From a4d3a7f28fd4e613c89aba4c705b24273e086dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 20 Nov 2024 16:33:17 +0100 Subject: [PATCH] Add simple recipe for adding own servers Do not rely exlusively only on upstream service. There are quite a lot of DNS over TLS servers with working validation today. Show how to create a new entry of any server chosen. Resolves: RHEL-6597 --- dnssec-trigger-default.conf | 5 +++++ dnssec-trigger-workstation.conf | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/dnssec-trigger-default.conf b/dnssec-trigger-default.conf index 9a21b6f..5c7c27f 100644 --- a/dnssec-trigger-default.conf +++ b/dnssec-trigger-default.conf @@ -78,3 +78,8 @@ tcp80: 185.49.140.67 tcp80: 2a04:b900::10:0:0:67 ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF + +# How to add your own record: +# openssl s_client -connect example.com:443 -showcerts /tmp/dns.crt +# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256 +# Append returned sha256 Fingerprint after ssl443: IP-address section. diff --git a/dnssec-trigger-workstation.conf b/dnssec-trigger-workstation.conf index 0db88af..5f63664 100644 --- a/dnssec-trigger-workstation.conf +++ b/dnssec-trigger-workstation.conf @@ -81,3 +81,7 @@ tcp80: 2a04:b900::10:0:0:67 ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF +# How to add your own record: +# openssl s_client -connect example.com:443 -showcerts /tmp/dns.crt +# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256 +# Append returned sha256 Fingerprint after ssl443: IP-address section.