Australian DNS resolver

Location: Sydney, Australia

Features

Servers

dns.seby.io - Vultr

IPv4 address: 45.76.113.31

This server is also part of the NTP pool project

DNSCrypt

Provider Name: 2.dnscrypt-cert.dns.seby.io

DNSCrypt Ports: 443 (default), 5353, 8080

Public key: 0854:6878:8BA7:8A5E:A945:EA8F:4583:DD9C:803D:9670:3BCA:409E:EFFD:6AB8:5EB4:2C56

Stamp: sdns://AQcAAAAAAAAADDQ1Ljc2LjExMy4zMSAIVGh4i6eKXqlF6o9Fg92cgD2WcDvKQJ7v_Wq4XrQsVhsyLmRuc2NyeXB0LWNlcnQuZG5zLnNlYnkuaW8

Stamp was generated with https://dnscrypt.info/stamps

DNS-over-HTTPS (DoH)

HTTP/2 port: 8443

Hostname: doh.seby.io

Path: /dns-query

Stamp: sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk

Stamp was generated with https://dnscrypt.info/stamps. Command used to get the hash: env DEBUG=1 dnscrypt-proxy -loglevel 0

TLS Setup: htbridge report

DNS-over-TLS (DoT)

TLS port: 853

Hostname: dot.seby.io

Out-of-Band public key pin: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

Command used: kdig -d @45.76.113.31 +tls-ca +tls-host=dot.seby.io example.com

Stamp: sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMQAPZG90LnNlYnkuaW86ODUzAA

Stamp was generated with https://dnscrypt.info/stamps

TLS Setup: htbridge report

dns.seby.io - OVH

IPv4 address: 139.99.222.72

DNSCrypt

Provider Name: 2.dnscrypt-cert.dns.seby.io

DNSCrypt Ports: 8443

Public key: 0B05:684F:0D0B:E1D8:1A97:92C2:D456:D952:D1ED:2D1F:EB56:E57A:AD59:F13B:DE5E:E065

Stamp: sdns://AQcAAAAAAAAADTEzOS45OS4yMjIuNzIgCwVoTw0L4dgal5LC1FbZUtHtLR_rVuV6rVnxO95e4GUbMi5kbnNjcnlwdC1jZXJ0LmRucy5zZWJ5Lmlv

Stamp was generated with https://dnscrypt.info/stamps

DNS-over-HTTPS (DoH)

HTTP/2 port: 443

Hostname: doh-2.seby.io

Path: /dns-query

Stamp: sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzIgPhoaD2xT8-l6SS1XCEtbmAcFnuBXqxUFh2_YP9o9uDgRZG9oLTIuc2VieS5pbzo0NDMKL2Rucy1xdWVyeQ

Stamp was generated with https://dnscrypt.info/stamps. Command used to get the hash: env DEBUG=1 dnscrypt-proxy -loglevel 0

TLS Setup: htbridge report, SSL Labs report

DNS-over-TLS (DoT)

TLS port: 853

Hostname: dot.seby.io

Out-of-Band public key pin: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

Command used: kdig -d @139.99.222.72 +tls-ca +tls-host=dot.seby.io example.com

Stamp: sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzIAD2RvdC5zZWJ5LmlvOjg1MwA

Stamp was generated with https://dnscrypt.info/stamps

TLS Setup: htbridge report

Unbound Example:
server:
  port: 53
forward-zone:
  name: "."
    forward-tls-upstream: yes
    forward-addr: 45.76.113.31@853
    forward-addr: 139.99.222.72@853
Stubby Example:
dns_transport_list: [GETDNS_TRANSPORT_TLS]
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
listen_addresses:
  - 127.0.0.1@53
upstream_recursive_servers:
  - address_data: 45.76.113.31
    tls_auth_name: "dot.seby.io"
    tls_pubkey_pinset:
      - digest: "sha256"
        value: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

The server configuration is freely available on github:

https://github.com/publicarray/dns-resolver-infra

If there are any problems please open an issue or send me a DM.


Notes:

No logging means that I don't log dns queries but certain statistics

such as the latency and query status are logged see

https://dns.seby.io/stats.html for pretty graphs


While the resolver is freely available abuse will not be tolerated.

To deal with abuse I may need to capture limited amount of traffic,

this will be discarded after the abuse is dealt with.


Public pgp key: https://keybase.io/publicarray/pgp_keys.asc?fingerprint=ac7b7a03d00d8236b8e6f9d180b9687901b6587c