Fix some typos and formatting issues

ARCHITECTURE.md

@@ -50,16 +50,14 @@ graph LR
 
 ### DNS Frontend
 
-The frontend accepts client connections, validates DNS queries and forward them to the backend for name resolution, if
-the cache does not already provide an answer.
+The frontend accepts client connections, validates DNS queries and forward them to the backend for name resolution, if the cache does not already provide an answer.
 
 - Handles TLS encryption and Let's Encrypt certificates
 - Enforce rate limits to increase availability for all users
 
 ### DNS Backend
 
-The backend is only reachable by the _dnsdist_ frontend. If the answer to a query is not already cached it is resolved
-by querying the global domain name system (DNS).
+The backend is only reachable by the _dnsdist_ frontend. If the answer to a query is not already cached it is resolved by querying the global domain name system (DNS).
 
 - Prefetching cache to reduced latency
 - DNSSEC validation

CONTRIBUTION.md

@@ -21,12 +21,9 @@ on a way to achieve your idea.
 
 ## How to Contribute
 
-1. Fork the [DNS resolver repository](https://github.com/DigitaleGesellschaft/DNS-Resolver) to your own name space. For
-   this, you need a GitHub account.
-2. For small changes you may use the GitHub web editor to directly fix a document. For larger changes you need to check
-   out your fork of the _DNS resolver_ repository.
-3. Make your changes locally and commit them. For commit messages try to use existing commit messages as a guide. If
-   your commit fixes or addresses an existing issue, please reference the issue number in your commit message.
+1. Fork the [DNS resolver repository](https://github.com/DigitaleGesellschaft/DNS-Resolver) to your own name space. For this, you need a GitHub account.
+2. For small changes you may use the GitHub web editor to directly fix a document. For larger changes you need to check out your fork of the _DNS resolver_ repository.
+3. Make your changes locally and commit them. For commit messages try to use existing commit messages as a guide. If your commit fixes or addresses an existing issue, please reference the issue number in your commit message.
 4. Create a pull request (PR) to our _main_ branch.
 
 Example commit message:

FAQ.md

@@ -10,13 +10,12 @@ This document covers frequently asked questions about our secure DNS resolver sy
 
 2. Why does the Digital Society provide this service?
 
-   - We think a decentralised and censor resistent Internet is important for our society.
+   - We think a decentralised and censor resistant Internet is important for our society.
 
 3. How can I help?
    - There are several things you can do:
      - Review our [configuration files](configuration-files) and [guides](howtos) and improve them.
-     - The annual costs for operating the servers amount to 1'000 CHF. Perhaps it is possible for you to make
-       a [donation](https://www.digitale-gesellschaft.ch/uber-uns/unterstuetzer-werden/).
+     - The annual costs for operating the servers amount to 1'000 CHF. Perhaps it is possible for you to make a [donation](https://www.digitale-gesellschaft.ch/uber-uns/unterstuetzer-werden/).
 
 ### For Companies
 
@@ -31,16 +30,13 @@ This document covers frequently asked questions about our secure DNS resolver sy
 ## Configuration
 
 1. Can I use your service for plain text (unencrypted) DNS?
-   - No, we only provide encrypted DNS-over-HTTPS or DNS-over-TLS. We deliberately do not operate a plain text DNS to
-     avoid user configuration errors.
+   - No, we only provide encrypted DNS-over-HTTPS or DNS-over-TLS. We deliberately do not operate a plain text DNS to avoid user configuration errors.
 
 ## Technical Questions
 
 1. Do you block any domains?
 
-   - No, we do not block any domain. Checkout our transparency reports and privacy
-     notice: https://www.digitale-gesellschaft.ch/dns/ However, we do temporarily block clients or requests if they
-     have malicious behaviour and/or impact our service for other users.
+   - No, we do not block any domain. Checkout our transparency reports and privacy notice: https://www.digitale-gesellschaft.ch/dns/ However, we do temporarily block clients or requests if they have malicious behaviour and/or impact our service for other users.
 
 2. Do you support DNSCrypt?
    - No, currently not.

README.md

@@ -1,18 +1,14 @@
 # Secure DNS Resolver
 
-Information, configuration files and _how tos_ about the public secure DNS resolvers operated by the Digital Society
-Switzerland.
+Information, configuration files and _how tos_ about the public secure DNS resolvers operated by the Digital Society Switzerland.
 
-The Digital Society Switzerland runs publicly available DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) DNS resolver
-systems.
+The Digital Society Switzerland runs publicly available DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) DNS resolver systems.
 
