From e250e2c1ae9b9bb3d97b911839a19cf1474bf2da Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Fri, 30 Aug 2019 18:20:03 +0300 Subject: [PATCH 1/3] dns: document usage profiles & Android automatic mode Resolves: #1239 --- _includes/sections/dns.html | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 0b802dc9..5844503e 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -408,7 +408,11 @@ github="https://github.com/jedisct1/dnscrypt-proxy"

Terms

@@ -444,6 +448,9 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
  • Encrypted DNS clients for mobile: -- 2.47.2 From b166cf7284fe51ee1304bb2a1586c5f5f79b193f Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Fri, 30 Aug 2019 19:23:34 +0300 Subject: [PATCH 2/3] dns: fix typo, sslstrip --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 5844503e..208ca31a 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -410,7 +410,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
    • DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:
        • -
      • Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
        • +
      • Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
      • Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.
    • DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
      • -- 2.47.2 From b9ab2422033c76c4ba0b8cc8962716fe8a0d5bde Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sat, 31 Aug 2019 11:20:22 +0300 Subject: [PATCH 3/3] dns: add space between SSL and strip --- _includes/sections/dns.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 208ca31a..9930c910 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -410,7 +410,7 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
      • DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:
          • -
        • Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
          • +
        • Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
        • Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.
      • DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
        • -- 2.47.2