rpms/dnssec-trigger
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add simple recipe for adding own servers

Browse Source 
Do not rely exlusively only on upstream service. There are quite a lot
of DNS over TLS servers with working validation today. Show how to
create a new entry of any server chosen.

Resolves: RHEL-6597
This commit is contained in:
Petr Menšík 2024-11-20 16:33:17 +01:00
parent fd3fdf05bc
commit a4d3a7f28f
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dnssec-trigger-default.conf
View File

@ -78,3 +78,8 @@ tcp80: 185.49.140.67
tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
# How to add your own record:
# openssl s_client -connect example.com:443 -showcerts </dev/null > /tmp/dns.crt
# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256
# Append returned sha256 Fingerprint after ssl443: IP-address section.

4
dnssec-trigger-workstation.conf
View File

@ -81,3 +81,7 @@ tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
# How to add your own record:
# openssl s_client -connect example.com:443 -showcerts </dev/null > /tmp/dns.crt
# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256
# Append returned sha256 Fingerprint after ssl443: IP-address section.