Privacy-focused public DNS resolver for the UK. Offers secure, encrypted DNS services to protect browsing activity without logs or tracking. Compatible with various devices and ISPs.
Features
Encrypted DNS with TLS
Protect your DNS queries with DNS-over-TLS, ensuring secure communication and shielding your browsing activity from prying eyes.
Encrypted DNS over HTTPS
Leverage the power of DNS-over-HTTPS to encrypt your queries in transit, providing privacy with compatibility across modern browsers and devices.
Getting Started
Provides step-by-step instructions to set up and configure the DNS service, making it accessible for both tech-savvy users and newcomers.
How it Works
Explains how the service helps safeguard privacy while maintaining fast query speeds, giving users a better understanding of its operation and benefits.
FAQs
Offers answers to common questions about DNS, privacy, and troubleshooting, providing users with quick solutions and information.
Community Support
Invites users to join discussions and contribute to the project, fostering a sense of community and collaboration.
DNS Leak Tests
Runs multiple DNS leak tests using random subdomains to identify which DNS servers are resolving queries. This helps to detect DNS leaks, expose unencrypted lookups, and verify whether traffic is using secure DNS resolvers.
Privacy-first DNS services
Focuses on providing DNS services that protect the online activity of UK internet users, emphasizing privacy and security without costs to users.
Use of encrypted technologies
Leverages encrypted technologies like DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) to safeguard user data and prevent unauthorized data tracking or surveillance.
DNS-over-HTTPS (DoH)
Provides secure and privacy-focused DNS resolution using DNS over HTTPS, ensuring the security of DNS queries by encrypting them through HTTPS protocol.
DNS-over-TLS (DoT)
Supports DNS-over-TLS, offering privacy-focused DNS queries that are encrypted using the Transport Layer Security protocol to prevent eavesdropping and manipulation.
Traditional DNS on port 53
Offers traditional DNS resolution via port 53, providing standard DNS services with privacy enhancements.
Recursive DNS Resolver
A server that handles DNS queries on behalf of users. It resolves the queries by recursively querying multiple DNS servers to find the correct IP address, instead of directly finding the answer.
Query Process for Recursive DNS
A step-by-step process where the DNS resolver checks the local cache first. If not found, it queries root DNS servers, then TLD servers, and finally authoritative servers to find the IP address of a domain.
Importance of Recursive DNS
Enhances internet browsing speed and efficiency by caching queries, reducing network traffic. It supports DNSSEC validation to ensure security and can filter out malicious domains. Trusted resolvers can prevent data logging and support DNS over HTTPS and DNS over TLS for added privacy.
Comparison of DNS Types
Distinguishes between Recursive DNS Resolvers, which find answers for clients and cache responses temporarily, and Authoritative DNS Servers, which provide permanent answers for specific domains.
Cache Expiration Management
Handles Time-to-Live (TTL) settings for DNS records to determine how long cached records are valid, ensuring up-to-date information and reducing unnecessary lookups.
Enhanced Security with DNSSEC
Validates DNSSEC to prevent cache poisoning attacks, protecting against malicious actors attempting to redirect traffic to harmful destinations.
Encrypted DNS Support
Supports encrypted DNS (DoH/DoT) to protect user privacy and secure DNS queries from being intercepted or tampered with.
Improved Browsing Speed
Allows cached DNS records to load web pages faster by reducing lookups and minimizing response times, thereby lowering latency.
Digital Signatures
DNS zones digitally sign their records using public-key cryptography to verify authenticity.
Chain of Trust
Each DNS zone's signature is validated by the parent zone, creating a trust chain up to the root DNS servers.
DNSSEC-Protected DNS Resolvers
Resolvers supporting DNSSEC use digital signatures to confirm DNS records have not been altered.
EDNS Client Subnet (ECS) Functionality
Enables DNS resolvers to include part of the user’s IP address in queries to authoritative servers. This helps ensure responses are optimized for the user's location, improving performance and reducing latency.
Privacy Risks of ECS
Introduces privacy risks like user tracking and fingerprinting by exposing part of the user's IP address. Also risks reducing anonymity in DNS queries, enabling user data exposure, and potential security exploits.
Privacy Protection from ECS
Offers guidance on protecting privacy by using DNS resolvers that limit or disable ECS, implementing encrypted DNS solutions, and choosing services with strict ECS policies.
Qname Minimisation
Privacy-enhancing technique for DNS resolution that reduces the amount of information sent to upstream servers by only including the necessary part of the domain name for each step. This limits data exposure and mitigates risks of DNS-based data surveillance.
Improved Privacy
Reduces the amount of data exposure to upstream servers, preventing unnecessary tracking by third parties. Minimizes data leakage by exposing only the essential components of the domain query at each stage.
Enhances Security
Improves security by making it harder for malicious actors to gather intelligence from DNS queries. Reduces the risk of data being exploited for surveillance or cyberattacks.
Performance Considerations
May cause a slight increase in query latency due to additional queries sent in the resolution process. Nonetheless, the trade-off is often outweighed by privacy benefits.