 ![Secure DNS resolver in a pig picture](assets/Secure-DNS-Resolver-Big-Picture-100p.png)
 
 This repository contains:
 
-- [Configuration files](configuration-files) of our production systems. Anyone interested in our setup can review our
-  production configuration or run its own setup based on our configuration files. You may also check out
-  our [system architecture](ARCHITECTURE.md).
+- [Configuration files](configuration-files) of our production systems. Anyone interested in our setup can review our production configuration or run its own setup based on our configuration files. You may also check out our [system architecture](ARCHITECTURE.md).
 - [How tos](howtos) to configure encrypted DNS on various devices. This allows people to use our secure DNS resolvers.
 
 Also, checkout our [website](https://www.digitale-gesellschaft.ch/dns/) and the [FAQ](FAQ.md).
@@ -32,8 +28,7 @@ For specific configuration check out our [How-Tos](howtos).
 
 # Contribution
 
-Contributions to this project are very welcome. If you like to contribute, check-out [CONTRIBUTION](CONTRIBUTION.md) for
-more information.
+Contributions to this project are very welcome. If you like to contribute, check-out [CONTRIBUTION](CONTRIBUTION.md) for more information.
 
 Some ideas where help is appreciated:
 

configuration-files/LOCAL.md

@@ -1,7 +1,6 @@
 # Staging
 
-This documents describes how one can set up two local resolvers based on our Ansible configuration in a virtual
-machines.
+This documents describes how one can set up two local resolvers based on our Ansible configuration in virtual machines.
 
 This setup uses [Linux Containers](https://linuxcontainers.org/) respectively the command `lxc`. But one can apply the
 Ansible config on any virtual Ubuntu system.
@@ -14,8 +13,7 @@ On your host install `lxc` by running:
 
 We do not keep sensitive information in this repository. Create these files:
 
-- In the `locl.yml` file the two systems `localdns1` and `localdns2` are referred. In order Ansible knows these host
-  systems they need to be in the SSH configuration `~/.ssh/config` file e.g.:
+- In the `locl.yml` file the two systems `localdns1` and `localdns2` are referred. In order Ansible knows these host systems they need to be in the SSH configuration `~/.ssh/config` file e.g.:
 
   ```
   host localdns1
@@ -29,9 +27,7 @@ We do not keep sensitive information in this repository. Create these files:
   Port <port>
   ```
 
-- Create a user to connect to. This might be your current user on your local machine. Create a file
-  in `configuration-files/roles/base/tasks/users/$USER.yml` with this content. Change `$USER` with your current
-  username.
+- Create a user to connect to. This might be your current user on your local machine. Create a file in `configuration-files/roles/base/tasks/users/$USER.yml` with this content. Change `$USER` with your current username.
 
   ```
   ---
@@ -55,10 +51,8 @@ We do not keep sensitive information in this repository. Create these files:
     key: "add your public key here within the quotes e.g. `cat .ssh/id_rsa.pub`"
   ```
 
-- Create an encrypted secret file for ansible secrets. Contains secrets and passphrases in key-values pairs and is
-  located in `configuration-files/group_vars/local/vault.yml`.
-  - Create a new encrypted file by running `ansible-vault create configuration-files/group_vars/local/vault.yml` and
-    add the following content (these are example secrets):
+- Create an encrypted secret file for ansible secrets. Contains secrets and passphrases in key-values pairs and is located in `configuration-files/group_vars/local/vault.yml`.
+  - Create a new encrypted file by running `ansible-vault create configuration-files/group_vars/local/vault.yml` and add the following content (these are example secrets):
     ```
     dnsdist_control_interface_key: "KZ0-+U?T"
     dnsdist_webserver_api_key: "K[F|8I9?"

configuration-files/README.md

@@ -1,9 +1,8 @@
 # Secure DNS Resolver Configuration
 
-Ansible managed configuration files for DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) DNS resolver.
+Ansible managed configuration files for DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) DNS resolvers.
 
-This configuration is applied to the production secure DNS resolver of the Digital Society. This document describes how
-to use the Ansible setup for your own setup.
+This configuration applies to the Digital Society's production secure DNS resolver. This document describes how to use the Ansible setup for your own setup.
 
 If you are interested in:
 
@@ -12,8 +11,7 @@ If you are interested in:
 
 ## Apply the Ansible Configuration
 
-This step is very common, as soon as the Ansible configuration files are changed this step will activate the new
-configuration on the DNS resolvers.
+This step is very common, as soon as the Ansible configuration files are changed this step will activate the new configuration on the DNS resolvers.
 
 Change into `configuraiton-files` and start a dry-run of the Ansible configuration.
 
