From c5c7d1d96e434c1dde694ef295053335b82e59cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Sat, 30 Jul 2022 14:20:03 +0200
Subject: [PATCH] Fix issues with markdownlint-cli2 0.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 docs/core/pihole-command.md                | 3 +--
 docs/ftldns/configfile.md                  | 6 +++---
 docs/group_management/example.md           | 2 +-
 docs/guides/dns/cloudflared.md             | 4 ++--
 docs/guides/misc/tor/overview.md           | 6 +++---
 docs/guides/misc/tor/performance-issues.md | 6 +++---
 docs/guides/misc/tor/using-tor.md          | 4 ++--
 7 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/docs/core/pihole-command.md b/docs/core/pihole-command.md
index d0281b9..69bd709 100644
--- a/docs/core/pihole-command.md
+++ b/docs/core/pihole-command.md
@@ -30,7 +30,7 @@ Pi-hole makes use of many commands, and here we will break down those required t
 [Version](#version) | `pihole version`
 [Uninstall](#uninstall) | `pihole uninstall`
 [Status](#status) | `pihole status`
-[Enable & Disable](#enable-disable) | `pihole enable`
+[Enable & Disable](#enable-&-disable) | `pihole enable` <!-- markdownlint-disable-line MD051 -->
 [Restart DNS](#restart-dns) | `pihole restartdns`
 [Checkout](#checkout) | `pihole checkout`
 
@@ -269,7 +269,6 @@ Switch Pi-hole subsystems to a different GitHub branch. An admin can specify rep
 [Password](#password) | `pihole -a password`
 [Teleport](#teleport) | `pihole -a -t`
 [Temperature Unit](#temperature-unit) | `pihole -a celsius`, `pihole -a fahrenheit`, `pihole -a kelvin`
-[Host Record](#host-record) | `pihole -a hostrecord`
 [Email Address](#email-address) | `pihole -a email`
 [Interface](#interface) | `pihole -a interface`
 
diff --git a/docs/ftldns/configfile.md b/docs/ftldns/configfile.md
index 63f2199..07e60c6 100644
--- a/docs/ftldns/configfile.md
+++ b/docs/ftldns/configfile.md
@@ -53,7 +53,7 @@ By default, `FTL` determines the address of the interface a query arrived on and
 - `<the device's hostname>.<local domain>`
 
 #### `LOCAL_IPV6=` (unset by default, PR [#1293](https://github.com/pi-hole/FTL/pull/1293)) {#local_ipv6 data-toc-label='Force local AAAA reply'}
-
+<!-- markdownlint-disable-next-line MD051 -->
 Used to overwrite the IP address for local `AAAA` queries. See [`LOCAL_IPV4`](#local_ipv4) for details when this setting is used.
 
 #### `BLOCK_IPV4=` (unset by default, PR [#1293](https://github.com/pi-hole/FTL/pull/1293)) {#block_ipv4 data-toc-label='Force blocked A reply'}
@@ -64,7 +64,7 @@ By default, `FTL` determines the address of the interface a query arrived on and
 - A regular expression with the [`;reply=IP` regex extension](../regex/pi-hole.md#specify-reply-type) is used
 
 #### `BLOCK_IPV6=` (unset by default, PR [#1293](https://github.com/pi-hole/FTL/pull/1293)) {#block_ipv6 data-toc-label='Force blocked AAAA reply'}
-
+<!-- markdownlint-disable-next-line MD051 -->
 Used to overwrite the IP address for blocked `AAAA` queries. See [`BLOCK_IPV4`](#block_ipv4) for details when this setting is used.
 
 #### `REPLY_WHEN_BUSY=DROP|ALLOW|BLOCK|REFUSE` (PR [#1156](https://github.com/pi-hole/FTL/pull/1156) & PR [#1341](https://github.com/pi-hole/FTL/pull/1341)) {#reply_when_busy data-toc-label='Database busy reply'}
@@ -219,7 +219,7 @@ FTL stores history in shared memory to allow inter-process communication with fo
 By default, FTL warns if the shared-memory usage exceeds 90%. You can set any integer limit between `0` to `100` (interpreted as percentages) where `0` means that checking of shared-memory usage is disabled.
 
