Skip to content

Feat: Add dns4eu #985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: next
Choose a base branch
from
Open

Feat: Add dns4eu #985

wants to merge 1 commit into from

Conversation

Ra2-IFV
Copy link

@Ra2-IFV Ra2-IFV commented Jun 12, 2025

Close: #984

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Jun 12, 2025

Tests

[NOTICE] Source [public-resolvers] loaded
[NOTICE] Source [relays] loaded
[NOTICE] Firefox workaround initialized
[NOTICE] ECS plugin enabled
[NOTICE] Hot reload is disabled
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-noads-ipv4] OK (DoH) - rtt: 71ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-noads-ipv6] OK (DoH) - rtt: 73ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-ipv6] OK (DoH) - rtt: 74ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-ipv4] OK (DoH) - rtt: 79ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-child-noads-ipv6] OK (DoH) - rtt: 81ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-child-noads-ipv4] OK (DoH) - rtt: 81ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-child-ipv6] OK (DoH) - rtt: 84ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-child-ipv4] OK (DoH) - rtt: 88ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-unfiltered-ipv6] OK (DoH) - rtt: 87ms
[NOTICE] Advertised cert: [CN=hos.joindns4.eu] [8d528bbbf473c09e958ec6cd1b24c724b32ced5f77c62833df9fe7011aa1ba08]
[NOTICE] Advertised cert: [CN=E6,O=Let's Encrypt,C=US] [b35e05950cfbd8259f9375ba101870b8c3c4c0ec5a529757e63167e9de26a9e8]
[NOTICE] [dns4eu-unfiltered-ipv4] OK (DoH) - rtt: 87ms
[NOTICE] Sorted latencies:
[NOTICE] -   71ms dns4eu-noads-ipv4
[NOTICE] -   73ms dns4eu-noads-ipv6
[NOTICE] -   74ms dns4eu-ipv6
[NOTICE] -   79ms dns4eu-ipv4
[NOTICE] -   81ms dns4eu-child-noads-ipv6
[NOTICE] -   81ms dns4eu-child-noads-ipv4
[NOTICE] -   84ms dns4eu-child-ipv6
[NOTICE] -   87ms dns4eu-unfiltered-ipv6
[NOTICE] -   87ms dns4eu-unfiltered-ipv4
[NOTICE] -   88ms dns4eu-child-ipv4
[NOTICE] Server with the lowest initial latency: dns4eu-noads-ipv4 (rtt: 71ms)

@jedisct1
Copy link
Member

jedisct1 commented Jun 12, 2025
edited
Loading

Wondering if we shouldn't mention the fact that its name is a bit misleading: https://techlog.jenslink.net/posts/dns4eu/

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Jun 12, 2025

Going to laugh my ass out... I initiated this idea because I read tech new about "Digital sovereignty for Europe" and they mentioned "DNS4EU".
I know the concerns, but it's too late to be an island on today's internet. Either suffer the instant pain or worry about them later. So far Cloudflare is always doing best at what they do. Good reputation. And if the main DNS service is located in Europe it should be fine.
"dns4eu" is their chosen name, it's not wise to change it. Do you have any suggestions for descriptions?

@jedisct1 jedisct1 changed the base branch from master to next July 15, 2025 06:54
@jedisct1
Copy link
Member

Certificates are invalid.

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Jul 22, 2025 via email

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Aug 26, 2025

Hash check should be skipped: Mine instance resolves to CN=resolver.joindns4.eu and your is CN=hos.joindns4.eu, they use LetsEncrypt E5 and E6 certificates

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Aug 26, 2025

nvm
image

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Aug 26, 2025

New problem: They have 2 IPs for each hostname now. Should we ignore the second one?

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Sep 19, 2025

@jedisct1 PR check awaiting approval

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Sep 19, 2025

NOTICE

They have 2 IPs for each DNS service. The IP Address field in the stamp calculator didn't say it can be comma-seperated. What to do now?

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Sep 19, 2025

Unfiltered Resolution

IP address:
86.54.11.100
86.54.11.200

IPv6:
2a13:1001::86:54:11:100
2a13:1001::86:54:11:200

DNS over HTTPS: https://unfiltered.joindns4.eu/dns-query
DNS over TLS: unfiltered.joindns4.eu

Remove IP addresses in the stamp and let bootstrap server resolve?

@Ra2-IFV
Copy link
Author

Ra2-IFV commented Sep 19, 2025 

[2025-09-19 00:50:17] [NOTICE] -   30ms dns4eu-unfiltered-ipv4

Of course it works since now we use bootstrap servers to resolve hostname. But this reduces stability! Removing hard-coded IP address in the stamp may mess up IPv4 and IPv6 since it's all depends on the bootstrap server's anwser.

Give the order, sir! 20 entries (2 servers for IPv4 and IPv6 each) for 5 DNS services, or 5 for 5?

@Ra2-IFV
Feat: Add dns4eu
156129c 
Add 5 servers.
All have Let's Encrypt E5 E6 certificate hashs.
Close: DNSCrypt#984

Signed-off-by: Ryan Keane <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add DNS4EU
2 participants
@Ra2-IFV @jedisct1