Enable ECH on Chrome
Turn on flag
about://flags/#encrypted-client-hello
Verify https://exhentai.org/cdn-cgi/trace
References
https://blog.cloudflare.com/announcing-encrypted-client-hello/
Tag: dns
Printing all DNS records using DNSPython in Python
import dns.resolver
def get_records(domain):
"""
Get all the records associated to domain parameter.
:param domain:
:return:
"""
ids = [
'NONE',
'A',
'NS',
'MD',
'MF',
'CNAME',
'SOA',
'MB',
'MG',
'MR',
'NULL',
'WKS',
'PTR',
'HINFO',
'MINFO',
'MX',
'TXT',
'RP',
'AFSDB',
'X25',
'ISDN',
'RT',
'NSAP',
'NSAP-PTR',
'SIG',
'KEY',
'PX',
'GPOS',
'AAAA',
'LOC',
'NXT',
'SRV',
'NAPTR',
'KX',
'CERT',
'A6',
'DNAME',
'OPT',
'APL',
'DS',
'SSHFP',
'IPSECKEY',
'RRSIG',
'NSEC',
'DNSKEY',
'DHCID',
'NSEC3',
'NSEC3PARAM',
'TLSA',
'HIP',
'CDS',
'CDNSKEY',
'CSYNC',
'SPF',
'UNSPEC',
'EUI48',
'EUI64',
'TKEY',
'TSIG',
'IXFR',
'AXFR',
'MAILB',
'MAILA',
'ANY',
'URI',
'CAA',
'TA',
'DLV',
]
for a in ids:
try:
answers = dns.resolver.query(domain, a)
for rdata in answers:
print(a, ':', rdata.to_text())
except Exception as e:
print(e) # or pass
if __name__ == '__main__':
get_records('google.com')
References
https://gist.github.com/akshaybabloo/2a1df455e7643926739e934e910cbf2e
Edit Host File on Windows
C:\Windows\System32\drivers\etc
0.0.0.0 www.facebook.com
Refereneces
https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/
Installing dnscrypt-proxy on Linux
Get a root shell
sudo -s
check what else is possibly already listening to port 53
ss -lp 'sport = :domain'
systemctl stop systemd-resolved systemctl disable systemd-resolved
ss -lp 'sport = :domain'
Download and run dnscrypt-proxy
Download dnscrypt-proxy here: dnscrypt-proxy binaries.
cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy
Change the system DNS settings
apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf
And create a new /etc/resolv.conf file with the following content:
nameserver 127.0.0.1 options edns0
Install the proxy as a system service
./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall
Want to check that DNS resolution works?
./dnscrypt-proxy -resolve example.com
Connect to 1.1.1.1 using DoH clients
Add cloudflare and cloudflare-ipv6 to the server list in dnscrypt-proxy.toml:
server_names = ['cloudflare', 'cloudflare-ipv6']
References
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
Linux Host File
The hosts file is a way to map hostnames to IP addresses. This is very important with certain setups and to make networking on Linux a bit easier. In a sense, the hosts file acts as a local DNS server.
sudo nano /etc/hosts
For example, to block Wikipedia, you’d type (remembering to use the Tab key rather than Space):
127.0.0.1 wikipedia.org
or static dns lookup for hostnames
198.20.14.51 example.com
References
https://www.makeuseof.com/tag/modify-manage-hosts-file-linux/
Get all IPs of a domain in Windows
PowerShell :
[System.Net.Dns]::GetHostEntry('google.com').AddressList.IPAddressToString
References
https://www.kjctech.net/powershell-tip-how-to-get-all-ips-assigned-to-a-dns-domain/
Get all IPs of a domain in Linux
dig a google.com
dig a google.com +short @8.8.8.8
References
https://superuser.com/questions/152576/how-to-get-all-ips-of-a-domain
https://superuser.com/questions/847575/how-do-i-find-all-known-ips-for-a-given-domain-in-linux
Clear DNS cache on Windows
You can force a flush of all cached DNS records using the following command:
ipconfig /flushdns
a list of all the records in your cache along with their TTL by executing the following command at the command prompt:
ipconfig /displaydns
References
https://superuser.com/questions/80744/how-often-does-the-dns-cache-clear
Cloudflare DNS-over-HTTPS (DoH)
https://cloudflare-dns.com/dns-query
References
https://dnsprivacy.org/public_resolvers/
Connect to Cloudflare 1.1.1.1 using DoH clients on Ubuntu
Download and install the cloudflared daemon
Or Download and install cloudflared via the Cloudflare Package Repository.
Ubuntu 20.04 LTS (Focal Fossa)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
cloudflared --version
Run without systemd
cloudflared proxy-dns #cloudflared proxy-dns --port 5553
Run with systemd
sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF [Unit] Description=DNS over HTTPS (DoH) proxy client Wants=network-online.target nss-lookup.target Before=nss-lookup.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE DynamicUser=yes ExecStart=/usr/local/bin/cloudflared proxy-dns [Install] WantedBy=multi-user.target EOF
sudo systemctl enable --now cloudflared-proxy-dns
sudo rm -f /etc/resolv.conf
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf >/dev/null
Finally, verify it locally with:
dig +short @127.0.0.1 cloudflare.com AAAA
Update cloudflared
cloudflared update
References
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
https://pkg.cloudflare.com/index.html