 #### `CHECK_DISK=90` (PR [#1249](https://github.com/pi-hole/FTL/pull/1249)) {#check_disk data-toc-label='Check disk space'}
-
+<!-- markdownlint-disable-next-line MD051 -->
 FTL stores its long-term history in a database file on disk (see [here](../database/index.md)). Furthermore, FTL stores log files (see, e.g., [here](#file_LOGFILE)).
 
 By default, FTL warns if usage of the disk holding any crucial file exceeds 90%. You can set any integer limit between `0` to `100` (interpreted as percentages) where `0` means that checking of disk usage is disabled.
diff --git a/docs/group_management/example.md b/docs/group_management/example.md
index 8121689..a7f6e6b 100644
--- a/docs/group_management/example.md
+++ b/docs/group_management/example.md
@@ -196,7 +196,7 @@ Client        | Group membership | Domain | Blocked
 192.168.0.102 |   Group 2 + Default   | doubleclick.net | **No**
 192.168.0.103 |   Group 3 + Default   | doubleclick.net | **No**
 
-Client `192.168.0.101` is not whitelisting this domain as we removed the default assignment through group 0 above. All remaining clients are linked through the default group to this domain and see it as being whitelisted. Note that this is completely analog to [step 1](#step-1_1) of [example 3](#example-3-blacklisting).
+Client `192.168.0.101` is not whitelisting this domain as we removed the default assignment through group 0 above. All remaining clients are linked through the default group to this domain and see it as being whitelisted. Note that this is completely analog to step 1 of [example 3](#example-3-blacklisting).
 
 ### Step 2
 
diff --git a/docs/guides/dns/cloudflared.md b/docs/guides/dns/cloudflared.md
index fa3d6b4..7df5545 100644
--- a/docs/guides/dns/cloudflared.md
+++ b/docs/guides/dns/cloudflared.md
@@ -1,4 +1,4 @@
-### Why use DNS-Over-HTTPS?
+### Why use DNS-Over-HTTPS? [^guide]
 
 DNS-Over-HTTPS is a protocol for performing DNS lookups via the same protocol you use to browse the web securely: **HTTPS**.
 
@@ -264,4 +264,4 @@ sudo systemctl daemon-reload
 
 After the above, don't forget to change the DNS back to something else in Pi-hole's DNS settings!
 
-[^guide]: Based on [this guide by Ben Dews | bendews.com](https://bendews.com/posts/implement-dns-over-https/)
+[^guide]: Guide based on [this guide by Ben Dews | bendews.com](https://bendews.com/posts/implement-dns-over-https/)
diff --git a/docs/guides/misc/tor/overview.md b/docs/guides/misc/tor/overview.md
index bd9c09f..e5464aa 100644
--- a/docs/guides/misc/tor/overview.md
+++ b/docs/guides/misc/tor/overview.md
@@ -12,7 +12,7 @@ If you got spare resources, consider [running a Tor Relay](https://community.tor
 
 #### Tracking
 
-Please be aware that **your ISP or an Adversary still can collect what Websites you visit by capturing HTTP (plaintext) or HTTPS ([SNI](https://en.wikipedia.org/wiki/Server_Name_Indication)) packets or by trying to [reverse lookup](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) or [whois](https://en.wikipedia.org/wiki/WHOIS) the IPs you're connecting to**. To avoid that you might want to consider to additionally [route your Browser traffic over Tor](#route-browser-traffic-over-tor).
+Please be aware that **your ISP or an Adversary still can collect what Websites you visit by capturing HTTP (plaintext) or HTTPS ([SNI](https://en.wikipedia.org/wiki/Server_Name_Indication)) packets or by trying to [reverse lookup](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) or [whois](https://en.wikipedia.org/wiki/WHOIS) the IPs you're connecting to**. To avoid that you might want to consider to additionally route your browser traffic over Tor.
 
