search

cofyc / dnscrypt-wrapper

This is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.
Other
530 stars 74 forks source link

How to generate TXT record for DNS for protocol version 2? #167

Closed p1ratrulezzz closed 5 years ago

p1ratrulezzz commented 5 years ago

So I'm interested how to generate this kind of contsruction

[15014] 01 Apr 12:49:32.225 [notice] [main.c:742] Generating pre-signed certificate (expire in 315360000 seconds).
[15014] 01 Apr 12:49:32.225 [notice] [main.c:749] TXT record for signed-certificate:
* Record for nsd:
2.dnscrypt-cert 86400   IN  TXT "DNSC\000\001\000\000\211\034\198\130\192\026M\028\026\242e\228<!A\222LO2\000:(\195Y\212{\164\012\226\215{\022\241\207\224L\232L/\022\003a\161H\234P\229\188+gKLB\168\155\196O\183\202\223\244\025y\003}z\171\244x]\240\235\199P\177fY\136\023P\163\006\234d|\206\216\129FBZ\151S\158\138\034}z\171\244x]\240\235\092\161\222\172\092\161\222\172om\225\172"

The problem is that I want to do the same for dnsdist server and I can get all the information from it using functions DNSCryptCert:getClientMagic() DNSCryptCert:getResolverPubkey() and others but I have no idea how to generate this string cause all these functions generate strings of binary information and here we have some different encoding with slashes and etc. Is there a "magic" utility that can do it separately?

p1ratrulezzz commented 5 years ago

Looks like dnscrypt-wrapper can be used as an utility to do so, just need to pass your certificate in --provider-cert-file parameter 

dnscrypt-wrapper --show-provider-publickey-dns-records --provider-cert-file=/var/lib/dnsdist/resolver2.cert