stubby icon indicating copy to clipboard operation
stubby copied to clipboard
verified publisher icon getdnsapi

Consider more compact format for upstream config

Open saradickinson opened this issue 8 years ago • 4 comments

We could consider supporting in yaml a format that allows upstreams to be specified in a more compact fashion for increased usability. In particular, at the moment each IP address and port combination requires a separate entry which (typically) repeats exactly the same authentication information. So for a server that listens on IPv4 and IPv6 and port 853 and port 443 on both addresses, 4 entries are needed!

From a pure user point of view something like the following would be preferred:

- upstream_data:
  addresses: ["145.100.185.15", "2001:610:1:40ba:145:100:185:15"]
  tls_ports:  [853, 443]
  tls_auth_name: "dnsovertls.sinodun.com"
  tls_pubkey_pinset:  [62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=]

saradickinson avatar Feb 02 '18 14:02 saradickinson

This branch lets you configure like this:

upstream_recursive_servers:
  - name: "dnsovertls.sinodun.com"
  - name: "dnsovertls.sinodun.com:443"
  - name: "dnsovertls1.sinodun.com"
  - name: "getdnsapi.net"

I have another branch (apparently not pushed), based on this one which then DANE authenticates. I'd rather not push now, because I'm on the thalys (which has a wifi plan, which I can bypass by changing mac addresses, but it's a pain).

wtoorop avatar Feb 02 '18 15:02 wtoorop

An upvote for the format shown in the opening comment. Makes integrating a server selection list into an embedded firmware much easier (currently integrating stubby support into an ASUS router firmware fork)

john9527 avatar Aug 16 '18 16:08 john9527

+1

pedro0311 avatar Sep 25 '18 18:09 pedro0311

Any progress on this ?

sionescu avatar Jan 10 '23 22:01 sionescu