From bdc167231421c995f7c38d2ea735c572f66c6036 Mon Sep 17 00:00:00 2001 From: fyr77 Date: Sat, 24 Oct 2020 22:01:45 +0200 Subject: [PATCH] add about and applied privacy config --- README.md | 3 +- index.html | 86 ++++++++++++++---------------------------------- js/tool.js | 18 ++++++++++ js/tool.min.js | 1 - tool.html | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 134 insertions(+), 63 deletions(-) delete mode 100644 js/tool.min.js create mode 100644 tool.html diff --git a/README.md b/README.md index 7ca2c1e..f31c003 100644 --- a/README.md +++ b/README.md @@ -15,4 +15,5 @@ This tool can generate these profiles from provided data and also provides some - Eli Grey for [FileSaver.js](https://github.com/eligrey/FileSaver.js) - uuidjs for the [UUID JavaScript module](https://github.com/uuidjs/uuid) -- Paul Miller for [his excellent article](https://paulmillr.com/posts/encrypted-dns/) and the [premade profiles](https://github.com/paulmillr/encrypted-dns) \ No newline at end of file +- Paul Miller for [his excellent article](https://paulmillr.com/posts/encrypted-dns/) and the [premade profiles](https://github.com/paulmillr/encrypted-dns) +- W3schools for [w3.css](https://www.w3schools.com/w3css/) \ No newline at end of file diff --git a/index.html b/index.html index 04db63f..8e73d47 100644 --- a/index.html +++ b/index.html @@ -6,72 +6,36 @@ DNS Profile Creator - - -

Secure DNS profile creator

For iOS 14 or later and macOS Big Sur or later

- +
+ About + Tool +
-
-

- - -

-

- -
- - -

-

- - - - - - - - -

-

- - -

- -
+
+ +

What is this?

+

This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted DNS options.

+

Details

+

Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur updates. But there is no possibility to use this new feature without a third-party app or configuration profiles. I personally preferred not to install some app to manage this for me.
+ This websites generates a configuration profile which is installable on your system and activates encrypted DNS.

+

Why not use an app?

+

I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather transparent, they can be opened with any text editor and viewed. This website is completely open-source.
+ An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the privacy advantage that DoH and DoT bring.

+

Why should I care about encrypted DNS?

+

DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS server to look up where its even supposed to connect to.
+ While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone in the same network will still know exactly which websites you visited.
+ If you want to know more about this, give this blog post by Paul Miller a read, he explains the subject very nicely.

+

DNS-over-HTTPS or DNS-over-TLS?

+

There isn't a huge difference between the two protocols.
+ DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate environment, since it uses the same port as any secured website.
+ DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.

+

In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do - you can choose whatever you want.

+

Which provider should I choose?

+

This comes down to a few factors. First, location. Living in countries which block certain websites narrows your choice down considerably. Furthermore, different providers have different priorities. I suggest you do some research into the providers yourself. For example, you could take a look at this table which lists a few providers and compares them.

