Re init git

client-conf/DoT-or-DoH-Android.md

@@ -0,0 +1,46 @@
+## DoT and DoH on Android
+
+### Solution 1 with Nebulo app
+
+1. Use app [Nebulo](https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen)
+2. Follow tutorial down below to setup blahdns
+  1. Manually type or download a server config file from [HERE](https://smokescreen.app/servers/adblockers)
+
+**DoH**
+
+
+<img src="https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/nebulo-doh.jpg" alt="Your image title" width="250"/>
+
+
+**DoT**
+
+
+<img src="https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/nebulo-dot.jpg" alt="Your image title" width="250"/>
+
+
+### Solution 2 with personalDNSfilter app (Android)
+
+App download: [https://zenz-solutions.de/personaldnsfilter](https://zenz-solutions.de/personaldnsfilter)
+
+
+**Config file**
+
+```
+[2001:19f0:7001:1ded:5400:01ff:fe90:945b]::853::DoT
+108.61.201.119::853::DoT
+[2001:19f0:7001:1ded:5400:01ff:fe90:945b]::443::DoH::https://doh-jp.blahdns.com/dns-query
+108.61.201.119::443::DoH::https://doh-jp.blahdns.com
+
+```
+
+
+<img src="https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/personal-dnsfilter-1.jpg" alt="Your image title" width="250"/>
+<img src="https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/personal-dns-filter2.jpg" alt="Your image title" width="250"/>
+
+
+### Solution 3 Android Pie 
+
+For Android 9 Pie user, Go to Setting -> Wi-Fi -> Private DNS 
+
+<img src="http://m.psyself.com/content/images/2018/08/Screenshot_20180807-102253-1.png" alt="Your image title" width="250"/>
+

client-conf/README.md

@@ -0,0 +1,105 @@
+## Android DoT / DoH config
+
+Go [HERE](https://github.com/ookangzheng/blahdns/blob/master/client-conf/DoT-or-DoH-Android.md)
+
+## Dnscrypt-proxy
+
+Go [HERE](https://github.com/ookangzheng/blahdns/tree/master/client-conf/dnscrypt)
+
+## Knot-resolver
+
+```bash
+-- Load useful modules
+modules = {
+        'policy',
+        'hints > iterate',  -- Load /etc/hosts and allow custom root hints
+--      'stats',            -- Track internal statistics
+--      'predict',          -- Prefetch expiring/frequent records
+}
+net.listen({'::1', '127.0.0.1'}, 53)
+-- Cache size
+cache.size = 100 * MB
+
+-- To disable DNSSEC validation, uncomment the following line (not recommended)
+trust_anchors.remove('.')
+
+-- Forward queries to Blahdns
+policy.add(policy.all(policy.TLS_FORWARD({{'159.69.198.101@443', hostname='dot-de.blahdns.com', ca_file='/etc/ssl/certs/ca-certificates.crt'}})))
+policy.add(policy.all(policy.TLS_FORWARD({{'108.61.201.119@853', hostname='dot-jp.blahdns.com', ca_file='/etc/ssl/certs/ca-certificates.crt'}})))
+policy.add(policy.all(policy.TLS_FORWARD({{'2a0a:e5c0:2:2:0:c8ff:fe68:bf48@853', hostname='dot-ch.blahdns.com', ca_file='/etc/ssl/certs/ca-certificates.crt'}})))
+
+```
+
+## Unbound 
+
+```bash
+# /etc/unbound/unbound.conf
+
+    include: "/etc/unbound/unbound.conf.d/*.conf"
+    verbosity: 1
+    tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
+    interface: 127.0.0.1@53
+    interface: 0::1@53
+    harden-dnssec-stripped: no # disable DNSSEC
+    do-not-query-localhost: no
+
+forward-zone:
+  name: "."
+  forward-tls-upstream: yes
+  forward-addr: 2a0a:e5c0:2:2:0:c8ff:fe68:bf48@853#dot-ch.blahdns.com
+  forward-addr: 108.61.201.119@853#dot-jp.blahdns.com
+  forward-addr: 2001:19f0:7001:1ded:5400:1ff:fe90:945b@443#dot-jp.blahdns.com
+  forward-addr: 159.69.198.101@853#dot-de.blahdns.com
+  forward-addr:2a01:4f8:1c1c:6b4b::1@443#dot-de.blahdns.com
+
+  #forward-addr: 116.203.70.156@443#uncensored-dot.dnswarden.com
+```
+
+## Stubby
+
+Go [HERE](https://github.com/ookangzheng/blahdns/tree/master/client-conf/stubby)
+
+
+## Windows
+Simplednscrypt -> https://simplednscrypt.org/ and install
+
+![](https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/blahdns-1.png?raw=true)
+![](https://github.com/ookangzheng/blahdns/raw/master/client-conf/img-source/blahdns-2.png?raw=true)
+
+## Kdig
+```bash
+kdig google.com @dot-jp.blahdns.com +tls
+```
+## getdns
+```bash
+sudo apt install getdns-utils
+getdns_query @108.61.201.119 -s -L -A www.google.com
+```
+
+## Curl
+```bash
+curl -H 'accept: application/dns-json' 'https://doh-jp.blahdns.com/dns-query?name=www.google.com&type=A'
+```
+
+## Facebook python doh-proxy
+```bash
+sudo apt install python3-pip python3-setuptools python3-wheel
+sudo -H pip3 install doh-proxy
+doh-client --domain doh-jp.blahdns.com --qname google.com --qtype A
+```
+
+## Linux-systemd
+```bash
+nano /etc/systemd/resolved.conf
+
+DNS=108.61.201.119 159.69.198.101
+DNSOverTLS=opportunistic
+
+// Save and restart service
+sudo systemctl restart systemd-resolved
+// Check settings
+resolvectl status
+resolvectl query dot-jp.blahdns.com -t A
+```
+
+

