DNS / Domain Providers

Don't let Google see all your DNS traffic. Discover privacy-centric alternatives to the traditional DNS providers.

Domain Name System (DNS)

OpenNIC - Service

OpenNIC - Service OpenNIC is an alternate network information center/alternative DNS root which lists itself as an alternative to ICANN and its registries. Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of the Internet.


Njalla - Domain Registration

Njalla - Domain Registration Njalla only needs your email or jabber address in order to register a domain name for you. Created by people from The Pirate Bay and IPredator VPN. Accepted Payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal. A privacy-aware domain registration service.


DNSCrypt - Tool

DNSCrypt - Tool A protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.


Encrypted ICANN DNS Providers

ICANN DNS Provider Server Locations Privacy Policy Type Logging Protocols DNSSEC QNAME Minimization Filtering Source Code
AdGuard Anycast (based in Cyprus) WWW Commercial No DoH, DoT, DNSCrypt Yes Yes Ads, trackers, malicious domains WWW
BlahDNS Switzerland, Japan, Germany WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Ads, trackers, malicious domains WWW
Cloudflare Anycast (based in US) WWW Commercial Some DoH, DoT, DNSCrypt Yes Yes No WWW
CZ.NIC Czech Republic WWW Association No DoH, DoT Yes Yes ? ?
dnswarden Germany WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Based on server choice ?
Foundation for Applied Privacy Austria WWW Non-Profit Some DoH, DoT Yes Yes No ?
nextdns Anycast (based in US) WWW Commercial Based on user choice DoH, DoT, DNSCrypt Yes Yes Based on user choice ?
PowerDNS The Netherlands WWW Hobby Project No DoH Yes No No WWW
Quad9 Anycast (based in US) WWW Non-Profit Some DoH, DoT, DNSCrypt Yes Yes Malicious domains ?
SecureDNS The Netherlands WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Based on server choice ?
UncensoredDNS Anycast (based in Denmark) WWW Hobby Project No DoT Yes No No ?

Terms

  • DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
  • DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
  • DNSCrypt - An older yet robust method of encrypting DNS.

Worth Mentioning and Additional Information

  • Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. Currently Mozilla is conducting studies before enabling DoH by default for all US-based Firefox users.
  • Android 9 comes with a DoT client by default.
  • DNSCloak - An open-source DNSCrypt and DoH client for iOS by the Center for the Cultivation of Technology gemeinnuetzige GmbH.
  • Pi-hole - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.
  • NoTrack - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.
  • Stubby - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.
  • Namecoin - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.
  • QNAME Minimization and Your Privacy by the Internet Systems Consortium (ISC)
  • DNSSEC and BIND 9 by the ISC