Domain Name System (DNS)
{% include cardv2.html
title="OpenNIC - Service"
image="/assets/img/tools/OpenNIC.png"
description="OpenNIC is an alternate network information center/alternative DNS root which lists itself as an alternative to ICANN and its registries. Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of the Internet."
website="https://www.opennic.org/"
forum="https://forum.privacytools.io/t/discussion-opennic/338"
github="https://github.com/OpenNIC"
%}
{% include cardv2.html
title="Njalla - Domain Registration"
image="/assets/img/provider/Njalla.png"
description="Njalla only needs your email or jabber address in order to register a domain name for you. Created by people from The Pirate Bay and IPredator VPN. Accepted Payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal. A privacy-aware domain registration service."
website="https://njal.la/"
tor="http://njalladnspotetti.onion"
forum="https://forum.privacytools.io/t/discussion-njalla/339"
%}
{% include cardv2.html
title="DNSCrypt - Tool"
image="/assets/img/tools/DNSCrypt.png"
description="A protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver."
website="https://dnscrypt.info/"
forum="https://forum.privacytools.io/t/discussion-dnscrypt/340"
github="https://github.com/jedisct1/dnscrypt-proxy"
%}
Worth Mentioning
- NoTrack - A network-wide DNS server which blocks Tracking sites. Currently works in Debian and Ubuntu.
- Namecoin - A decentralized DNS open source information registration and transfer system based on the Bitcoin cryptocurrency.
- Pi-hole - A network-wide DNS server for the Raspberry Pi. Blocks advertising and tracking domains for all devices on your network.
Encrypted ICANN DNS Providers
Note: Using an encrypted DNS resolver will not make you anonymous, nor hide your internet traffic from your Internet Service Provider. But it will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here.
ICANN DNS Provider |
Server Locations |
Privacy Policy |
Type |
Logging |
Protocols |
DNSSEC |
QNAME Minimization |
Filtering |
Source Code |
AdGuard
|
Anycast (based in Cyprus) |
|
Commercial |
No |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Ads, trackers, malicious domains |
|
BlahDNS
|
Switzerland, Japan, Germany |
|
Hobby Project |
No |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Ads, trackers, malicious domains |
|
Cloudflare
|
Anycast (based in US) |
|
Commercial |
Some |
DoH, DoT, DNSCrypt |
Yes |
Yes |
No |
|
CZ.NIC
|
Czech Republic |
|
Association |
No |
DoH, DoT |
Yes |
Yes |
? |
? |
dnswarden
|
Germany |
|
Hobby Project |
No |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Based on server choice |
? |
Foundation for Applied Privacy
|
Austria |
|
Non-Profit |
Some |
DoH, DoT |
Yes |
Yes |
No |
? |
nextdns
|
Anycast (based in US) |
|
Commercial |
Based on user choice |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Based on user choice |
? |
PowerDNS
|
The Netherlands |
|
Hobby Project |
No |
DoH |
Yes |
No |
No |
|
Quad9
|
Anycast (based in US) |
|
Non-Profit |
Some |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Malicious domains |
? |
SecureDNS
|
The Netherlands |
|
Hobby Project |
No |
DoH, DoT, DNSCrypt |
Yes |
Yes |
Based on server choice |
? |
UncensoredDNS
|
Anycast (based in Denmark) |
|
Hobby Project |
No |
DoT |
Yes |
No |
No |
? |
Terms
- DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853.
- DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
- DNSCrypt - An older yet robust method of encrypting DNS.
Worth Mentioning and Additional Information