client-conf/dnscrypt/dnscrypt-proxy.toml

@@ -0,0 +1,44 @@
+# Updated on July 19, 2019
+server_names = ['blahdns-ch-doh-v6', 'blahdns-ch-dnscrypt-v6', 'blahdns-jp-doh','blahdns-de-doh','blahdns-jp-dnscrypt-v4','blahdns-de-dnscrypt-v4']
+listen_addresses = ['127.0.0.1:53', '[::1]:53']
+max_clients = 250
+force_tcp = false
+timeout = 2000
+keepalive = 30
+
+# Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
+lb_strategy = 'p2'
+fallback_resolver = '9.9.9.9:53'
+ignore_system_dns = false
+netprobe_timeout = 30
+cache = false
+cache_size = 512
+cache_min_ttl = 90
+cache_max_ttl = 1800
+cache_neg_min_ttl = 2
+cache_neg_max_ttl = 6
+
+[static]
+
+[static.'blahdns-ch-doh-v6']
+stamp = 'sdns://AgMAAAAAAAAAIFsyYTBhOmU1YzA6MjoyOjA6YzhmZjpmZTY4OmJmNDhdABJkb2gtY2guYmxhaGRucy5jb20KL2Rucy1xdWVyeQ'
+[static.'blahdns-ch-dnscrypt-v6']
+stamp = 'sdns://AQMAAAAAAAAAJVsyYTBhOmU1YzA6MjoyOjA6YzhmZjpmZTY4OmJmNDhdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t'
+
+[static.'blahdns-jp-doh']
+stamp = 'sdns://AgMAAAAAAAAADjEwOC42MS4yMDEuMTE5ABJkb2gtanAuYmxhaGRucy5jb20KL2Rucy1xdWVyeQ'
+[static.'blahdns-jp-doh-v6']
+stamp = 'sdns://AgMAAAAAAAAAKVsyMDAxOjE5ZjA6NzAwMToxZGVkOjU0MDA6MDFmZjpmZTkwOjk0NWJdABJkb2gtanAuYmxhaGRucy5jb20KL2Rucy1xdWVyeQ'
+[static.'blahdns-jp-dnscrypt-v4']
+stamp = 'sdns://AQMAAAAAAAAAEzEwOC42MS4yMDEuMTE5Ojg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t'
+[static.'blahdns-jp-dnscrypt-v6']
+stamp = 'sdns://AQMAAAAAAAAALlsyMDAxOjE5ZjA6NzAwMToxZGVkOjU0MDA6MDFmZjpmZTkwOjk0NWJdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t'
+
+[static.'blahdns-de-doh']
+stamp = 'sdns://AgMAAAAAAAAADjE1OS42OS4xOTguMTAxABJkb2gtZGUuYmxhaGRucy5jb20KL2Rucy1xdWVyeQ'
+[static.'blahdns-de-doh-v6']
+stamp = 'sdns://AgMAAAAAAAAAF1syYTAxOjRmODoxYzFjOjZiNGI6OjFdABJkb2gtZGUuYmxhaGRucy5jb20KL2Rucy1xdWVyeQ'
+[static.'blahdns-de-dnscrypt-v4']
+stamp = 'sdns://AQMAAAAAAAAAEzE1OS42OS4xOTguMTAxOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t'
+[static.'blahdns-de-dnscrypt-v6']
+stamp = 'sdns://AQMAAAAAAAAAHFsyYTAxOjRmODoxYzFjOjZiNGI6OjFdOjg0NDMgyJjbSS4IgTY_2KH3NVGG0DNIgBPzLEqf8r00nAbcUxQbMi5kbnNjcnlwdC1jZXJ0LmJsYWhkbnMuY29t'

