diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index e3065f8c..26e4161f 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -32,7 +32,8 @@ Note: This criteria applies to all of privacytools.io - supports DoH or DoT (We love DNSCrypt, but there is already https://github.com/DNSCrypt/dnscrypt-resolvers which is directly supported by dnscrypt-proxy, so we don't consider useful to list providers only supporting it). - supports DNSSEC (https://dnssec.vs.uni-due.de/ can test your current DNS provider). - doesn't log IP addresses during normal operation (If your suggestion logs, please compare its privacy policy with other servers on our table that keep logs). -- preferably supports QNAME minimization (if you have access to the dig command, `dig +short txt qnamemintest.internet.nl` or `Resolve-DnsName -Type TXT -Name qnamemintest.internet.nl` if you are on Windows 10) +- preferably supports QNAME minimization (if you have access to the dig command, `dig +short txt qnamemintest.internet.nl`) + ### VPN - Prioritize Products by privacy respecting nationality. diff --git a/.github/ISSUE_TEMPLATE/7_DNS_provider.md b/.github/ISSUE_TEMPLATE/7_DNS_provider.md index 174910f5..06be8abf 100644 --- a/.github/ISSUE_TEMPLATE/7_DNS_provider.md +++ b/.github/ISSUE_TEMPLATE/7_DNS_provider.md @@ -33,4 +33,4 @@ labels: 🌐 website issue, 🗄️ DNS #### Desired features -* [ ] supports QNAME minimization +* [ ] supports QNAME minimization diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 74adcc63..08d56628 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -182,7 +182,11 @@
about:networking#dns
. If the TRR column says "true" for some fields, you are using DoH. dig +short txt qnamemintest.internet.nl
from the command-line (taken from this NLnet Labs presentation). If you are on Windows 10, run Resolve-DnsName -Type TXT -Name qnamemintest.internet.nl
from the PowerShell. You should see this display: "HOORAY - QNAME minimisation is enabled on your resolver :)!"
dig +short txt qnamemintest.internet.nl
from the command-line (taken from this NLnet Labs presentation). You should see this display: "HOORAY - QNAME minimisation is enabled on your resolver :)!"
sudo mkdir /etc/default/grub.d/
to create a directory for additional grub configurationecho GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf
to create a new grub config file source with the echoed contentsudo grub-mkconfig -o /boot/grub/grub.cfg
to generate a new grub config file including this new kernel boot flagecho GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force" | sudo tee /etc/default/grub.d/mitigations.cfg
to create a new grub config file source with the echoed contentsudo grub-mkconfig -o /boot/grub/grub.cfg
to generate a new grub config file including these new kernel boot flagssudo reboot
to reboottail -n +1 /sys/devices/system/cpu/vulnerabilities/*
again to see that MDS now says "SMT disabled."tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
again to see that everything referring to SMT now says "SMT disabled."