DNS / Domain Providers
Don't let Google see all your DNS traffic. Discover privacy-centric alternatives to the traditional DNS providers.
OpenNIC - Service
Njalla - Domain Registration
DNSCrypt - Tool
Note: Using an encrypted DNS resolver will not make you anonymous, nor hide your internet traffic from your Internet Service Provider. But it will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here.
|AdGuard||Anycast (based in Cyprus)||Commercial||No||DoH, DoT, DNSCrypt||Yes||Yes||Ads, trackers, malicious domains|
|BlahDNS||Switzerland, Japan, Germany||Hobby Project||No||DoH, DoT, DNSCrypt||Yes||Yes||Ads, trackers, malicious domains|
|Cloudflare||Anycast (based in US)||Commercial||Some||DoH, DoT, DNSCrypt||Yes||Yes||No|
|CZ.NIC||Czech Republic||Association||No||DoH, DoT||Yes||Yes||?||?|
|dnswarden||Germany||Hobby Project||No||DoH, DoT, DNSCrypt||Yes||Yes||Based on server choice||?|
|Foundation for Applied Privacy||Austria||Non-Profit||Some||DoH, DoT||Yes||Yes||No||?|
|nextdns||Anycast (based in US)||Commercial||Based on user choice||DoH, DoT, DNSCrypt||Yes||Yes||Based on user choice||?|
|PowerDNS||The Netherlands||Hobby Project||No||DoH||Yes||No||No|
|Quad9||Anycast (based in US)||Non-Profit||Some||DoH, DoT, DNSCrypt||Yes||Yes||Malicious domains||?|
|SecureDNS||The Netherlands||Hobby Project||No||DoH, DoT, DNSCrypt||Yes||Yes||Based on server choice||?|
|UncensoredDNS||Anycast (based in Denmark)||Hobby Project||No||DoT||Yes||No||No||?|
- DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
- DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
- DNSCrypt - An older yet robust method of encrypting DNS.
Worth Mentioning and Additional Information
- Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. Currently Mozilla is conducting studies before enabling DoH by default for all US-based Firefox users.
- Android 9 comes with a DoT client by default.
- DNSCloak - An open-source DNSCrypt and DoH client for iOS by
the Center for the Cultivation of Technology gemeinnuetzige GmbH.
- Pi-hole - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.
- NoTrack - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.
- Stubby - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.
- Namecoin - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.
- QNAME Minimization and Your Privacy by the Internet Systems Consortium (ISC)
- DNSSEC and BIND 9 by the ISC