‘Stubby’ is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
Stubby is developed under the getdns project, has it’s own github repo and issue tracker but dnsprivacy.org currently hosts the online documentation for Stubby. For more background and FAQ see our About Stubby page.
As announced over the last 6 months, the dnsovertls*.sinodun.com nameservers were decommissioned on 9th Septemter 2022. See this announcement.
The command line version of Stubby is suitable for technical/advanced users. Work on more a user friendly GUI called Stubby Manager is underway - see below!
Why Use Stubby?
Stubby uses getdns, it is recommended to use at least the 1.6 release of getdns, and preferably the latest getdns stable release.
A future release of Stubby is expected to support the following:
As of August 2017 Stubby has moved to its own repository and getdns is a library dependancy!
Source code is available on github: https://github.com/getdnsapi/stubby
Various packages are available, see repology for Stubby.
Note1: A debian package is also available but doesn’t show up in the above because the version number is currently incorrect (it picks up the getdns version, not the stubby version). Working to fix this!
Note2: The chocolatey package called ‘stubby’ as of March 2019 is for Stubby - the name was previously used for a package named stubby4net but that has now been renamed to stubby4net.
We hope to have support on mobile platforms in the future:
Note that Android has announced that it will support a native implementation of DNS-over-TLS in an upcoming official release (it is already available in developer releases). This does not share any code with Stubby but we applaud Android for this development!
See our Stubby configuration guide.
Note that some users use Stubby in combination wtih Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections). And example configuration is available on this page.
Bugs or feature requests can be directed to either
See DNS Privacy Clients.