[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] DNS-over-TLS certificate domain name mismatch



The certificate served by dns.google for DNS-over-TLS is untrusted as it does not include "dns.google" in its common or alternative names (doh!).

See https://www.ssllabs.com/ssltest/analyze.html?d=dns.google

Instructions to use dns.google for DNS-over-TLS: https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html

Common names    *.c.docs.google.com
Alternative names       *.c.docs.google.com *.a1.googlevideo.com *.c.2mdn.net *.c.audiobooks.play.google.com *.c.bigcache.googleapis.com *.c.chat.google.com *.c.doc-0-0-sj.sj.googleusercontent.com *.c.drive.google.com *.c.googlesyndication.com *.c.googlevideo.com *.c.inbox.google.com *.c.lh3-da.googleusercontent.com *.c.lh3-da.photos0.sandbox.google.com *.c.lh3-db.googleusercontent.com *.c.lh3-db.photos1.sandbox.google.com *.c.lh3-dc.googleusercontent.com *.c.lh3-dc.photos2.sandbox.google.com *.c.lh3-dd.googleusercontent.com *.c.lh3-dd.photos3.sandbox.google.com *.c.lh3-de.googleusercontent.com *.c.lh3-de.photos4.sandbox.google.com *.c.lh3-df.googleusercontent.com *.c.lh3-df.photos5.sandbox.google.com *.c.lh3-dg.googleusercontent.com *.c.lh3-dg.photos6.sandbox.google.com *.c.lh3-dz.googleusercontent.com *.c.lh3-dz.photos-autopush.sandbox.google.com *.c.lh3.googleusercontent.com *.c.lh3.photos.google.com *.c.mail.google.com *.c.offline.maps.google.com *.c.pack.google.com *.c.play.google.com *.c.video.google.com *.c.youtube.com *.cache1.c.docs.google.com *.cache1.c.play.google.com *.cache1.c.video.google.com *.cache1.c.youtube.com *.cache2.c.docs.google.com *.cache2.c.play.google.com *.cache2.c.video.google.com *.cache2.c.youtube.com *.cache3.c.docs.google.com *.cache3.c.play.google.com *.cache3.c.video.google.com *.cache3.c.youtube.com *.cache4.c.docs.google.com *.cache4.c.play.google.com *.cache4.c.video.google.com *.cache4.c.youtube.com *.cache5.c.docs.google.com *.cache5.c.play.google.com *.cache5.c.video.google.com *.cache5.c.youtube.com *.cache6.c.docs.google.com *.cache6.c.play.google.com *.cache6.c.video.google.com *.cache6.c.youtube.com *.cache7.c.docs.google.com *.cache7.c.play.google.com *.cache7.c.video.google.com *.cache7.c.youtube.com *.cache8.c.docs.google.com *.cache8.c.play.google.com *.cache8.c.video.google.com *.cache8.c.youtube.com *.dai.googlevideo.com *.googlevideo.com *.googlezip.net *.gvt1.com *.offline-maps.gvt1.com *.snap.gvt1.com *.xn--ngstr-lra8j.com xn--ngstr-lra8j.com

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/CAPTAgB77QPtz0KJB338jEC2Kj66cGCRPaVgEFr5%2BuQXJ7JYhVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.