[wip] Add "How to Create DNS Stamps" guide #262
Conversation
|
Do I need to add screenshots from the DNS Stamp calculator? |
grumaxxx
changed the title
There was a problem hiding this comment.
Let's add this article to the DNS knowledge base:
https://github.com/AdguardTeam/KnowledgeBaseDNS
Add it to the Miscellaneous section.
|
|
||
| This guide will help you learn how to create your own DNS stamp for Secure DNS. Secure DNS is a service that enhances your internet security and privacy by encrypting your DNS queries. This prevents the possibility of your queries being intercepted or manipulated by malicious actors. | ||
|
|
||
| By creating and using your own DNS stamp, you're taking an important step towards a more secure and private internet experience. This guide should equip you with the knowledge you need to generate your own DNS stamp confidently, whether for use in AdGuard, AdGuard VPN, or any other application that supports DNS stamps. |
There was a problem hiding this comment.
Слишком ChatGPT'шно, имхо :) Это совсем не important step, а опции для параноиков, если они хотят дополнительные меры безопасности :)
There was a problem hiding this comment.
For Secure DNS, tls://, https:// or quic:// URLs are normally used and it is enough for most users, and is recommended way.
However, if you need additional security, like pre-resolved server IPs and certificate pinning by hash, you may generate your own DNS stamp. This guide tells you how to do it.
| 2. Depending on the chosen protocol, select the corresponding protocol from the dropdown menu (DoH, DoT, or DoQ). | ||
|
|
||
| 3. Fill in the necessary fields: | ||
| - **IP address**: Enter the DNS server's IP address. If you are using the DoT or DoQ protocol, ensure you have also specified the corresponding port. |
There was a problem hiding this comment.
Нужно отметить, что данное поле необязательно, и нужно использовать с осторожностью: использование данной опции может сломать интернет в IPv6-only сетях.
|
|
||
| 3. Fill in the necessary fields: | ||
| - **IP address**: Enter the DNS server's IP address. If you are using the DoT or DoQ protocol, ensure you have also specified the corresponding port. | ||
| - **Hashes**: Insert the SHA256 hash of the server's certificate. If the DNS server you are using provides a ready-made Ed25519 public key, find and copy it. Otherwise, you can obtain it by following the instructions in the ["Obtaining the Certificate Hash"](###obtaining-the-certificate-hash) section. |
There was a problem hiding this comment.
А причём тут Ed25519? У TLS-сертов тип публичного ключа - ECDSA или RSA
Плюс нужно отметить, что данное поле необязательно.
Since AdguardTeam/DnsLibs supports checking the certificate hash from a DNS stamp, it is necessary to add instructions on how to create such stamps