Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-12-29 17:36:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

DNS: add Nebulo as worth mentioning & warn about DoH metadata & sort worth mentioning/additional information into sublists (#1200)

Browse Source 
* DNS: add Nebulo as worth mentioning

Resolves: #1187

* source_code: add Nebulo

* dns: add metadata warning to DoH

* dns: fix typo in Nebulo's description

Yes, Nebulo supports DoT and DoT...

* dns: update DoH warning text and link

* dns: sort mobile encrypted DNS software together

* dns: update DoH warning as suggested by @nitrohorse

* dns: sort additional information & worth mentioning into sublists

* dns: remove extra ul

* dns: sort the sublists

* dns: add formatting

* dns: update wording as requested by @nitrohorse

* dns: copy-paste @nitrohorse 's example

* source_code: sort DNS apps

* dns: swap Namecoin and Stubby due to alphabetical order
This commit is contained in:
Mikaela Suomalainen 2019-08-24 14:55:34 +00:00 committed by nitrohorse
parent 0cde61c986
commit ad17fa03ab
2 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
_includes/sections/dns.html
View File

@ -281,21 +281,42 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<ul>
<li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.</li>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
</ul>
<h3>Worth Mentioning and Additional Information</h3>
<ul>
<li>Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
<li>Android 9 comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><a href="https://pi-hole.net/">Pi-hole</a> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><a href="https://gitlab.com/quidsup/notrack">NoTrack</a> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
<li><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
<li><a href="https://namecoin.info/">Namecoin</a> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
<li><strong>Encrypted DNS clients for desktop:</strong>
<ul>
<li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
</ul>
</li>
<li><strong>Encrypted DNS clients for mobile:</strong>
<ul>
<li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
</ul>
</li>
<li><strong>Local DNS servers:</strong>
<ul>
<li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
</ul>
</li>
<li><strong>Network wide DNS servers:</strong>
<ul>
<li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
</ul>
</li>
<li><strong>Further reading:</strong>
<ul>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
</ul>
</li>
</ul>
</div>
</div>

10
source_code.md
View File

@ -289,8 +289,6 @@ Webpage: https://github.com/opennic/opennic-web
- NoTrack: https://github.com/quidsup/notrack
- Namecoin: https://github.com/namecoin
- Pi-hole: https://github.com/pi-hole
## Encrypted ICANN DNS Providers
@ -305,10 +303,18 @@ PowerDNS: https://github.com/PowerDNS/pdns
### Worth Mentioning and Additional Information
#### Mobile
- DNSCloak: https://github.com/s-s/dnscloak
- Nebulo: https://git.frostnerd.com/PublicAndroidApps/smokescreen/
#### Local DNS servers
- Stubby: https://github.com/getdnsapi/stubby
- Namecoin: https://github.com/namecoin
## Digital Notebook
Joplin: https://github.com/laurent22/joplin