 Also keep in mind that even Tor can't provide 100% anonymity, for example [correlation](https://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption) [attacks](https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/) are possible. Although it's almost impossible to execute such an attack for e.g. your ISP or a random service on the internet - you might need to change some of your habits to get the most out of Tor.
 
@@ -28,13 +28,13 @@ Such apps could get malicious data injected and/or phish your data without your
 
 That being said, if you use DNS over Tor in the default configuration (meaning no custom `ExitNodes` in the torrc), this kind of attack requires a big portion of luck for the attacker (owner of a Bad Exit Node), because you would have to get a circuit routing over the Bad Exit Node in the same moment when using an insecure app (Tor switches the circuit at least every 10minutes in the default configuration). On top of that, an attacker must first find an app that has this kind of vulnerability and has valuable data or attack vectors. This is unlikely since most apps out there that handle sensitive data at least communicate over encrypted connections that validate certificates based on system or manual root certs.
 
-To lower the chances of Bad Exit Nodes you could restrict `ExitNodes` to trusted ones ([country](#solution-1---only-use-exit-nodes-from-specific-countries) and/or [specific](#solution-2---only-use-specific-exit-nodes)). Choosing specific Exit Nodes would basically be the same as e.g. trusting specific [DNSCrypt resolvers](#alternatives) or [Alternative DNS Servers](https://wikileaks.org/wiki/Alternative_DNS). They might be good, they might be bad, you can't know for sure (unless the DNS answers are [DNSSEC](#dnssec) signed - but that's most likely not the case for the kinds of app that might get affected by this).
+To lower the chances of Bad Exit Nodes you could restrict `ExitNodes` to trusted ones (country and/or specific). Choosing specific Exit Nodes would basically be the same as e.g. trusting specific DNSCrypt resolvers or [alternative DNS servers](https://wikileaks.org/wiki/Alternative_DNS/). They might be good, they might be bad, you can't know for sure (unless the DNS answers are [DNSSEC](https://docs.pi-hole.net/guides/misc/tor/dnssec/) signed - but that's most likely not the case for the kinds of app that might get affected by this).
 
 So, in the end, it boils down to one of the following use cases.
 
 - Encrypt your DNS traffic using Tor so your ISP can't collect it (but still is able to [collect what Websites/IPs you visit](#tracking) unless you route that traffic also over Tor) and the DNS Server won't see your real IP for the price of maybe getting a Bad Exit Node that fakes answers to DNS queries.
 
-- Use [DNSCrypt](#alternatives) so your ISP can't collect DNS traffic (but still can collect the websites/IPs you visit unless you route that traffic over Tor), but you have to accept that the DNSCrypt resolver you've chosen might store your DNS queries together with your IP (unless you [modify DNSCrypt to route over Tor](https://github.com/DNSCrypt/dnscrypt-proxy/blob/7b7107902bd7eb2298ff66d8690ab4b0b96595c8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L95)) and could also turn out to send faked answers to DNS queries. I guess you would call that a Bad DNSCrypt resolver then.
+- Use DNSCrypt so your ISP can't collect DNS traffic (but still can collect the websites/IPs you visit unless you route that traffic over Tor), but you have to accept that the DNSCrypt resolver you've chosen might store your DNS queries together with your IP (unless you [modify DNSCrypt to route over Tor](https://github.com/DNSCrypt/dnscrypt-proxy/blob/7b7107902bd7eb2298ff66d8690ab4b0b96595c8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L95)) and could also turn out to send faked answers to DNS queries. I guess you would call that a Bad DNSCrypt resolver then.
 
 - Use an unencrypted alternative DNS server (there are a lot of lists out there). In this case, your ISP easily can record your DNS traffic *and* the alternative DNS server can store your DNS queries together with your IP. On top of that, your ISP or the alternative DNS could also fake the answer to the DNS queries. That would be a Bad Alternative DNS Server then.
 
diff --git a/docs/guides/misc/tor/performance-issues.md b/docs/guides/misc/tor/performance-issues.md
index 2c05150..b14aade 100644
--- a/docs/guides/misc/tor/performance-issues.md
+++ b/docs/guides/misc/tor/performance-issues.md
@@ -8,7 +8,7 @@ Keep in mind that this approach increases the correlation attack vulnerability i
 
 **Ok, but please just tell me how to avoid timeouts**
 
-So you've read about [Performance, Reliability and Timeouts](#performance-reliability-and-timeouts) and just want a quick solution.
+So you've read about Performance, Reliability and Timeouts and just want a quick solution.
 
