From 28874c33f0e778fc7687f5b3926590ce09e06c98 Mon Sep 17 00:00:00 2001
From: Pete Cooper <petecooper@users.noreply.github.com>
Date: Wed, 15 May 2019 01:07:47 +0100
Subject: [PATCH] Add Google Public DNS IPv6 and Cloudflare DNS IP addresses to
 `resolver` (#229)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Léo Colombaro <git@colombaro.fr>
---
 h5bp/ssl/ocsp_stapling.conf | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/h5bp/ssl/ocsp_stapling.conf b/h5bp/ssl/ocsp_stapling.conf
index 47138f6..d45923a 100644
--- a/h5bp/ssl/ocsp_stapling.conf
+++ b/h5bp/ssl/ocsp_stapling.conf
@@ -10,9 +10,25 @@
 # https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
 # https://tools.ietf.org/html/rfc6066#section-8
 # https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
+#
+# (1) Use Cloudflare 1.1.1.1 DNS resolver
+#     https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
+#
+# (2) Use Google 8.8.8.8 DNS resolver
+#     https://developers.google.com/speed/public-dns/docs/using
+#
+# (3) Use Dyn DNS resolver
+#     https://help.dyn.com/internet-guide-setup/
 
 ssl_stapling on;
 ssl_stapling_verify on;
 
-resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
+resolver
+  # (1)
+  1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]
+  # (2)
+  8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844]
+  # (3)
+  # 216.146.35.35 216.146.36.36 
+  valid=60s;
 resolver_timeout 2s;