@@ -22,19 +20,17 @@ cd configuration-files
 ansible-playbook --ask-become-pass --ask-vault-pass resolver.yml --check
 ```
 
-When the output does not contain any unexpected surprises, remove the flag `--check` to definitively apply the
-configuration to the DNS resolvers.
+When the output does not contain any unexpected surprises, remove the flag `--check` to definitively apply the configuration to the DNS resolvers.
 
 ## Initial Setup
 
-This step only done when a new server is added and the Ansible configuration shall be applied the very first time.
+This step is only performed if a new server is being added and the Ansible configuration is to be applied for the first time.
 
 1. Run the playbook:
    ```shell
    ansible-playbook  --ask-become-pass --ask-vault-pass resolver.yml
    ```
-2. Login to the server via SSH and create TLS certificates manually. Each productive server has two separate Let's
-   Encrypt certificates. Following an example dry run on host `res3`. Remove `--dry-run` once there are no errors.
+2. Login to the server via SSH and create TLS certificates manually. Each productive server has two separate Let's Encrypt certificates. Following an example dry run on host `res3`. Remove `--dry-run` once there are no errors.
    ```shell
    sudo certbot certonly --config /etc/letsencrypt/cli.ini --key-type ecdsa --cert-name res3.digitale-gesellschaft.ch.ecdsa -d res3.digitale-gesellschaft.ch --dry-run
    sudo certbot certonly --config /etc/letsencrypt/cli.ini --key-type ecdsa --cert-name dns.digitale-gesellschaft.ch.ecdsa -d dns.digitale-gesellschaft.ch -d dns1.digitale-gesellschaft.ch -d dns2.digitale-gesellschaft.ch --dry-run

howtos/browser/firefox-DE.md

@@ -6,9 +6,9 @@ Mozilla hat DoH ab Firefox Version 62 integriert.
 
 Diese Einstellungen sind alle per grafischem User Interface (GUI) durchführbar und können relativ einfach und schnell konfiguriert werden.
 
-0. Öffne die _Einstellungen_ via _Extras_ im Menü.
-1. Scrolle im Bereich _Allgemein_ ganz nach unten und wähle in der Sektion Verbindungs-Einstellungen den Knopf _Einstellungen_.
-2. Aktiviere _DNS über HTTPS aktivieren_ und wähle Benutzerdefiniert. Im neuen Feld nun URL `https://dns.digitale-gesellschaft.ch/dns-query` eingeben.
+1. Öffne die _Einstellungen_ via _Extras_ im Menü.
+2. Scrolle im Bereich _Allgemein_ ganz nach unten und wähle in der Sektion Verbindungs-Einstellungen den Knopf _Einstellungen_.
+3. Aktiviere _DNS über HTTPS aktivieren_ und wähle Benutzerdefiniert. Im neuen Feld nun URL `https://dns.digitale-gesellschaft.ch/dns-query` eingeben.
 
 ![Firefox mit DoH konfigurieren](img/ff-doh-EN.png)
 

howtos/browser/opera-DE.md

@@ -2,8 +2,8 @@
 
 ## Grundeinstellung
 
-0. Öffne die _Browser Einstellungen_ oben rechts oder gebe `opera://settings` in die URL-Zeile ein.
-1. Scrolle nach unten bis zur Kategorie System.
-2. Aktiviere _DNS über HTTPS aktivieren_ und wähle _Benutzerdefiniert_. Im neuen Feld nun URL `https://dns.digitale-gesellschaft.ch/dns-query` eingeben.
+1. Öffne die _Browser Einstellungen_ oben rechts oder gebe `opera://settings` in die URL-Zeile ein.
+2. Scrolle nach unten bis zur Kategorie System.
+3. Aktiviere _DNS über HTTPS aktivieren_ und wähle _Benutzerdefiniert_. Im neuen Feld nun URL `https://dns.digitale-gesellschaft.ch/dns-query` eingeben.
 
 ![Opera mit DoH konfigurieren](img/opera-doh-EN.png)

howtos/os/android-DE.md

@@ -4,8 +4,8 @@ Google bietet DoT ab Version 9 (Pie) über die Netzwerkeinstellungen an. Lineage
 
 ## Grundeinstellung
 
-0. Öffne die _Einstellungen_ im Appmenu
-1. Wähle _Netzwerk & Internet_ und dann _Erweitert_
-2. Öffne die Einstellung Private DNS und trage unter Private DNS provider hostname `dns.digitale-gesellschaft.ch` ein.
+1. Öffne die _Einstellungen_ im Appmenu
+2. Wähle _Netzwerk & Internet_ und dann _Erweitert_
+3. Öffne die Einstellung Private DNS und trage unter Private DNS provider hostname `dns.digitale-gesellschaft.ch` ein.
 
 ![Android / Lineage mit DoT konfigurieren](img/android-dot-EN.png)