Secure DNS Resolvers

Don't stay safe. Stay free.

DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides only your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with.

Encrypted DNS Client Recommendations For Desktop


Unbound is a validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.

Functional range

Usability

Software speed


dnscrypt-proxy is a DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.

Functional range

Usability

Software speed


Stubby is an application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.

Functional range

Usability

Software speed


Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually use any other DoH resolver.

Functional range

Usability

Software speed


Encrypted DNS Client Recommendations For iOS


DNSCloak is an open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.

Functional range

Usability

Software speed


Encrypted DNS Client Recommendations For Android


Nebulo is an open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.

Functional range

Usability

Software speed