feat: Get started on DANE

TESTING.md

@@ -89,6 +89,34 @@ To verify that your proxy is using the DoH server for DNS resolution:
 3. You should see messages indicating DoH lookups to hnsdoh.com
 4. The proxy should log the resolved IP addresses
 
+## Testing DANE Support
+
+FireProxy now includes DANE (DNS-based Authentication of Named Entities) support for enhanced security. When a valid DANE record is found for a domain, the proxy will:
+
+1. Verify the server's certificate against the DANE record
+2. If valid, generate a new trusted certificate signed by the FireProxy CA
+3. Present this certificate to the client, avoiding certificate warnings
+
+### Setting Up Your Browser to Trust the FireProxy CA
+
+Before testing DANE support, you need to import the FireProxy CA certificate into your browser:
+
+1. Start the proxy server once to generate the CA certificate
+2. Import the generated CA certificate (located in `ca/ca_cert.pem`) into your browser:
+   - **Firefox**: Go to Settings → Privacy & Security → Certificates → View Certificates → Import
+   - **Chrome**: Go to Settings → Privacy and security → Security → Manage certificates → Import
+
+### Verifying DANE Operation
+
+1. Configure your browser to use the proxy
+2. Visit a website that has valid DANE records (e.g., https://dane.example.com)
+3. Check the proxy logs to see DANE verification messages
+4. Examine the certificate presented to your browser - it should be issued by "FireProxy CA"
+
+### Simulating DANE for Testing
+
+For testing purposes, FireProxy simulates DANE records for all domains. In a production environment, you would modify the code to properly query and validate actual DANE records.
+
 ## Troubleshooting
 
 ### Common Issues