Enable ECH on Chrome
Turn on flag
about://flags/#encrypted-client-hello
Verify https://exhentai.org/cdn-cgi/trace
References
https://blog.cloudflare.com/announcing-encrypted-client-hello/
Turn on flag
about://flags/#encrypted-client-hello
Verify https://exhentai.org/cdn-cgi/trace
References
https://blog.cloudflare.com/announcing-encrypted-client-hello/
import dns.resolver def get_records(domain): """ Get all the records associated to domain parameter. :param domain: :return: """ ids = [ 'NONE', 'A', 'NS', 'MD', 'MF', 'CNAME', 'SOA', 'MB', 'MG', 'MR', 'NULL', 'WKS', 'PTR', 'HINFO', 'MINFO', 'MX', 'TXT', 'RP', 'AFSDB', 'X25', 'ISDN', 'RT', 'NSAP', 'NSAP-PTR', 'SIG', 'KEY', 'PX', 'GPOS', 'AAAA', 'LOC', 'NXT', 'SRV', 'NAPTR', 'KX', 'CERT', 'A6', 'DNAME', 'OPT', 'APL', 'DS', 'SSHFP', 'IPSECKEY', 'RRSIG', 'NSEC', 'DNSKEY', 'DHCID', 'NSEC3', 'NSEC3PARAM', 'TLSA', 'HIP', 'CDS', 'CDNSKEY', 'CSYNC', 'SPF', 'UNSPEC', 'EUI48', 'EUI64', 'TKEY', 'TSIG', 'IXFR', 'AXFR', 'MAILB', 'MAILA', 'ANY', 'URI', 'CAA', 'TA', 'DLV', ] for a in ids: try: answers = dns.resolver.query(domain, a) for rdata in answers: print(a, ':', rdata.to_text()) except Exception as e: print(e) # or pass if __name__ == '__main__': get_records('google.com')
References
https://gist.github.com/akshaybabloo/2a1df455e7643926739e934e910cbf2e
C:\Windows\System32\drivers\etc
0.0.0.0 www.facebook.com
Refereneces
https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/
Get a root shell
sudo -s
check what else is possibly already listening to port 53
ss -lp 'sport = :domain'
systemctl stop systemd-resolved systemctl disable systemd-resolved
ss -lp 'sport = :domain'
Download and run dnscrypt-proxy
Download dnscrypt-proxy here: dnscrypt-proxy binaries.
cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy
Change the system DNS settings
apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf
And create a new /etc/resolv.conf
file with the following content:
nameserver 127.0.0.1 options edns0
Install the proxy as a system service
./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall
Want to check that DNS resolution works?
./dnscrypt-proxy -resolve example.com
Connect to 1.1.1.1 using DoH clients
Add cloudflare
and cloudflare-ipv6
to the server list in dnscrypt-proxy.toml
:
server_names = ['cloudflare', 'cloudflare-ipv6']
References
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
The hosts file is a way to map hostnames to IP addresses. This is very important with certain setups and to make networking on Linux a bit easier. In a sense, the hosts file acts as a local DNS server.
sudo nano /etc/hosts
For example, to block Wikipedia, you’d type (remembering to use the Tab key rather than Space):
127.0.0.1 wikipedia.org
or static dns lookup for hostnames
198.20.14.51 example.com
References
https://www.makeuseof.com/tag/modify-manage-hosts-file-linux/
PowerShell :
[System.Net.Dns]::GetHostEntry('google.com').AddressList.IPAddressToString
References
https://www.kjctech.net/powershell-tip-how-to-get-all-ips-assigned-to-a-dns-domain/
dig a google.com
dig a google.com +short @8.8.8.8
References
https://superuser.com/questions/152576/how-to-get-all-ips-of-a-domain
https://superuser.com/questions/847575/how-do-i-find-all-known-ips-for-a-given-domain-in-linux
You can force a flush of all cached DNS records using the following command:
ipconfig /flushdns
a list of all the records in your cache along with their TTL by executing the following command at the command prompt:
ipconfig /displaydns
References
https://superuser.com/questions/80744/how-often-does-the-dns-cache-clear
https://cloudflare-dns.com/dns-query
References
https://dnsprivacy.org/public_resolvers/
Download and install the cloudflared daemon
Or Download and install cloudflared
via the Cloudflare Package Repository.
Ubuntu 20.04 LTS (Focal Fossa)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
cloudflared --version
Run without systemd
cloudflared proxy-dns #cloudflared proxy-dns --port 5553
Run with systemd
sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF [Unit] Description=DNS over HTTPS (DoH) proxy client Wants=network-online.target nss-lookup.target Before=nss-lookup.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE DynamicUser=yes ExecStart=/usr/local/bin/cloudflared proxy-dns [Install] WantedBy=multi-user.target EOF
sudo systemctl enable --now cloudflared-proxy-dns
sudo rm -f /etc/resolv.conf
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf >/dev/null
Finally, verify it locally with:
dig +short @127.0.0.1 cloudflare.com AAAA
Update cloudflared
cloudflared update
References
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
https://pkg.cloudflare.com/index.html