DNS-over-TLS/HTTPS Server
Welcome to the doh.defaultroutes.de DNS-over-TLS and DNS-over-HTTPS
Server.
1 Policy
This server does not keep logs or censors traffic.
2 DoT-Service
This server offers DNS-over-TLS (RFC 7858, Port 853).
2.1 Stubby Configuration
# doh.defaultroutes.de IPv4
- address_data: 5.45.107.88
tls_auth_name: "doh.defaultroutes.de"
tls_pubkey_pinset:
- digest: "sha256"
value: p7t6DDebAlM1rwkrJgZJ6CDkuJG0Ff5PKYZ8bUPQCM0=
# doh.defaultroutes.de IPv6
- address_data: 2a03:4000:6:12af::1
tls_auth_name: "doh.defaultroutes.de"
tls_pubkey_pinset:
- digest: "sha256"
value: p7t6DDebAlM1rwkrJgZJ6CDkuJG0Ff5PKYZ8bUPQCM0=
[...]
3 DoH-Service
This server offers DNS-over-HTTPS (RFC 8484, Port 443) via the URL
https://doh.defaultroutes.de/dns-query
$ doh doh.defaultroutes.de https://doh.defaultroutes.de/dns-query [doh.defaultroutes.de] TTL: 59 seconds A: 5.45.107.88 AAAA: 2a03:4000:0006:12af:0000:0000:0000:0001
4 DNS-over-HTTPS Discussions
Some links to blog posts that discuss the "rights" or "wrongs" of DoH (and/or DoT). I link to these post to allow users of DNS privacy protocols to make up their mind about this protocols. I do not agree to all of the views expressed in these blog posts:
- Geoff Huston: DOH! (10/2018)
- Geoff Huston: More DOH (04/2019)
- Vittorio Bertola: The DoH dilemma (05/2019)
- P. McManus (Mozilla): The Benefits of HTTPS for DNS
- Brian Dickson, GoDaddy: DNS-over-HTTPS: Privacy and Security Concerns
- PowerDNS Blog: Centralised DoH is bad for privacy, in 2019 and beyond (09/2019)
- University of Cambridge: Firefox and DNS-over-HTTPS (09/2019)
- Mark Nottingham: Moving control to the endpoints: Motivations, challenges, and the path forward (06/2019)
5 DoH in Firefox
Some resources about DNS-over-HTTPS in the Mozilla Firefox Browser
- Mozilla: A cartoon intro to DNS over HTTPS (05/2018)
- Daniel Stenberg: Inside Firefox’s DOH engine (07/2018)
- Mozilla: Improving DNS Privacy in Firefox (07/2018)
- Mozilla: Firefox Nightly Secure DNS Experimental Results (08/2018)
- Mozilla: DNS over HTTPS (DoH) – Testing on Beta (09/2018)
- Mozilla: DNS-over-HTTPS (DoH) Update – Recent Testing Results and Next Steps (04/2019)
- Mozilla: DNS-over-HTTPS (DoH) Update – Detecting Managed Networks and User Choice (07/2019)
- Mozilla: What’s next in making Encrypted DNS-over-HTTPS the Default (09/2019)
- Mozilla: Firefox DNS-over-HTTPS
- Mozilla: Configuring Networks to Disable DNS over HTTPS
- Mozilla Policy Requirements for DNS over HTTPs Partners
- Daniel Stenberg: (unofficial) docs for Firefox TRR (DNS-over-HTTPS)
- ISC: Using Response Policy Zones to disable Mozilla DoH-by-default
- DNS-Operations-Mailinglist: use-application-dns.net
- Global Canary Information Page
- IETF: Internet Draft DNS Resolver-Based Policy Detection Domain (draft-grover-add-policy-detection)
6 DoH in Google Chrome
Some resources about DNS-over-HTTPS in the Google Chrome Browser
7 Presentations
7.1 by Dr. Roland van Rijswijk-Deij
- DNS privacy and security ChaosTreff Osnabrück February 2020 (en)
7.2 by ISC
- Encrypted DNS - DoH vs DoT Online Webinar December 2019 (en)
7.3 by Peter Koch
- A Wider Shade of DoH DeNOG 11 2019 (en)
7.4 by Carsten Strotmann
- The End of DNS as we know it … EuroBSDCon 2018 (en)
- Huch, mein DNS ist verschwunden … FrOScon 2018 (de)
- DNS Sicherheit IT-Defense 2019 (de)
- Overview of the DNS Privacy Software landscape RIPE 78 (en)
- Unwind, a Validating DNS Recursive Nameserver RIPE 78 (en)
- DoH or Don't (Slides) and Video recording CCCamp 2019 (en)
- Encrypted DNS, episode II DDI User Group Germany July 2020 (en)
- Encrypted DNS, episode II Men & Mice Webinar, August 2020 (en)