Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2025-01-24 11:14:13 +01:00
Code Issues Projects Releases Wiki Activity

chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset

Browse Source
This commit is contained in:
Aminda Suomalainen 2024-04-21 14:00:39 +03:00
parent 4a47d14069
commit c90b551ac4
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
13 changed files with 25 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
etc/opt/chromium/policies/managed/README.md
View File

@ -37,9 +37,8 @@
- [`disable-floc.json`](#disable-flocjson) - [`disable-floc.json`](#disable-flocjson)
- [`disable-incognito.json`](#disable-incognitojson) - [`disable-incognito.json`](#disable-incognitojson)
- [`doh-cloudflare-secure.json`](#doh-cloudflare-securejson) - [`doh-cloudflare-secure.json`](#doh-cloudflare-securejson)
- [`doh-allowed.json`](#doh-allowedjson) - [`doh-unlocked-unset.json`](#doh-unlocked-unsetjson)
- [`doh-dns0.json`](#doh-dns0json) - [`doh-dns0.json`](#doh-dns0json)
- [`doh-forced.json`](#doh-forcedjson)
- [`doh-mullvad-base.json`](#doh-mullvad-basejson) - [`doh-mullvad-base.json`](#doh-mullvad-basejson)
- [`doh-quad9-ecs.json`](#doh-quad9-ecsjson) - [`doh-quad9-ecs.json`](#doh-quad9-ecsjson)
- [`doh-quad9-insecure-ecs.json`](#doh-quad9-insecure-ecsjson) - [`doh-quad9-insecure-ecs.json`](#doh-quad9-insecure-ecsjson)
@ -254,58 +253,51 @@ Disables incognito mode. I don't recommend this.
## `doh-cloudflare-secure.json` ## `doh-cloudflare-secure.json`
Sets Cloudflare with malware protection as the DNS-over-HTTPS server. Sets Cloudflare with malware protection as the forced DNS-over-HTTPS server.
## `doh-allowed.json` ## `doh-unlocked-unset.json`
If no DNS over HTTPS policy is used, this unlocks the setting while still allowing downgrade to system DNS If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
(think of DoT opportunistic mode, kind of?). Enabling managed policies disable it by default.
Incompatible with `doh-forced.json`. This must be used together with any other `doh-*.json` file, but only one of them. Incompatible with other `doh-*.json` file, because they set `"DnsOverHttpsMode": "secure",`.
**_No ECH._** **_This also causes there to not be ECH._**
## `doh-dns0.json` ## `doh-dns0.json`
Simply enables DNS-over-HTTPS with DNS0.eu. Simply forces DNS-over-HTTPS with DNS0.eu.
## `doh-forced.json`
Enforces use of DNS-over-HTTPS disabling the downgrade.
Incompatible with `doh-allowed.json`. Use this together with any other `doh-*.json` file, but only one of them.
**_Required for ECH._**
## `doh-mullvad-base.json` ## `doh-mullvad-base.json`
Enables DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking. Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.
- https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications - https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications
## `doh-quad9-ecs.json` ## `doh-quad9-ecs.json`
Enables DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains
their alternative port. their alternative port.
## `doh-quad9-insecure-ecs.json` ## `doh-quad9-insecure-ecs.json`
Enables DNS over HTTPS with Quad9 ECS enabled unfiltered server and also contains Forces DNS over HTTPS with Quad9 ECS enabled unfiltered server and also contains
their alternative port. **No DNSSEC either.** their alternative port. **No DNSSEC either.**
## `doh-quad9-insecure.json` ## `doh-quad9-insecure.json`
Enables DNS over HTTPS with Quad9 unfiltered server and also contains Forces DNS over HTTPS with Quad9 unfiltered server and also contains
their alternative port. **No DNSSEC either.** their alternative port. **No DNSSEC either.**
## `doh-quad9.json` ## `doh-quad9.json`
Enables DNS over HTTPS with Quad9 threat-blocking server and also contains Forces DNS over HTTPS with Quad9 threat-blocking server and also contains
their alternative port. their alternative port.
## `enable-ech-ocsp.json` ## `enable-ech-ocsp.json`
Enables encrypted client hello and OCSP (or CRL?) checks. Enables encrypted client hello (ECH) and Online Certificate Status Protocol (OCSP) (or Certificate Revocation List (CRL)?) checks.
However ECH seems to require `"DnsOverHttpsMode": "secure"` from the `doh-*` files and OCSP seems to bypass that going to the system resolver.
## `enable-labs.json` ## `enable-labs.json`

1
etc/opt/chromium/policies/managed/doh-cloudflare-secure.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://security.cloudflare-dns.com/dns-query" "DnsOverHttpsTemplates": "https://security.cloudflare-dns.com/dns-query"
} }

1
etc/opt/chromium/policies/managed/doh-dns0-kids.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://kids.dns0.eu/" "DnsOverHttpsTemplates": "https://kids.dns0.eu/"
} }

1
etc/opt/chromium/policies/managed/doh-dns0-open.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://open.dns0.eu/" "DnsOverHttpsTemplates": "https://open.dns0.eu/"
} }

1
etc/opt/chromium/policies/managed/doh-dns0-zero.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://zero.dns0.eu/" "DnsOverHttpsTemplates": "https://zero.dns0.eu/"
} }

1
etc/opt/chromium/policies/managed/doh-dns0.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://dns0.eu/" "DnsOverHttpsTemplates": "https://dns0.eu/"
} }

3
etc/opt/chromium/policies/managed/doh-forced.json
View File

@ -1,3 +0,0 @@
{
"DnsOverHttpsMode": "secure"
}

1
etc/opt/chromium/policies/managed/doh-mullvad-base.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://base.dns.mullvad.net/dns-query" "DnsOverHttpsTemplates": "https://base.dns.mullvad.net/dns-query"
} }

1
etc/opt/chromium/policies/managed/doh-quad9-ecs.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://dns11.quad9.net/dns-query https://dns11.quad9.net:5053/dns-query" "DnsOverHttpsTemplates": "https://dns11.quad9.net/dns-query https://dns11.quad9.net:5053/dns-query"
} }

1
etc/opt/chromium/policies/managed/doh-quad9-insecure-ecs.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://dns12.quad9.net/dns-query https://dns12.quad9.net:5053/dns-query" "DnsOverHttpsTemplates": "https://dns12.quad9.net/dns-query https://dns12.quad9.net:5053/dns-query"
} }

1
etc/opt/chromium/policies/managed/doh-quad9-insecure.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://dns10.quad9.net/dns-query https://dns10.quad9.net:5053/dns-query" "DnsOverHttpsTemplates": "https://dns10.quad9.net/dns-query https://dns10.quad9.net:5053/dns-query"
} }

1
etc/opt/chromium/policies/managed/doh-quad9.json
View File

@ -1,3 +1,4 @@
{ {
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://dns.quad9.net/dns-query https://dns.quad9.net:5053/dns-query" "DnsOverHttpsTemplates": "https://dns.quad9.net/dns-query https://dns.quad9.net:5053/dns-query"
} }

0
etc/opt/chromium/policies/managed/doh-allowed.json → etc/opt/chromium/policies/managed/doh-unlocked-unset.json
View File