Digitalcourage as DNS over TLS Addition in Foris

Hello,

would it be possible to add the following entry to the “DNS” item in Foris?

Digitalcourage | Server location: Germany
DNS server (supports DNSSEC)
DNS over TLS:
Host: dns2.digitalcourage.de
port: 853

That would be a fine addition!
https://digitalcourage.de/support/zensurfreier-dns-server

Best regards

1 Like

In the meantime, I think you can do it yourself: https://doc.turris.cz/doc/en/public/dns_knot_misc

Rather refer to this documentation in our Gitlab how to add a new DNS server, which will be available in Foris:

1 Like

I’m well aware of that, I would just like to make it available to everyone in a simple way.
I’ve already entered it in the system. I find it just a good and useful addition.
Therefore my wish is more in the direction of the team to offer it simply with.

1 Like

Hi, thank you for bringing up this topic. Do you mind to share your config?
My digitalcourage-config does not not work (meaning: I cannot resolve external URLs):

#cat /etc/resolver/dns_servers/01_digitalcourage.conf 
name="01_digitalcourage.conf"
description="digitalcourage"
enable_tls="1"
port="853"
hostname="dns2.digitalcourage.de"
pin_sha256="v7rm6OtQQD3x/wbsdHDZjiDg+utMZvnoX3jq3Vi8tGU="
ipv6="2a02:2970:1002::18"
ipv4="46.182.19.48"

DNS works, when I’m using my providers’ DNS-Server.

Neither of the addresses accepts connections from me.

Thanks for testing. The IPv4 and the IPv6 addresses are those which are listed here:
https://digitalcourage.de/support/zensurfreier-dns-server (german language only)

Quote (english see below):

Wir betreiben einen freien DNS-Server, weil wir zeigen wollen, dass Zensur umgangen werden kann – und ständig befürchten müssen, dass sie ausgeweitet wird. Der Server hat die IP: 46.182.19.48 bzw. 2a02:2970:1002::18 und unterstützt verschlüsselte Anfragen via DNS-over-TLS.

google translate:

We run a free DNS server because we want to show that censorship can be circumvented - and we have to constantly fear that it will be expanded. The server has the IP: 46.182.19.48 or 2a02: 2970: 1002 :: 18 and supports encrypted requests via DNS-over-TLS.

Maybe they are currently down.

Greetings!

This is my configuration, successfully tested at https://dnsleaktest.com:

name=“99_digitalcourage.conf”
description=“Digitalcourage (TLS)”
enable_tls=“1”
tls_port=“853”
ipv4=“46.182.19.48”
ipv6=“2a02:2970:1002::18”
ca_file="/etc/ssl/certs/ca-certificates.crt"
pin_sha256=“v7rm6OtQQD3x/wbsdHDZjiDg+utMZvnoX3jq3Vi8tGU=”
hostname=“dns2.digitalcourage.de

I also set the attributes exactly the same as the other preconfigured servers, i.e. “0600” flag in the permissions for the file itself. I don’t know if this is important but it worked right away. I also named the file “99_digitalcourage.conf” which is the same scheme.

Hope this helps you,

Best regards

Now it answers to me. We hit a bad moment, apparently.

good to hear!
“/etc/init.d/resolver restart” is also important

Best Regards

Their DNS server does not provide reliable connectivity, particularly via IPv6. Tried them several times but in the end gave up and only left their IPv4 instance in place.