-
Notifications
You must be signed in to change notification settings - Fork 1k
Stamps
Server stamps encode all the parameters required to connect to a secure DNS server as a single string. Think about stamps as QR code, but for DNS.
Format:
"sdns://" || base64url(0x01 || props || len(addr) || addr ||
len(pk) || pk ||
len(providerName) || providerName)
||
is the concatenation operator.
0x01
is the protocol identifier for DNSCrypt.
props
is a small-endian 64 bit value that represents informal properties about the resolver. It is a logical OR
combination of the following values:
1
: server supports DNSSEC
2
: server doesn't keep logs
4
: server doesn't intentionally block domains
For example, a server that supports DNSSEC, stores logs, but doesn't block anything on its own should set props
as the following 8 bytes sequence: { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
.
len(x)
is a byte representation of the length of x
, in bytes. Strings do not have to be zero-terminated.
addr
is the IP address, as a string, with a port number if the server is not accessible over the standard port for the protocol (443). IPv6 strings must be included in square brackets: [fe80::6d6d:f72c:3ad:60b8]
.
pk
is the provider's public key, as a 32-byte vector.
providerName
is the provider name.
The stamp is encoded using the URL-safe variant of base64.
Format:
"sdns://" || base64url(0x02 || props || len(addr) || addr ||
len(hash) || hash ||
len(providerName) || providerName ||
len(path) || path)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features