 This is not recommended, but here are some things you can do:
 
@@ -35,7 +35,7 @@ This is not recommended, but here are some things you can do:
     sudo service tor restart
     ```
 
-**Note:** Using this approach you put a strain on Tor Relays in the selected countries only and increase your security vulnerability. It's not nice and not recommended. Also, be aware that this change also affects which Exit Nodes are used if you [Route Your Browser Traffic](#your-browser) over the Pi-hole host Tor SocksPort.
+**Note:** Using this approach you put a strain on Tor Relays in the selected countries only and increase your security vulnerability. It's not nice and not recommended. Also, be aware that this change also affects which Exit Nodes are used if you route your browser traffic over the Pi-hole host Tor SocksPort.
 
 ##### Solution 2 - Only use specific Exit Nodes
 
@@ -57,7 +57,7 @@ This is not recommended, but here are some things you can do:
 
 6. If DNS requests stop resolving at all, you might need to repeat this procedure because the Relays you chose might've gone down.
 
-**Note:** Using this approach you put a strain on single Tor Relays and increase your security vulnerability. It's not nice and not recommended. Also, be aware that this change also affects which Exit Nodes are used if you [Route Your Browser Traffic](#your-browser) over the Pi-hole host Tor SocksPort.
+**Note:** Using this approach you put a strain on single Tor Relays and increase your security vulnerability. It's not nice and not recommended. Also, be aware that this change also affects which Exit Nodes are used if you route your browser traffic over the Pi-hole host Tor SocksPort.
 
 **Hint:** You can combine both Solutions and have country codes and fingerprints as `ExitNodes`.
 
diff --git a/docs/guides/misc/tor/using-tor.md b/docs/guides/misc/tor/using-tor.md
index a627474..094897a 100644
--- a/docs/guides/misc/tor/using-tor.md
+++ b/docs/guides/misc/tor/using-tor.md
@@ -4,7 +4,7 @@ To enhance your privacy you might want to route all or part of your Browser Traf
 
 ### Tor Browser
 
-The easiest and most reliable solution would be to use the [Tor Browser](https://www.torproject.org/download/). Though that won't use your Pi-hole DNS Server out of the box. You can, however, disable `Proxy DNS when using SOCKS v5` in Tor Browsers Preferences -> Advanced -> Network -> Settings and [make sure](#make-sure-it-works) to point your system to use Pi-hole with DNS over Tor activated.
+The easiest and most reliable solution would be to use the [Tor Browser](https://www.torproject.org/download/). Though that won't use your Pi-hole DNS Server out of the box. You can, however, disable `Proxy DNS when using SOCKS v5` in Tor Browsers Preferences -> Advanced -> Network -> Settings and make sure to point your system to use Pi-hole with DNS over Tor activated.
 
 ### Your Browser
 
@@ -22,7 +22,7 @@ Restart Tor
 sudo service tor restart
 ```
 
-Point your browser to use your Pi-hole IP or Hostname (e.g. `pi.hole`) and `Port 9050` as Socks5 Proxy. Do not enable `Proxy DNS when using SOCKS v5` and [make sure](#make-sure-it-works) to point your system to use Pi-hole with DNS over Tor activated.
+Point your browser to use your Pi-hole IP or Hostname (e.g. `pi.hole`) and `Port 9050` as Socks5 Proxy. Do not enable `Proxy DNS when using SOCKS v5` and make sure to point your system to use Pi-hole with DNS over Tor activated.
 
 * For Chrome you can either use e.g. the [Proxy SwitchyOmega Extension](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif) or start Chrome with [command-line parameters](https://www.chromium.org/developers/design-documents/network-stack/socks-proxy).