Surely you've heard of the topic that is currently haunting [[https://www.golem.de/news/wegen-cloudflare-openbsd-deaktiviert-doh-im-firefox-browser-1909-143884.html|IT-News]]. Mozilla will integrate in Firefox [[https://cloudflare.com/|Cloudflare]] as DoH-Server and activate it by default. In itself, it's not a bad idea to encrypt DNS queries so that they can't be read in open networks (like free radio). However, it is a thorn in the side of many users and us to use a provider from America by default.
+
Surely you've heard of the topic that is currently haunting [[https://www.golem.de/news/wegen-cloudflare-openbsd-deaktiviert-doh-im-firefox-browser-1909-143884.html|IT-News]]. Mozilla will integrate in Firefox [[https://cloudflare.com/|Cloudflare]] as DoH-Server and activate it by default. In itself, it's not a bad idea to encrypt DNS queries so that they can't be read in open networks (like Freifunk). However, it is a thorn in the side of many users and us to use a provider from America by default.
-
That's why we have set up a DoH/DoT server for you, which you can for example enter directly into Firefox, use via App or combine with another DNS server.
+
That's why we have set up a DoH/DoT server for you, which you can for example directly add to Firefox, use via App or combine with another DNS server.
-
We also registered on the page of the [[https://dnscrypt.info/public-servers/|DNSCrypt-Project]], so that we can automatically register at the resolvers in the app [[https://apps.apple.com/de/app/dnscloak-secure-dns-client/id1452162351|DNSCloak]] (iOS) or at [[https://github.com/DNSCrypt/dnscrypt-proxy|dnscrypt-proxy]].
+
We also registered on the page of the [[https://dnscrypt.info/public-servers/|DNSCrypt-Project]], so that we are automatically added in apps like [[https://apps.apple.com/de/app/dnscloak-secure-dns-client/id1452162351|DNSCloak]] (iOS) or [[https://github.com/DNSCrypt/dnscrypt-proxy|dnscrypt-proxy]].
If everything worked out, you can do a [[http://dns-leak.com/|DNSLeak-Test]] and the result should look like this:
+
If everything worked out, you can do a [[https://dnsleaktest.com/|DNS leak test]] and the result should look like this:
-
{{ :knb:2019-09-16-doh-success.png?direct&800 |Bild: Ergebnis beim Testen via dns-leak.com}}
+
{{ :knb:dnsleaktest.png?direct&800 | Bild: Ergebnis beim Testen via dnsleaktest.com }}
+
(It can also show a different set of IP addresses in the 5.1.66.0/24 IPv4 prefix from our other PoP in Vienna, Austria)
+
+
Additional sites:
+
* https://www.dnscheck.tools/ (also checks DNSSEC support of the resolver and IPv6)
===== Statistics =====
===== Statistics =====
Of course there is also a detailed **[[https://stats.ffmuc.net/d/tlvoghcZk/doh-dot?orgId=1&refresh=1m|Statusseite]]** where you can see all possible statistics about the service.
Of course there is also a detailed **[[https://stats.ffmuc.net/d/tlvoghcZk/doh-dot?orgId=1&refresh=1m|Statusseite]]** where you can see all possible statistics about the service.
+
+
<WRAP center round alert 80%>
+
**Just to say it**: \\
+
\\
+
At Freifunk München, there are no logs that allow any conclusions to be drawn about the use.
+
There are a few general counters: \\
+
\\
+
https://stats.ffmuc.net/d/tlvoghcZk/doh-dot \\
+
\\
+
And we have logs about requests/IP for rate-limits, but they only contain '**//that//**' and not '**//what//**'.