diff --git a/h5bp/ssl/ocsp_stapling.conf b/h5bp/ssl/ocsp_stapling.conf index 47138f6..d45923a 100644 --- a/h5bp/ssl/ocsp_stapling.conf +++ b/h5bp/ssl/ocsp_stapling.conf @@ -10,9 +10,25 @@ # https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling # https://tools.ietf.org/html/rfc6066#section-8 # https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling +# +# (1) Use Cloudflare 1.1.1.1 DNS resolver +# https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/ +# +# (2) Use Google 8.8.8.8 DNS resolver +# https://developers.google.com/speed/public-dns/docs/using +# +# (3) Use Dyn DNS resolver +# https://help.dyn.com/internet-guide-setup/ ssl_stapling on; ssl_stapling_verify on; -resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; +resolver + # (1) + 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] + # (2) + 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] + # (3) + # 216.146.35.35 216.146.36.36 + valid=60s; resolver_timeout 2s;