\ No newline at end of file diff --git a/js/tool.js b/js/tool.js index b00f048..f68d9f5 100644 --- a/js/tool.js +++ b/js/tool.js @@ -143,6 +143,24 @@ function loadPremade() { dns2v6.value = "2400:3200:baba::1"; serverUrl.value = "https://dns.alidns.com/dns-query"; break; + case "applied-privacy-https": + provName.value = "Applied Privacy"; + checkDoH.checked = true; + dns1v4.value = "146.255.56.98"; + dns2v4.value = ""; + dns1v6.value = "2a02:1b8:10:234::2"; + dns2v6.value = ""; + serverUrl.value = "https://doh.applied-privacy.net/query"; + break; + case "applied-privacy-tls": + provName.value = "Applied Privacy"; + checkDoT.checked = true; + dns1v4.value = "146.255.56.98"; + dns2v4.value = ""; + dns1v6.value = "2a02:1b8:10:234::2"; + dns2v6.value = ""; + serverUrl.value = "dot1.applied-privacy.net"; + break; case "cloudflare-https": provName.value = "Cloudflare"; checkDoH.checked = true; diff --git a/js/tool.min.js b/js/tool.min.js deleted file mode 100644 index ee41262..0000000 --- a/js/tool.min.js +++ /dev/null @@ -1 +0,0 @@ -function getRegDNS(){var dns1v4=document.getElementById("dns1v4").value;var dns2v4=document.getElementById("dns2v4").value;var dns1v6=document.getElementById("dns1v6").value;var dns2v6=document.getElementById("dns2v6").value;var ip4format=/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;var ip6format=/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;var returnstring="ServerAddresses\n\n";var dnsOverride=false;if(ip6format.test(dns1v6)){console.log("61valid!");dnsOverride=true;returnstring+=""+dns1v6+"\n"}if(ip6format.test(dns2v6)){console.log("62valid!");dnsOverride=true;returnstring+=""+dns2v6+"\n"}if(ip4format.test(dns1v4)){console.log("41valid!");dnsOverride=true;returnstring+=""+dns1v4+"\n"}if(ip4format.test(dns2v4)){console.log("42valid!");dnsOverride=true;returnstring+=""+dns2v4+"\n"}if(dnsOverride){returnstring+="\n";return returnstring}else{return ""}}function saveDynamicDataToFile(){var encryption=document.getElementsByName('encryption');var encValue=null;var provName=document.getElementById("provName").value;for(var i=0,length=encryption.length;i\n";fileString+="\n";fileString+="\n";fileString+="\n";fileString+="PayloadContent\n";fileString+="\n";fileString+="\n";fileString+="DNSSettings\n";fileString+="\n";fileString+="DNSProtocol\n";fileString+=""+encValue+"\n";fileString+=getRegDNS();fileString+="ServerURL\n";fileString+=""+document.getElementById("serverUrl").value+"\n";fileString+="\n";fileString+="PayloadDescription\n";fileString+="Configures device to use "+provName+" Encrypted DNS over "+encValue+"\n";fileString+="PayloadDisplayName\n";fileString+=""+provName+" DNS over "+encValue+"\n";fileString+="PayloadIdentifier\n";fileString+="com.apple.dnsSettings.managed."+uuidv4()+"\n";fileString+="PayloadType\n";fileString+="com.apple.dnsSettings.managed\n";fileString+="PayloadUUID\n";fileString+=""+uuidv4()+"\n";fileString+="PayloadVersion\n";fileString+="1\n";fileString+="ProhibitDisablement\n";fileString+="\n";fileString+="\n";fileString+="\n";fileString+="PayloadDescription\n";fileString+="Adds "+provName+" Encrypted DNS over "+encValue+" to Big Sur and iOS 14 based systems\n";fileString+="PayloadDisplayName\n"+provName+" DNS over "+encValue+"\n";fileString+=""+provName+" DNS over "+encValue+"\n";fileString+="PayloadIdentifier\n";fileString+="com.notjakob.apple-dns\n";fileString+="PayloadRemovalDisallowed\n";fileString+="\n";fileString+="PayloadType\n";fileString+="Configuration\n";fileString+="PayloadUUID\n";fileString+=""+uuidv4()+"\n";fileString+="PayloadVersion\n";fileString+="1\n";fileString+="\n";fileString+="";var blob=new Blob([fileString],{type:"text/plain;charset=utf-8"});saveAs(blob,"dns.mobileconfig")}function switchToHTTPS(){document.getElementById("serverUrl").placeholder="https://example.com/query"+document.getElementById("serverUrl").value;document.getElementById("dohdotServerLabel").innerHTML="DoH server URL:"}function switchToTLS(){document.getElementById("serverUrl").placeholder="dot.example.com";document.getElementById("dohdotServerLabel").innerHTML="DoT server URL:"}function loadPremade(){var provName=document.getElementById("provName");var checkDoH=document.getElementById("doh");var checkDoT=document.getElementById("dot");var