| dns 1 | dns 2 | dns 3 | dns 4 | dns 5 | |||
| https://dns.brahma.world/ | https://doh.tiarap.org/ | same dns 2 | https://jp.tiarap.org/ | https://0ms.run/ | website name | ||
| Android Private DNS | Android Private DNS | Android Private DNS | Android Private DNS | Android Private DNS | Android Private DNS | Android Private DNS | Android Private DNS |
| dns.brahma.world |
doh.tiar.app dot.tiar.app |
no have | jp.tiar.app | no have | |||
| HTTP/2 Stamp | HTTP/2 Stamp | HTTP/2 Stamp | HTTP/2 Stamp | HTTP/2 Stamp | HTTP/2 Stamp | HTTP/2 Stamp | |
| sdns://AgMAAAAAAAAAACBETr1nu4P4gHs5Iek4rJF4uIK9UKrbESMfBEz18I33zhBkbnMuYnJhaG1hLndvcmxkCi9kbnMtcXVlcnk | sdns://AQMAAAAAAAAADjE3NC4xMzguMjEuMTI4IO-WgGbo2ZTwZdg-3dMa7u31bYZXRj5KykfN1_6Xw9T2HDIuZG5zY3J5cHQtY2VydC5kbnMudGlhci5hcHA | same dns 2 | sdns://AgcAAAAAAAAADTE3Mi4xMDQuOTMuODCgMob_ZaZfrzIIXuoTiMNzi6fjeHPJBszjxKKLTMKliYigRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984gzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYLanAudGlhci5hcHAKL2Rucy1xdWVyeQ | PC Browser test | |||
| https & http3 | https & http3 | https & http3 | https & http3 | https & http3 | https & http3 | https & http3 | |
| https://dns.brahma.world/dns-query | https://doh.tiar.app/dns-query | https://doh.tiarap.org/dns-query |
https://jp.tiarap.org/dns-query https://jp.tiar.app/dns-query |
https://0ms.run/dns/dns.google/dns-query | https://0ms.run/cache | ||
| IPV6 | IPV6 | IPV6 | IPV6 | IPV6 | IPV6 | IPV6 | |
| 2a05:d016:af8:4000:7710:6fc:bde3:fe0e2400:6180:0:d0::5f6e:4001 |
2400:6180:0:d0::5f6e:4001 |
same dns 2 | [2400:8902::f03c:91ff:feda:c514] port 53 or port 5003 | Moderate | https://dns.0ms.run/dns-query | ||
| IPv4 | IPv4 | IPv4 | IPv4 | IPv4 | IPv4 | IPv4 | |
|
16.170.150.221 |
no have | 174.138.21.128 188.166.206.224 port 53 or port 5003 |
172.104.93.80 port 53 or port 5003 | Spoofability use 25 servers | Spoofability use 2 servers doing 5 task, and get the total queries 474 | ||
| IOS 14 Setting dot ver | DNSCrypt | DNSCrypt | DNSCrypt | But the quality is so bad | https://0ms.run/resolve? | ||
| IOS 14 Setting doh ver | 2.dnscrypt-cert.dns.tiar.app | no have | sdns://AQcAAAAAAAAAJVsyNDAwOjg5MDI6OmYwM2M6OTFmZjpmZWRhOmM1MTRdOjE0NDMgMrh2PvG_ZTah3moTwM1vSKF544i2maU3jW1bPEzfVFMbMi5kbnNjcnlwdC1jZXJ0LmpwLnRpYXIuYXBw | yes, this dns is so fast but combine use
google. doing 26 tasks, get the total Queries is only 348 |
https://0ms.run/dns/{{your favorite DNS
server (without http:// or https://)}} Examples: https://0ms.run/dns/dns.google/dns-query |
||
| No logging • Blocks Ads + Trackers +
Malware + Phishing domains DNSSEC ready • QNAME Minimization • No EDNS Client-Subnet |
key: EF96:8066:E8D9:94F0:65D8:3EDD:D31A:EEED:F56D:8657:463E:4ACA:47CD:D7FE:97C3:D4F6 | ||||||
| file configuration | |||||||
| id-gmail,"id-gmail resolver","id-gmail content blocking","Singapore","",,2,yes,yes,no,174.138.21.128,2.dnscrypt-cert.dns.tiar.app,EF96:8066:E8D9:94F0:65D8:3EDD:D31A:EEED:F56D:8657:463E:4ACA:47CD:D7FE:97C3:D4F6, | |||||||
| Check the problem error dns.brahma.world 4 error 2 warning | Privacy-First DNS Resolver Block over 300K: ads, ad-tracking, malware and phising domains! No Logging, dns0x20, No ECS, DNSSEC Validation, Free! |
Privacy-First DNS Resolve, No Censorship, dns0x20, No Logging, No ECS, DNSSEC Validation, Free! | https://0ms.run/dns/dns.google/resolve? | ||||
| server Amazon 16.170.150.221 | Digital Ocean data center 174.138.21.128 | Digital Ocean vpn server 174.138.29.175 | Linode LLC, Tokyo 172.104.93.80 | Combine with google dns use | use dns cache | ||
| close UDP queries, RRSIG is unknown | Check the problem error doh.tiarap.org 4 warning | Check the problem error doh.tiar.app 1 error 4 warning | 1 error, 4 warning, 33 passed | https://dns.0ms.run/resolve? https://0ms.run/dns-query |
|||
| unknown, block udp | DYNAMIC cache, block udp | gzip, receive all connection | bypass cache | No adblock | |||
