search

getdnsapi / stubby

Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).
https://dnsprivacy.org/dns_privacy_daemon_-_stubby/
BSD 3-Clause "New" or "Revised" License
1.19k stars 99 forks source link

Consider more compact format for upstream config #79

Open saradickinson opened 6 years ago

saradickinson commented 6 years ago

We could consider supporting in yaml a format that allows upstreams to be specified in a more compact fashion for increased usability. In particular, at the moment each IP address and port combination requires a separate entry which (typically) repeats exactly the same authentication information. So for a server that listens on IPv4 and IPv6 and port 853 and port 443 on both addresses, 4 entries are needed!

From a pure user point of view something like the following would be preferred:

- upstream_data:
  addresses: ["145.100.185.15", "2001:610:1:40ba:145:100:185:15"]
  tls_ports:  [853, 443]
  tls_auth_name: "dnsovertls.sinodun.com"
  tls_pubkey_pinset:  [62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=]
wtoorop commented 6 years ago

This branch lets you configure like this:

upstream_recursive_servers:
  - name: "dnsovertls.sinodun.com"
  - name: "dnsovertls.sinodun.com:443"
  - name: "dnsovertls1.sinodun.com"
  - name: "getdnsapi.net"

I have another branch (apparently not pushed), based on this one which then DANE authenticates. I'd rather not push now, because I'm on the thalys (which has a wifi plan, which I can bypass by changing mac addresses, but it's a pain).

john9527 commented 6 years ago

An upvote for the format shown in the opening comment. Makes integrating a server selection list into an embedded firmware much easier (currently integrating stubby support into an ASUS router firmware fork)

pedro0311 commented 6 years ago

+1

sionescu commented 1 year ago

Any progress on this ?