From 227385612b1242ce42b2108718ed66fad78a74b5 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Mon, 8 Jan 2024 10:22:16 +0100
Subject: [PATCH] Updated FAQ

---
 FAQ.md     | 1 +
 index.html | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/FAQ.md b/FAQ.md
index c2e88ab63c..853322ca4a 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -5687,6 +5687,7 @@ You can enable enforcing DNSSEC and/or DANA in the (advanced) account and identi
 
 Note that only some email providers support DANE and that only a limited number of DNS servers support DNSSEC (January 2024: ~30%), which is required for DANE.
 Most private DNS providers support DNSSEC, though. You can configure private DNS in the Android network settings.
+To be sure that private DNS is being used, better configure a host name like *dns.google*, *1dot1dot1dot1.cloudflare-dns.com* or *dns.quad9.net*.
 An alternative is using Certificate Transparency, see the previous FAQ.
 
 Email providers known to support DANE:
diff --git a/index.html b/index.html
index ef85717e96..e3e65a8185 100644
--- a/index.html
+++ b/index.html
@@ -2780,7 +2780,7 @@ adb install /path/to/FairEmail-xxx.apk</code></pre>
 <p>Please see <a href="https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md">this article</a> about what DANE is. Alternatively, see <a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">this Wikipedia article</a>.</p>
 <p>You can use <a href="https://ssl-tools.net/tlsa-generator">this tool</a> to generate TLSA DNS records for DANE.</p>
 <p>You can enable enforcing DNSSEC and/or DANA in the (advanced) account and identity settings (since version 1.2149).</p>
-<p>Note that only some email providers support DANE and that only a limited number of DNS servers support DNSSEC (January 2024: ~30%), which is required for DANE. Most private DNS providers support DNSSEC. You can configure private DNS in the Android network settings. An alternative is using Certificate Transparency, see the previous FAQ.</p>
+<p>Note that only some email providers support DANE and that only a limited number of DNS servers support DNSSEC (January 2024: ~30%), which is required for DANE. Most private DNS providers support DNSSEC, though. You can configure private DNS in the Android network settings. To be sure that private DNS is being used, better configure a host name like <em>dns.google</em>, <em>1dot1dot1dot1.cloudflare-dns.com</em> or <em>dns.quad9.net</em>. An alternative is using Certificate Transparency, see the previous FAQ.</p>
 <p>Email providers known to support DANE:</p>
 <ul>
 <li><a href="https://email.freenet.de/">Freenet.de</a></li>