client-conf/stubby/README.md

@@ -0,0 +1,13 @@
+# MacOS guide
+
+Install: `brew install stubby `
+
+Restart: `sudo brew services restart stubby`
+
+Check log: `sudo tail -f /usr/local/var/log/stubby/stubby.log`
+
+Stubby dir: `/usr/local/etc/stubby`
+
+Stubby config example: [HERE](https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example)
+
+For more about Stubby, [HERE](https://dnsprivacy.org/wiki/pages/viewpage.action?pageId=3145812)

client-conf/stubby/stubby.yml

@@ -0,0 +1,83 @@
+## TLS_pubkey_pinset updated on July 19, 2019
+## expires `2019-09-23 07:04:40 UTC'
+
+resolution_type: GETDNS_RESOLUTION_STUB
+dns_transport_list:
+  - GETDNS_TRANSPORT_TLS
+tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+tls_query_padding_blocksize: 128
+edns_client_subnet_private: 0
+round_robin_upstreams: 1
+tls_connection_retries: 2
+idle_timeout: 10000
+timeout: 2000
+listen_addresses:
+  #- 127.0.0.1
+  #- 0::1
+  - 127.0.0.1@54
+  - 0::1@54
+
+upstream_recursive_servers:
+
+  - address_data: 2a0a:e5c0:2:2:0:c8ff:fe68:bf48
+    tls_port: 853
+    tls_auth_name: "dot-ch.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: i1jLFbRK0/Aj/eQO4qxG6SqlJOCf70zwJb3z7JDFyPs=
+
+  - address_data: 108.61.201.119
+    tls_port: 443
+    tls_auth_name: "dot-jp.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4=
+        
+  - address_data: 108.61.201.119
+    tls_port: 853
+    tls_auth_name: "dot-jp.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4=
+
+  - address_data: 159.69.198.101
+    tls_port: 443
+    tls_auth_name: "dot-de.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c=
+
+  - address_data: 159.69.198.101
+    tls_port: 853
+    tls_auth_name: "dot-de.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c=
+
+  - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b
+    tls_port: 443
+    tls_auth_name: "dot-jp.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4=
+
+  - address_data: 2001:19f0:7001:1ded:5400:01ff:fe90:945b
+    tls_port: 853
+    tls_auth_name: "dot-jp.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: psuldEImRyeSkU88b2ORtiNQ2uBdo+RCwAw6SxaJWQ4=
+        
+  - address_data: 2a01:4f8:1c1c:6b4b::1
+    tls_port: 443
+    tls_auth_name: "dot-de.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c=
+        
+  - address_data: 2a01:4f8:1c1c:6b4b::1
+    tls_port: 853
+    tls_auth_name: "dot-de.blahdns.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c=

client-conf/stunnel.md

@@ -0,0 +1,28 @@
+## Stunnel
+stunnel is an open-source multi-platform application used to provide a universal TLS/SSL tunneling service. stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.
+
+```bash
+$ sudo apt install stunnel4
+$ sudo sed -i -e "s/ENABLED=0/ENABLED=1/" /etc/default/stunnel4 
+
+cd /etc/stunnel
+nano blahdns.conf
+
+// blahdns.conf
+debug = err
+[blahdns-dns]
+client = yes
+accept = 127.0.0.1:5353
+connect = 108.61.201.119:853 #Japan
+# connect = 159.69.198.101:853 #Germany
+verifyChain = yes
+CApath = /etc/ssl/certs
+
+checkHost = dot-jp.blahdns.com
+# checkHost = dot-de.blahdns.com 
+````
+
+### Test
+```bash
+dig @127.0.0.1 -p 5353 www.google.com +tcp
+```