Comments (2)
I'll give you examples based on what I did for DNSCrypt Poland.
Certificate
For BIND, NSD and knot I believe you use the NSD format
If you get:
- Record for nsd:
2.dnscrypt-cert 86400 IN TXT "DNSC\000\001\000\000\139\2031\009\199J\208\213\016cA.$\1885\181D\174Z\003\211F\025<\191\133F\140\141\189O\031\021\004\196\2422m>\146\184}\008\027\235\019\176_p\240\010>M\211\176\176\247v\204o\248\007M\010\240\173\140\235R\197\141\205\002D\194\139U\010\186O{\219E\147o\025c\219r\211h:0\192\006\0187PYqwfzt0001T>|\014]\164}\142"
You put it in the bind zone (I'm using knot, but I think bind format is the same):
2.dnscrypt-cert.soltysiak.com 86400 IN TXT "DNSC\000\001\000\000\139\2031\009\199J\208\213\016cA.$\1885\181D\174Z\003\211F\025<\191\133F\140\141\189O\031\021\004\196\2422m>\146\184}\008\027\235\019\176_p\240\010>M\211\176\176\247v\204o\248\007M\010\240\173\140\235R\197\141\205\002D\194\139U\010\186O{\219E\147o\025c\219r\211h:0\192\006\0187PYqwfzt0001T>|\014]\164}\142"
And then create a pull request into https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv to update the Provider name column with the record name, i.e. 2.dnscrypt-cert.soltysiak.com (or wherever you put it in the zone)
Public Key
You obtain it from:
$ dnscrypt-wrapper --show-provider-publickey-fingerprint
Provider public key fingerprint : 25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21
You put it in DNS, e.g.
pubkey.dc1.soltysiak.com. 86400 TXT "25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21"
And then create a pull request to update the
- Provider public key with the literal TXT contents
- Provider public key TXT record with the name of the record, e.g. pubkey.dc1.soltysiak.com
You can club the 2 changes together and they are not mandatory to have an operational dnscrypt-wrapper, it helps the users of dnscrypt-proxy and other client programs.
If you decide to publish, your Provider name in the .csv file should match the --provider-name paramter you use when running dnscrypt-wrapper.
from dnscrypt-wrapper.
Hi pysiak,
Thank you very much for your detailed information.
I did suspect it maybe the NSD format as it looked bind compliant.
With regards to the other bits n peaces, I wasn't aware of all that so a big thank you for filling me in.
Thanks again.
from dnscrypt-wrapper.
Related Issues (20)
- CLOSE_WAIT HOT 3
- Support for Raspberry Pi / Raspbian? HOT 2
- 请教:在使用dnscrypt-proxy 2.x版本中,如果使用非443端口。 HOT 2
- Log entry "Received a suspicious query from the client" HOT 2
- After success run one or two days, get following error message and not work HOT 5
- Support for xchacha20: no HOT 2
- undefind sodium_bin2base64 HOT 6
- Default expiration days is 1? HOT 2
- [ERROR] Invalid provider key HOT 3
- Suspicious certificate received HOT 1
- 关于创建密钥对时的问题:创建密钥对时一定要使用域名吗?只使用IP是否可以? HOT 2
- dnscrypt-wrapper make pihole random crash?
- How to have each client connect to a different resolver HOT 1
- How to generate TXT record for DNS for protocol version 2? HOT 1
- FreeBSD 12 - No chacha support? HOT 1
- 在客户机器(比如mac上)怎么使用Stamp? HOT 2
- SEGV when passing the same key twice
- Provide a tool/option to verify certificates
- dnscrypt-wrapper --gen-provider-keypair have bug
- Unable to build on aarch64-apple-darwin (Apple Silicon) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dnscrypt-wrapper.