From 2411fe29992ae86836f535aa2c7936df0b1e7053 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Sat, 17 Aug 2019 18:22:19 -0700
Subject: [PATCH 1/7] Add section to validate DNS connection

---
 _includes/sections/dns.html | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index d8511966..b017b30d 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -37,7 +37,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
   <table class="table sortable-theme-bootstrap" data-sortable>
     <thead>
       <tr>
-        <th data-sorted="true" data-sorted-direction="descending">ICANN DNS Provider</th>
+        <th data-sorted="true" data-sorted-direction="ascending">ICANN DNS Provider</th>
         <th data-sortable="true">Server Locations</th>
         <th data-sortable="false">Privacy Policy</th>
         <th data-sortable="true">Type</th>
@@ -285,6 +285,22 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
   </ul>
 
+  <h4>How to Validate</h4>
+
+  <ul>
+    <li>DoH / DoT
+      <ul>
+        <li>Check <a href="https://www.dnsleaktest.com/">https://www.dnsleaktest.com/</a>.</li>
+        <li>Check the website of your DNS provider. They may have a page for telling "you are using X DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
+        <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH.</li>
+      </ul>
+    </li>
+    <li>dnscrypt-proxy - Try the above steps or attempt to stop it. If you have configured it correctly, your DNS requests will stop working (with the exception having Firefox's TRR configured).
+    </li>
+    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">https://dnssec.vs.uni-due.de/</a>.</li>
+    <li>QNAME Minimization - Run <code>dig +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
+  </ul>
+
   <h3>Worth Mentioning and Additional Information</h3>
 
   <ul>
-- 
2.49.0


From 6c1e22ba3cde1fd72735f7fccbb93fdfe1175c1e Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Mon, 19 Aug 2019 21:23:26 -0700
Subject: [PATCH 2/7] Iterate on feedback

---
 _includes/sections/dns.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index b017b30d..d5df343c 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -290,15 +290,15 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
   <ul>
     <li>DoH / DoT
       <ul>
-        <li>Check <a href="https://www.dnsleaktest.com/">https://www.dnsleaktest.com/</a>.</li>
+        <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="If your DNS provider relies on anycast, the displayed ISP, hostname, or location may be misleading although valid."><i class="fas fa-exclamation-triangle"></i></span></li>
         <li>Check the website of your DNS provider. They may have a page for telling "you are using X DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
-        <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH.</li>
+        <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
       </ul>
     </li>
-    <li>dnscrypt-proxy - Try the above steps or attempt to stop it. If you have configured it correctly, your DNS requests will stop working (with the exception having Firefox's TRR configured).
+    <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
     </li>
-    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">https://dnssec.vs.uni-due.de/</a>.</li>
-    <li>QNAME Minimization - Run <code>dig +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
+    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
+    <li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
   </ul>
 
   <h3>Worth Mentioning and Additional Information</h3>
-- 
2.49.0


From 96554d612a046721a9716acfe68c0343e9375725 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Tue, 20 Aug 2019 18:21:34 -0700
Subject: [PATCH 3/7] Update verification section title

---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index d5df343c..04318e10 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -285,7 +285,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
   </ul>
 
-  <h4>How to Validate</h4>
+  <h4>How to verify DNS is encrypted</h4>
 
   <ul>
     <li>DoH / DoT
-- 
2.49.0


From a9d2d1f506133bc5d3e65035f2f8da1580a5cfde Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Tue, 20 Aug 2019 18:24:22 -0700
Subject: [PATCH 4/7] Update DNSLeakTest badge wording

---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 04318e10..a06bf2bd 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -290,7 +290,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
   <ul>
     <li>DoH / DoT
       <ul>
-        <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="If your DNS provider relies on anycast, the displayed ISP, hostname, or location may be misleading although valid."><i class="fas fa-exclamation-triangle"></i></span></li>
+        <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
         <li>Check the website of your DNS provider. They may have a page for telling "you are using X DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
         <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
       </ul>
-- 
2.49.0


From 60d1c757f6db2ab121116870f6fb56ce45aa28d1 Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Thu, 22 Aug 2019 21:23:10 -0700
Subject: [PATCH 5/7] Add CZ.NIC DNSSEC test site

---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index a06bf2bd..12e84a56 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -297,7 +297,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     </li>
     <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
     </li>
-    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
+    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a> or <a href="https://www.dnssec.cz/">DNSSEC Test by CZ.NIC</a>.</li>
     <li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
   </ul>
 
-- 
2.49.0


From aee8f3bd2ec0b03a73c22a6ea3d1ca98b9a0afef Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Thu, 22 Aug 2019 21:27:31 -0700
Subject: [PATCH 6/7] Clarify DNS test page expectation

---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 12e84a56..9600d2a6 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -291,7 +291,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     <li>DoH / DoT
       <ul>
         <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
-        <li>Check the website of your DNS provider. They may have a page for telling "you are using X DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
+        <li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
         <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
       </ul>
     </li>
-- 
2.49.0


From f59c63c0c941995806df60f7283b1fc9f0636a2e Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Sat, 24 Aug 2019 07:53:44 -0700
Subject: [PATCH 7/7] Remove CZ.NIC link

---
 _includes/sections/dns.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 9600d2a6..00428417 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -297,7 +297,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
     </li>
     <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
     </li>
-    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a> or <a href="https://www.dnssec.cz/">DNSSEC Test by CZ.NIC</a>.</li>
+    <li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
     <li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
   </ul>
 
-- 
2.49.0