A small hobby ads block DNS project with DoH, DoT, DNSCrypt support.
You are not using Blahdns !!!
You are not using Blahdns !!!
IPv4-stamp:
IPv6-stamp:
IP address:
45.32.55.94
2001:19f0:7001:3259:5400:02ff:fe71:0bc9
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
IPv4-stamp:
IPv6-stamp:
IP address:
139.180.141.57
2001:19f0:4400:6bed:5400:2ff:feb1:f9fa
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
IPv4-stamp:
IPv6-stamp:
IP address:
78.46.244.143
2a01:4f8:c17:ec67::1
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
IPv4-stamp:
IPv6-stamp:
IP address:
95.216.212.177
2a01:4f9:c010:43ce::1
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
DNS leak verification
1. DNSSEC validation: Go
2. Internet.nl: Go
3. DNSSEC resolver algorithm test: Go
4. Cloudflare tools: Go | Go
5. Check my DNS: Go
6. DNS randomness: Go
7. DNS Spoofability test: Go
8. DNSTrace: Go
9. Threats search: Go
10. Whoer.net Go
11. EDNS test Go
Entire privacy leaks test
1. Browserleaks: Go
2. Device leak: Go
3. Webbkoll: Go
DNS over HTTPS (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure DNS traffic over HTTPS.
It prevents DNS hijacking and ISPs from sniffing your traffic.
You can use will Infra on Android Phone, Mozilla firefox nightly, Chrome coming soon.
DNSCrypt v2 client does support DoH, see dnscrypt configuration
example on Windows, macOS, iOS (DNSCloak)
Encrypted DNS - DNS over TLS
DNS over TLS support is available on all our services through port 853 (standard port, some service may support 443).
DNS over TLS encrypts and authenticates all your DNS traffic to protect your privacy and prevent DNS hijacking and sniffing.
Client software: Stubby | Unbound
How to get SPKI
Be sure you already install package apt install gnutls-bin
gnutls-cli --print-cert -p 853 45.32.55.94 | grep "pin-sha256" | head -1
OR
kdig -d @45.32.55.94 +tls-ca +tls-host=dot-jp.blahdns.com blahdns.com
TLS1.3 support check
openssl s_client -connect 45.32.55.94:853
Will return message:
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
For troubleshooting go HERE
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
DNSSEC validation: https://dnssec.vs.uni-due.de
curl -H 'content-type: application/dns-message' -vL -v 'https://doh-jp.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
kdig google.com @2001:19f0:7001:1ded:5400:1ff:fe90:945b +tls -p 443
kdig google.com @45.32.55.94
https://gist.github.com/meanevo/e70ca58e361fb4d1a9d262a8f12b173a (HAProxy) https://stuff-things.net/2016/11/30/haproxy-sni/ https://pre-prod.chown.me/blog/running-dot-on-openbsd.html https://www.haproxy.com/blog/introduction-to-haproxy-acls/
Does Blahdns block CNAME Cloacking? Yes, click here to read more.