privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Add section to validate DNS connection (#1176)

This commit is contained in:
nitrohorse 2019-08-24 10:26:38 -07:00 committed by Dawid Potocki
parent 2d7a8c9427
commit 48596d2ad5
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
_includes/sections/dns.html
View File

@ -37,7 +37,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<table class="table sortable-theme-bootstrap" data-sortable>
<thead>
<tr>
<th data-sorted="true" data-sorted-direction="descending">ICANN DNS Provider</th>
<th data-sorted="true" data-sorted-direction="ascending">ICANN DNS Provider</th>
<th data-sortable="true">Server Locations</th>
<th data-sortable="false">Privacy Policy</th>
<th data-sortable="true">Type</th>
@ -285,6 +285,22 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
</ul>
<h4>How to verify DNS is encrypted</h4>
<ul>
<li>DoH / DoT
<ul>
<li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
<li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
<li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
</ul>
</li>
<li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
</li>
<li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
<li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
</ul>
<h3>Worth Mentioning and Additional Information</h3>
<ul>