-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

09/06/2015 - This signed text was written for https://cloudns.com.au

 --Announcement--

Welcome to CloudNS!

CloudNS is an australian based security focused DNS provider.

Currently our DNS hosting and Email infrustructure is under
construction, however our public DNS resolver is now online!

 --Information--

Primary Server (Canberra, Australia):

Address: 113.20.6.2:443 or gc2tzw6lbmeagrp3.onion:443
Provider name: 2.dnscrypt-cert.cloudns.com.au
DNSCrypt Key:
1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4

Secondary Server (Sydney, Australia):

Address: 113.20.8.17:443 or l65q62lf7wnfme7m.onion:443
Provider name: 2.dnscrypt-cert-2.cloudns.com.au
DNSCrypt Key:
67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330

 --Features--

Our DNS resolvers have many security relevant features and other
benefits:

* DNSCrypt Support
We only allow connections to our service using DNSCrypt, this
provides confidentially and message integrity to our DNS
resolver, and makes it harder for an adversery watching the
traffic of our resolver to identify the origin of a DNS query as
all the traffic is mixed together.

* DNSSEC Validation
Our server does complete trust validation of DNSSEC enabled
names, protecting you from upstream dns poisoning attacks or
other DNS tampering. For ccTLD/gTLDs that are not DNSSEC signed,
ISC's DLV Registry (dlv.isc.org) is used for validation.

* Namecoin resolution
Namecoin is an alternative, decentralized DNS system, that is
able to prevent domain name censorship. Our DNS server does local
namecoin resolution of .bit domain names making it an easy way to
start exploring namecoin websites.

* Hosted in Australia
Our DNS Server is hosted in Australia, making it a faster
alternative to other open public DNS resolvers for Australian
residents.

* No domain manipulation or logging
We will not tamper with any domain queries, unlike some
public providers who hijack domain resolution for domains that
fail to resolve. Our servers do not log any data from connecting
users including DNS queries and IP addresses that make
connections.

 --Getting Started--

Our DNS resolver is only accessible using the DNSCrypt protocol,
to get started you will need to use a DNSCrypt resolver such as
dnscrypt-proxy.

Below is an example command to connect to our primary and
secondary servers using dnscrypt-proxy (dnscrypt.org), it
verifies the fingerprint to our server using provider-key and if
successful will setup a listening port at 127.0.0.1:2053 and
127.0.0.1:3053 which can then use like a normal DNS server:

dnscrypt-proxy -d -a 127.0.0.1:2053 -r 113.20.6.2:443
 --provider-name=2.dnscrypt-cert.cloudns.com.au
 --provider-key=
1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4

dnscrypt-proxy -d -a 127.0.0.2:3053 -r 113.20.8.17:443
 --provider-name=2.dnscrypt-cert-2.cloudns.com.au
 --provider-key=
67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330

An additional step to limit the amount of trust you must place in
our resolver, is to setup your own DNS Cache and DNSSEC
validating resolver, a good choice is to use "unbound" with
forwarding to dnscrypt-proxy:

do-not-query-localhost: no

forward-zone:
        name: "."
        forward-addr: 127.0.0.1@2053
        forward-addr: 127.0.0.2@3053

 --Clients--

Windows users who want to test the resolver can connect using a
simple .NET GUI application:

https://github.com/FivfBx2dOQTC3gc8YS4yMNo0el/dnscrypt-winclient

 --CloudNS Security--

We will always sign announcement messages with our GPG key with
key fingerprint:
BCA5 6403 5599 8EC3 F0D9  6408 BFB6 560B EAE6 69FB

The SHA-2 fingerprint for our SSL certificate is below. If you
see any other certificate than this one, then the connection has
been compromised:
?58:f2:f5:de:f8:ba:d8:a9:2d:24:b8:27:6c:6c:2f:9d:06:70:e7:5a

Any questions can be directed to admin@cloudns.com.au, please
sign and encrypt emails using GPG, you can find our public key at
https://cloudns.com.au/BCA5640355998EC3F0D96408BFB6560BEAE669FB.pub.asc
and also on PGP public keyservers. If you receive an email from
us, it will be signed using our secret key. If it isn't, assume
it has been tampered with or spoofed altogether.

 - The CloudNS Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVdvEoAAoJEL+2Vgvq5mn7fzYP/AvhasOFyovJgsm9/BuMiXOV
0JL02MzvRvdk70BwuTaOn8xr2jdbglWz1vkjDg8gfbXhrah0grzi2tYnoLjg/fZS
+lN/C3T0LpuNkNHHIxEykBRYUttFFdXyJKMOaSTMsFj6xtgr0UYilbVbmFW/HB/l
12CBtBRWEBAAhuih9jYG+hUswW9nn4txoIsSLXuRgaScDS6CMzelg19cYaj5g67I
VyLtWG8d0WGqz5RHJdh/lOaUYtgp2ZeyNWHSdCJT8Z0RbZ6eIh4s3ZWOSqG9JHVQ
C+Eu1FGYxzT8+7IvSMr+NKtZMcHrf8Jyfh6aFtHBAvgNZwdDk8Qp7hnkESCNUQgL
Li58o+MNBtjPanoLQTRFtuxD09UlMR7RbeFiNTlwWfmW+vTUWdJBceEsoDBwNNbM
1WEjA3O0umYHCYBVdOOMjZjPoI5VWCYzO6bqf02w4hhK/dhEJEn0hul7jaqbSG6k
znorX351PAYzNtjFhSg3cLjUYMg6ufBzD2Y1EFJuHwubOCnPc+zwhAmadZPYyRxv
x+bzAc5VF3fFYL5AL0dV2gknbUwF09QmEQHwJvafzz/blqsNnSnqnol6871S4PW8
V0HU7h59U8RWKz+HQ3QvmCIdX3M1r1DUjzJ1oxdvYZ15WXq1oIjdg5MZ18fIZbeC
+C2FlssGMCkLgA0E0rHC
=OPjV
-----END PGP SIGNATURE-----