-zone: - name: "dyn" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/dyn" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "free" - -auth-zone: - name: "free" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/free" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "fur" - -auth-zone: - name: "fur" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/fur" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "geek" - -auth-zone: - name: "geek" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/geek" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "gopher" - -auth-zone: - name: "gopher" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/gopher" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "indy" - -auth-zone: - name: "indy" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/indy" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "libre" - -auth-zone: - name: "libre" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/libre" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "neo" - -auth-zone: - name: "neo" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/neo" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "null" - -auth-zone: - name: "null" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/null" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "oss" - -auth-zone: - name: "oss" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/oss" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "oz" - -auth-zone: - name: "oz" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/oz" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "parody" - -auth-zone: - name: "parody" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/parody" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "pirate" - -auth-zone: - name: "pirate" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/pirate" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "o" - -auth-zone: - name: "o" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/o" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "lib" - -auth-zone: - name: "lib" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/lib" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "coin" - -auth-zone: - name: "coin" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/coin" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - -server: -domain-insecure: "emc" - -auth-zone: - name: "emc" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/emc" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "bazar" - -auth-zone: - name: "bazar" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/bazar" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "cyb" - -auth-zone: - name: "cyb" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/cyb" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - -server: -domain-insecure: "ku" - -auth-zone: - name: "ku" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ku" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "te" - -auth-zone: - name: "te" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/te" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - - - -server: -domain-insecure: "uu" - -auth-zone: - name: "uu" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/uu" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 - -server: -domain-insecure: "ti" - -auth-zone: - name: "ti" - for-downstream: no - for-upstream: yes - fallback-enabled: no - zonefile: "opennic.zone.d/ti" - master: 2a02:2770:15:0:21a:4aff:fefe:55e5 - master: 84.22.107.90 - master: 185.121.177.177 - master: 2a05:dfc7:5353::53 diff --git a/website/index.html b/website/index.html index c793b30..e55a5e8 100755 --- a/website/index.html +++ b/website/index.html @@ -41,9 +41,9 @@ No logs | No EDNS Client-Subnet | OpenNIC TLDs | DNSSEC ready | Filtered some ads, trackers, malware