Skip to main content

Create and parse DNS stamps with ease.

Project description

For general information about DNS stamps, see https://dnscrypt.info/stamps-specifications

Installation

python3 -m pip install --user dnsstamps

Generating DNS stamps

DNSCrypt

First get the public key, if you use dnsdist, you can get it in this way

> printDNSCryptProviderFingerprint("/path/to/your/providerPublic.key")
Provider fingerprint is: CB6A:DC5C:29F9:5510:0B65:BF12:94FE:5684:579A:B349:9CC9:798F:00D0:1BB5:C1A9:A2C7

Then run

$ dnsstamp.py dnscrypt -s -a 127.0.0.1 -n 2.dnscrypt-cert.example.com -k CB6A:DC5C:29F9:5510:0B65:BF12:94FE:5684:579A:B349:9CC9:798F:00D0:1BB5:C1A9:A2C7
DNSCrypt DNS stamp
==================

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1
Public key: CB6A:DC5C:29F9:5510:0B65:BF12:94FE:5684:579A:B349:9CC9:798F:00D0:1BB5:C1A9:A2C7
Provider name: 2.dnscrypt-cert.example.com

sdns://AQEAAAAAAAAACTEyNy4wLjAuMSDLatxcKflVEAtlvxKU_laEV5qzSZzJeY8A0Bu1wamixxsyLmRuc2NyeXB0LWNlcnQuZXhhbXBsZS5jb20

DNS-over-HTTPS

First get your certificate's signed data hash (tbsCertificate)

$ openssl asn1parse -in doh.example.com.chain.pem -out /dev/stdout -noout -strparse 4 | openssl dgst -sha256
(stdin)= 3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838

Then run

$ dnsstamp.py doh -s -a 127.0.0.1 -n doh.example.com -p /dns-query -t 3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838
DoH DNS stamp
=============

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1
Hashes: ['3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838']
Hostname: doh.example.com
Path: /dns-query
Bootstrap IPs: []

sdns://AgEAAAAAAAAACTEyNy4wLjAuMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA9kb2guZXhhbXBsZS5jb20KL2Rucy1xdWVyeQ

DNS-over-TLS

First get your certificate's signed data hash (tbsCertificate)

$ openssl asn1parse -in dot.example.com.chain.pem -out /dev/stdout -noout -strparse 4 | openssl dgst -sha256
(stdin)= 2f1af500a66d4b83760766e41cb1123ebd6b95853afaef3bcdf39cbde3ab30b6

Then run

$ dnsstamp.py dot -s -a 127.0.0.1 -n dot.example.com -t 2f1af500a66d4b83760766e41cb1123ebd6b95853afaef3bcdf39cbde3ab30b6
DoT DNS stamp
=============

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1
Hostname: dot.example.com
Hashes: ['2f1af500a66d4b83760766e41cb1123ebd6b95853afaef3bcdf39cbde3ab30b6']
Bootstrap IPs: []

sdns://AwEAAAAAAAAACTEyNy4wLjAuMSAvGvUApm1Lg3YHZuQcsRI-vWuVhTr67zvN85y946swtg9kb3QuZXhhbXBsZS5jb20

DNS-over-QUIC

First get your certificate's signed data hash (tbsCertificate)

$ openssl asn1parse -in doq.example.com.chain.pem -out /dev/stdout -noout -strparse 4 | openssl dgst -sha256
(stdin)= 2449d49a44b91e80e0c71eeab76627579b6d4e53b4445cd5479004cc93d23263

Then run

$ dnsstamp.py doq -s -a 127.0.0.1 -n doq.example.com -t 2449d49a44b91e80e0c71eeab76627579b6d4e53b4445cd5479004cc93d23263
DoQ DNS stamp
=============

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1
Hostname: doq.example.com
Hashes: ['2449d49a44b91e80e0c71eeab76627579b6d4e53b4445cd5479004cc93d23263']
Bootstrap IPs: []

sdns://BAEAAAAAAAAACTEyNy4wLjAuMSAkSdSaRLkegODHHuq3ZidXm21OU7REXNVHkATMk9IyYw9kb3EuZXhhbXBsZS5jb20

Oblivious DoH target

$ dnsstamp.py doh_target -s -a 127.0.0.1 -n doh-target.example.com -p /dns-query
DoH Target DNS stamp
====================

DNSSEC: yes
No logs: no
No filter: no
Hostname: doh-target.example.com
Path: /dns-query

sdns://BQEAAAAAAAAAFmRvaC10YXJnZXQuZXhhbXBsZS5jb20KL2Rucy1xdWVyeQ

Anonymized DNSCrypt relay

$ dnsstamp.py dnscrypt_relay -a 127.0.0.1
DNSCrypt DNS Relay Stamp
========================

