diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index 0e3bf589..596c5c0d 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -350,7 +350,7 @@
- +
@@ -424,7 +424,7 @@ @@ -1106,6 +1163,7 @@

Note! The web service port changes will be automatically applied and so you do not need to manually restart the main service. This web page will be automatically redirected to the new web console URL after saving settings. The HTTPS protocol will be enabled only when a TLS certificate is configured.

When using a reverse proxy with the Web Service, you need to add X-Real-IP header to the proxy request with the IP address of the client to allow the Web server to know the real IP address of the client originating the request. For example, if you are using nginx as the reverse proxy, you can add proxy_set_header X-Real-IP $remote_addr; to make it work.

+

The web service uses Kestral web server which supports both HTTP/2 and HTTP/3 protocols when TLS certificate is configured. HTTP/3 protocol support is not available on all platforms. On Windows, it is available only on Windows 11 (build 22000 or later) and Windows Server 2022. On Linux, it requires libmsquic and openssl v1.1.1 to be installed.

Use the following openssl command to convert your TLS certificate that is in PEM format to PKCS #12 certificate (.pfx) format:

openssl pkcs12 -export -out "example.com.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile "chain.pem"
@@ -1204,6 +1262,7 @@

These optional DNS server protocols are used to host these as a service. You do not need to enable these optional protocols to use them with Forwarders or Conditional Forwarder Zones.

For DNS-over-HTTP, use http://localhost:8053/dns-query with a TLS terminating reverse proxy like nginx. For DNS-over-TLS, use tls-certificate-domain:853, for DNS-over-QUIC, use tls-certificate-domain:853, and for DNS-over-HTTPS use https://tls-certificate-domain/dns-query to configure supported DNS clients.

When using a reverse proxy with the DNS-over-HTTP service, you need to add X-Real-IP header to the proxy request with the IP address of the client to allow the DNS server to know the real IP address of the client originating the request. For example, if you are using nginx as the reverse proxy, you can add proxy_set_header X-Real-IP $remote_addr; to make it work.

+

DNS-over-QUIC protocol support is not available on all platforms. On Windows, it is available only on Windows 11 (build 22000 or later) and Windows Server 2022. On Linux, it requires libmsquic and openssl v1.1.1 to be installed.

Use the following openssl command to convert your TLS certificate that is in PEM format to PKCS #12 certificate (.pfx) format:

openssl pkcs12 -export -out "example.com.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile "chain.pem"
@@ -1291,7 +1350,7 @@ Randomize Name -
Enables QNAME randomization when using UDP as the transport protocol to improve security.
+
Enables QNAME case randomization when using UDP as the transport protocol to improve security.
@@ -1596,7 +1652,7 @@
Click the 'Update Now' button to reset the next update schedule and force download and update of the block lists.
-
DNS Server will use the data returned by the block list URLs to update the block list zone automatically. The expected file format is standard hosts file format, plain text file containing list of domains to block, or wildcard block list file format.
+
Note! DNS Server will use the data returned by the block list URLs to update the block list zone automatically. The expected file format is standard hosts file format, plain text file containing list of domains to block, wildcard block list file format, or Adblock Plus file format.
Help: Blocking Internet Ads Using DNS Sinkhole
@@ -2642,13 +2698,14 @@ Type Class Answer + - +
Found: 0 logs