| Virus total, 1 found | Virus total, 1 found | Virus total 1 found | Virus total, 1 found | Virus total, 1 found | Virus total, 1 found | ||
| time out, ping to | time out, ping to | no time out | time out, ping to | yes, can ping and get very beautiful ms, about 12 ms | |||
| ping brahma.world 15ms | ns-tld2.charlestonroadregistry.com 15ms | ping doh.tiarap.org 16ms | 139.162.64.31 tracert 80, ping 94 | the type of the DNS is some, only different the way of method working | |||
| 1 server = 1.020 | 1 server = 1.020 Queries | 1 server = 1.020 Queries | 1 server = 1028 Queries | ||||
| Forcepoint, Malcoius | doh.tiar.app dot.tiar.app doh.tiarap.org jp.tiar.app | ||||||
| "RFC8482" "" HINFO | CNAME | "RFC8482" "" HINFO | CAA | ||||
|
archive.org; Google Search, twitter; Reddit; Google Certificate Transparency |
archive.org, Google Search, twitter; Reddit; Google Certificate Transparency | archive.org, Google Search, twitter; Reddit; Google Certificate Transparency | Google Search, twitter; Reddit; Google Certificate Transparency | 172.253.211.5 IP Number is google mine | 172.70.145.12 the IP number is CLOUDFLARENET mine | ||
| Reliability 87% | Reliability 82% | Reliability 90% | Reliability 90% | Reliability 65% | Reliability 76% | ||
tool checker:
1.
https://mxtoolbox.com/emailhealth/doh.tiarap.org/
2.
https://securityheaders.com/?q=doh.tiarap.org&followRedirects=on
3. https://cachecheck.opendns.com
4. https://www.grc.com/dns/dns.htm
6. https://www.top10vpn.com/tools/what-is-my-dns-server/
7. https://www.dotcom-tools.com/dns-trace-test?type=summary-report&id=462e6ac547004bc389a7364bbdd9af6e
-
Content-Security-Policy
Bertugas melindungi situs dari serangan XSS (Cross-Site Scripting). Memanfaatkan sistem whitelist yang hanya akan memuat konten dari lokasi yang aman sehingga yang berbahaya otomatis diblokir. -
X-Frame-Options
Opsi ini menginstruksikan ke browser apakah halaman situsnya boleh disisipkan dalam rma atau tidak. Sering sekali dibuat injeksi iklan oleh ISP atau operator seluler, dan ada resiko clickjacking. Rekomendasi:x-frame-options: SAMEORIGIN. -
X-XSS-Protection
Mengatur konfigurasi filter proteksi cross-site scripting yang biasanya sudah ada dalam browser. Rekomendasi:X-XSS-Protection: 1; mode=block. -
X-Content-Type-Options
Sedangkan yang ini memberitahu browser agar tidak mendeteksi apa jenis konten yang akan dimuat dan sebaiknya mendapatkan informasi tersebut dari deklarasi tipe kontennya. Ini mengurangi resiko bahaya download file tanpa ijin. Rekomendasi:X-Content-Type-Options: nosniff. -
Strict-Transport-Security
Kalau sudah menggunakan sertifikat SSL pada koneksi anda maka HSTS *(HTTP Strict Transport Security) adalah setting terbaik agar browser dipaksa selalu menggunakan HTTPS untuk mengakses situs anda. Jeleknya kalau implementasi SSL anda ada yang salah akan langsung error bagi pengunjung yang pernah membuka website anda. Rekomendasi:strict-transport-security: max-age=31536000; includeSubdomains. -
Public-Key-Pins
Untuk mencegah ada yang membajak koneksi HTTPS anda dengan menyamarkan sertifikat SSL maka HPKP (HTTP Public Key Pinning) bisa diaktifkan.
Saya contohkan bagaimana penerapan headernya pada beberapa web server tapi hanya
untuk HTTP:
Apache
Header set X-Frame-Options DENY
Header set X-XSS-Protection "1; mode=block
Header set X-Content-Security-Policy "allow 'self';"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy: script-src 'self'
Bisa diletakkan pada konfigurasi Apache, virtual host atau file .htaccess.
Nginx
add_header X-Frame-Options DENY
add_header X-XSS-Protection "1; mode=block
add_header X-Content-Security-Policy "allow 'self';"
add_header X-Content-Type-Options "nosniff"
add_header Content-Security-Policy: script-src 'self'
Tambahkan dalam blok location dalam
setting virtual host Nginx.
Baris Baru