Link to this headingDNS over HTTPS

JSON:

>>> curl -H 'accept: application/dns-json' 'https://1.1.1.1/dns-query?name=generalzero.org&type=A' {"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"generalzero.org","type":1}],"Answer":[{"name":"generalzero.org","type":1,"TTL":1799,"data":"51.15.203.210"}]}

JSON Short:

>>> curl -s -H 'accept: application/dns-json' 'https://1.1.1.1/dns-query?name=generalzero.org&type=A' | jq --raw-output '.Answer[].data' 51.15.203.210

UDP POST Request:

>>> echo -n 'q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | base64 -d | curl -H 'content-type: application/dns-message' --data-binary @- https://1.1.1.1/dns-query -o - | hexdump -C % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 82 100 49 100 33 1884 1269 --:--:-- --:--:-- --:--:-- 3153 00000000 ab cd 81 80 00 01 00 01 00 00 00 00 03 77 77 77 |.............www| 00000010 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 |.example.com....| 00000020 01 c0 0c 00 01 00 01 00 01 25 62 00 04 5d b8 d8 |.........%b..]..| 00000030 22 |"| 00000031

UDP GET Request:

>>> curl -H 'accept: application/dns-message' -s 'https://1.1.1.1/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C 00000000 ab cd 81 80 00 01 00 01 00 00 00 00 03 77 77 77 |.............www| 00000010 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 |.example.com....| 00000020 01 c0 0c 00 01 00 01 00 01 34 5a 00 04 5d b8 d8 |.........4Z..]..| 00000030 22 |"| 00000031

Link to this headingEncrypted SNI

Gets the Public Key from the dns call. Which is used to encrypt the server name.

  • Used in the new TLS 1.3 protocol.
  • Get the Public Key from a DNS TXT data. (Ex. _esni.f949b3dc-ea0a-42e0-93e9-26c5de94b1a6.encryptedsni.com)
  • Uses the Public Key to encrypt the SNI Hostname
    • Using a DNS proxy tis key can be replaced.
  • This new encrypted Host name is placed in the same spot that the original unencrypted SNI is located

Check if your browser supports Encrypted SNI

First makes a DNS request

ESNI PublicKey:

>>> dig -t TXT _esni.f949b3dc-ea0a-42e0-93e9-26c5de94b1a6.encryptedsni.com +short "/wG0rSUwACQAHQAgYKd5Qkd+Ef7GNSDq6DvAb0B6yidPYygGpar8O8iW0EoAAhMBAQQAAAAAX/o1cAAAAABgAh5wAAA="

Link to this headingBrowser DNS information

Query Domains from the Browser:

async function queryDNS(domain, recordType = 'A') { const url = `https://cloudflare-dns.com/dns-query?name=${encodeURIComponent(domain)}&type=${encodeURIComponent(recordType)}`; const response = await fetch(url, { headers: { 'Accept': 'application/dns-json' } }); const result = await response.json(); // DNS record type numbers const typeMap = { 'A': 1, 'NS': 2, 'CNAME': 5, 'SOA': 6, 'PTR': 12, 'MX': 15, 'TXT': 16, 'AAAA': 28, 'SRV': 33, 'HTTPS': 65 }; //Check Type and name const requestedType = typeMap[recordType.toUpperCase()] || recordType; // Check if we have answers and filter by requested type if (result.Answer) { return result.Answer .filter(answer => (answer.type === requestedType) && (answer.name === domain)) .map(answer => answer.data); } return []; } // Example: Query SRV record queryDNS('_matrix-identity._tcp.generalzero.org', 'SRV').then(result => { console.log(`SRV Record Result: ${result}`, ); }); //SRV Record Result: 0 0 443 _dc-srv.31556abac35a._matrix-identity._tcp.generalzero.org