dns1v4=document.getElementById("dns1v4");var dns2v4=document.getElementById("dns2v4");var dns1v6=document.getElementById("dns1v6");var dns2v6=document.getElementById("dns2v6");var serverUrl=document.getElementById("serverUrl");switch(document.getElementById("premades").value){case "adguard-https":provName.value="AdGuard";checkDoH.checked=true;dns1v4.value="94.140.14.14";dns2v4.value="94.140.15.15";dns1v6.value="2a10:50c0::ad1:ff";dns2v6.value="2a10:50c0::ad2:ff";serverUrl.value="https://dns.adguard.com/dns-query";break;case "alibaba-https":provName.value="Alibaba";checkDoH.checked=true;dns1v4.value="223.5.5.5";dns2v4.value="223.6.6.6";dns1v6.value="2400:3200::1";dns2v6.value="2400:3200:baba::1";serverUrl.value="https://dns.alidns.com/dns-query";break;case "cloudflare-https":provName.value="Cloudflare";checkDoH.checked=true;dns1v4.value="1.1.1.1";dns2v4.value="1.0.0.1";dns1v6.value="2606:4700:4700::1111";dns2v6.value="2606:4700:4700::1001";serverUrl.value="https://cloudflare-dns.com/dns-query";break;case "cloudflare-tls":provName.value="Cloudflare";checkDoT.checked=true;dns1v4.value="1.1.1.1";dns2v4.value="1.0.0.1";dns1v6.value="2606:4700:4700::1111";dns2v6.value="2606:4700:4700::1001";serverUrl.value="cloudflare-dns.com";break;case "cloudflare-security-https":provName.value="Cloudflare Security";checkDoH.checked=true;dns1v4.value="1.1.1.2";dns2v4.value="1.0.0.2";dns1v6.value="2606:4700:4700::1112";dns2v6.value="2606:4700:4700::1002";serverUrl.value="https://security.cloudflare-dns.com/dns-query";break;case "cloudflare-security-tls":provName.value="Cloudflare Security";checkDoT.checked=true;dns1v4.value="1.1.1.2";dns2v4.value="1.0.0.2";dns1v6.value="2606:4700:4700::1112";dns2v6.value="2606:4700:4700::1002";serverUrl.value="security.cloudflare-dns.com";break;case "cloudflare-family-https":provName.value="Cloudflare Family";checkDoH.checked=true;dns1v4.value="1.1.1.3";dns2v4.value="1.0.0.3";dns1v6.value="2606:4700:4700::1113";dns2v6.value="2606:4700:4700::1003";serverUrl.value="https://family.cloudflare-dns.com/dns-query";break;case "cloudflare-family-tls":provName.value="Cloudflare Family";checkDoT.checked=true;dns1v4.value="1.1.1.3";dns2v4.value="1.0.0.3";dns1v6.value="2606:4700:4700::1113";dns2v6.value="2606:4700:4700::1003";serverUrl.value="family.cloudflare-dns.com";break;case "dnspod-https":provName.value="DNSPOD";checkDoH.checked=true;dns1v4.value="162.14.21.56";dns2v4.value="162.14.21.178";dns1v6.value="";dns2v6.value="";serverUrl.value="https://doh.pub/dns-query";break;case "google-https":provName.value="Google";checkDoH.checked=true;dns1v4.value="8.8.8.8";dns2v4.value="8.8.4.4";dns1v6.value="2001:4860:4860::8888";dns2v6.value="2001:4860:4860::8844";serverUrl.value="https://dns.google/dns-query";break;case "google-tls":provName.value="Google";checkDoT.checked=true;dns1v4.value="8.8.8.8";dns2v4.value="8.8.4.4";dns1v6.value="2001:4860:4860::8888";dns2v6.value="2001:4860:4860::8844";serverUrl.value="dns.google";break;case "opendns-https":provName.value="OpenDNS";checkDoH.checked=true;dns1v4.value="208.67.220.220";dns2v4.value="208.67.222.222";dns1v6.value="2620:119:35::35";dns2v6.value="2620:119:53::53";serverUrl.value="https://doh.opendns.com/dns-query";break;case "quad9-https":provName.value="";checkDoH.checked=true;dns1v4.value="9.9.9.9";dns2v4.value="149.112.112.112";dns1v6.value="2620:fe::fe";dns2v6.value="2620:fe::9";serverUrl.value="https://dns.quad9.net/dns-query";break;case "quad9-tls":provName.value="";checkDoT.checked=true;dns1v4.value="9.9.9.9";dns2v4.value="149.112.112.112";dns1v6.value="2620:fe::fe";dns2v6.value="2620:fe::9";serverUrl.value="dns.quad9.net";break;default:provName.value="";checkDoH.checked=true;dns1v4.value="";dns2v4.value="";dns1v6.value="";dns2v6.value="";serverUrl.value=""}} \ No newline at end of file diff --git a/tool.html b/tool.html new file mode 100644 index 0000000..f716194 --- /dev/null +++ b/tool.html @@ -0,0 +1,89 @@ + + + + + + DNS Profile Creator + + + + + + + +

Secure DNS profile creator

+

For iOS 14 or later and macOS Big Sur or later

+ +
+ About + Tool +
+ +
+ +

Choose a pre-configured provider, or enter your own settings:

+ + +
+

+ + +

+

+ +
+ + +

+

+ + + + + + + + +

+

+ + +

+ +
+ + \ No newline at end of file