IP Address: 127.0.0.1

sdns://gQkxMjcuMC4wLjE

Oblivious DoH relay

First get your certificate's signed data hash (tbsCertificate)

$ openssl asn1parse -in doh.example.com.chain.pem -out /dev/stdout -noout -strparse 4 | openssl dgst -sha256
(stdin)= 3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838

Then run

$ dnsstamp.py doh_relay -a 127.0.0.1 -n doh-relay.example.com -p /dns-query -t 3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838
DoH Relay DNS stamp
===================

DNSSEC: no
No logs: no
No filter: no
IP Address: 127.0.0.1
Hashes: ['3e1a1a0f6c53f3e97a492d57084b5b9807059ee057ab1505876fd83fda3db838']
Hostname: doh-relay.example.com
Path: /dns-query
Bootstrap IPs: []

sdns://hQAAAAAAAAAACTEyNy4wLjAuMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBVkb2gtcmVsYXkuZXhhbXBsZS5jb20KL2Rucy1xdWVyeQ

Plain DNS

$ dnsstamp.py plain -s -a 127.0.0.1
Plain DNS stamp
===============

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1

sdns://AAEAAAAAAAAACTEyNy4wLjAuMQ

Parsing DNS stamps

$ dnsstamp.py parse sdns://AAEAAAAAAAAACTEyNy4wLjAuMQ
Plain DNS stamp
===============

DNSSEC: yes
No logs: no
No filter: no
IP Address: 127.0.0.1

sdns://AAEAAAAAAAAACTEyNy4wLjAuMQ

Using the library

import dnsstamps
from dnsstamps import Option

# DNSCrypt
stamp = dnsstamps.create_dnscrypt("127.0.0.1", "CB6A:DC5C", "provider-name", [Option.DNSSEC])

# DNS-over-HTTPS
stamp = dnsstamps.create_doh("127.0.0.1", ["3e1a1a0f"], "hostname", "path", [Option.NO_LOGS])

# DNS-over-TLS
stamp = dnsstamps.create_dot("127.0.0.1", ["d0b24377"], "hostname", [Option.NO_FILTERS])

# DNS-over-QUIC
stamp = dnsstamps.create_doq("127.0.0.1", ["e50ff421"], "hostname", [Option.NO_FILTERS])

# Oblivious DoH target
stamp = dnsstamps.create_doh_target("hostname", "path", [Option.NO_LOGS])

# Anonymized DNSCrypt relay
stamp = dnsstamps.create_dnscrypt_relay("127.0.0.1")

# Oblivious DoH relay
stamp = dnsstamps.create_doh_relay("127.0.0.1", ["3e1a1a0f"], "hostname", "path", [Option.NO_LOGS])

# Plain DNS
stamp = dnsstamps.create_plain("127.0.0.1", [Option.DNSSEC, Option.NO_LOGS, Option.NO_FILTERS])

# Parse
parameter = dnsstamps.parse("sdns://AAEAAAAAAAAACTEyNy4wLjAuMQ")
dnsstamps.format(parameter)
stamp = dnsstamps.build(parameter)

Running tests

python3 -m unittest discover

Setting up your own DNS server

  • Unbound (DNSSEC, DNSCrypt)
  • PowerDNS (DNSSEC, DNSCrypt, DoH, DoT, Authoritative Server)

Updating PyPI package

python3 setup.py sdist bdist_wheel
python3 -m twine upload dist/*

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dnsstamps-1.4.0.tar.gz (13.0 kB view details)

Uploaded Source

Built Distribution

dnsstamps-1.4.0-py3-none-any.whl (16.5 kB view details)

Uploaded Python 3

File details

Details for the file dnsstamps-1.4.0.tar.gz.

File metadata

  • Download URL: dnsstamps-1.4.0.tar.gz
  • Upload date:
  • Size: 13.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.24.0 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1

File hashes

Hashes for dnsstamps-1.4.0.tar.gz
Algorithm Hash digest
SHA256 2fd18598b2f612d0a188d6603c7f8f0cafabb6dbb6dd1311654ab0b7697611f9
MD5 d48ad481f610465d220f015eda4bbaf6
BLAKE2b-256 57936c1671d93656d5363b42975271b1e95f6b378523b8e38a1966565adfbebe

See more details on using hashes here.

File details

Details for the file dnsstamps-1.4.0-py3-none-any.whl.

File metadata

  • Download URL: dnsstamps-1.4.0-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.24.0 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1

File hashes

Hashes for dnsstamps-1.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cccb703b4de2614cd450879cac4bb36929857cd9a8b31547634be52e4638f1c6
MD5 e8baa4a8236d2d179be8bfc2f597461c
BLAKE2b-256 19a748e100722c3f69193387c2d65ebe325e558e7bb29f0b81c0a6df75bc8353

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page