Encrypted DNS Resolvers
Don't let Google see all your DNS traffic. Discover privacy-centric alternatives to the traditional DNS providers.
|AdGuard||Anycast (based in Cyprus)||Commercial||Some||DoH, DoT, DNSCrypt||Yes||Yes||Based on server choice||Choopa, LLC, Serveroid, LLC|
|BlahDNS||Finland, Germany, Japan Singapore||Hobby Project||No||DoH, DoT , DNSCrypt||Yes||Yes||Ads, trackers, malicious domains Based on server choice only for DoH||Choopa, LLC, Hetzner Online GmbH|
|Cloudflare||Anycast (based in US)||Commercial||Some||DoH, DoT||Yes||Yes||Based on server choice||?||Self|
|CZ.NIC||Czech Republic||Association||No||DoH, DoT||Yes||Yes||?||?||Self|
|Foundation for Applied Privacy||Austria||Non-Profit||Some||DoH, DoT||Yes||Yes||No||?||IPAX OG|
|LibreDNS||Germany||Informal collective||No||DoH, DoT||Yes||Yes||Based on server choice only for DoH||Hetzner Online GmbH|
|NextDNS||Anycast (based in US)||Commercial||Based on user choice||DoH, DoT, DNSCrypt||Yes||Yes||Based on server choice||?||Self|
|NixNet||Anycast (based in US), US, Luxembourg||Informal collective||No||DoH, DoT||Yes||Yes||Based on server choice||FranTech Solutions|
|PowerDNS||The Netherlands||Hobby Project||No||DoH||Yes||No||No||TransIP B.V. Admin|
|Quad9||Anycast (based in US)||Non-Profit||Some||DoH, DoT, DNSCrypt||Yes||Yes||Malicious domains||?||Self, Packet Clearing House|
|Snopyta||Finland||Informal collective||No||DoH, DoT||Yes||Yes||No||?||Hetzner Online GmbH|
|UncensoredDNS||Anycast (based in Denmark), Denmark, US||Hobby Project||No||DoT||Yes||No||No||?||Self, Telia Company AB|
A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.
Firefox's built-in DNS-over-HTTPS resolver
Android 9's built-in DNS-over-TLS resolver
In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in Safari). After installation, the encrypted DNS server can be selected in Settings → General → VPN and Network → DNS.
- Signed profiles are offered by AdGuard and NextDNS.
- User contributed unsigned profiles for several DNS providers are hosted by encrypted-dns.party.
A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. Warning
With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS.
A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays.