Stubby can be installed
The 0.4.x releases of the windows installers include both the command line tool described below and also an experimental release of a Graphical Interface to manage Stubby.
Stubby has been tested on Windows 10 and should work on Windows 8. There is limited support for Windows 7 - see below. User testing reports, bug reports and patches/pull requests are all welcomed via the Stubby github issue tracker!
The installer currently overwrites all existing files so if you have made changes to the stubby.yml then you should create a backup of this file before upgrading!
Latest stable installer is version 0.3.0.6 built from:
|64bit Windows Installer||abc0c103d56d620ef942b48d7c3c2713638587a397baecb003644c82816a0249|
|32bit Windows Installer||stubby-0.3.0.6-x86.msi||a1afae37090c622304d4ea8ad593f277fed50b5bd2281032b4bb9522c1097e2e|
|Zip file with 64bit install||
|Zip file with 32bit install||
Latest chocolatey package is available here: https://chocolatey.org/packages/stubby/0.3.0.6
Latest development installer is version 0.4.4-rc1 built from:
|64bit Windows Installer||
|32bit Windows Installer||
|Zip file with 64bit install||
|Zip file with 32bit install||
dnsovertlsservers have been decommissioned and removed from the default config file. Users who preserve their config over upgrade should manually remove those servers from the config.
Previous versions of the installer were numbered 0.0.1 to 0.0.7. From this release onward we are adopting a new policy. Installer releases will have a 4 component version a.b.c.d. a.b.c gives the Stubby version. d indicates the installer package revision, starting at 0 for the first packaging of a given Stubby version.
The 0.2.5.0 release now provides a 32bit install as well as a 64bit install.
C:\Program Files (x86)\Stubby. All other installs place files in
This release corrects the default configuration file location to
C:\Program Files\Stubby\stubby.yml. This path no longer needs to
be specified on the command line.
stubby.bat has been updated to look for the configuration file in
the same directory as the Stubby executable.
These contain the following files by the installer.
The 0.3.0.6 release and later provides a 32bit install as well as a
64bit install. On a 64bit Windows installation, a 32bit install will
place files in
C:\Program Files (x86)\Stubby. All other installs place
It is recommended to use the default configuration file provided which will use ‘Strict’ privacy mode and spread the DNS queries among several of the current DNS Privacy test servers. Note that this file contains both IPv4 and IPv6 addresses. It installed in “C:\Program Files\Stubby\stubby.yml”
More information on how to customise the configuration can be found here.
Simply invoke Stubby on the command line from a command prompt window (To get a command prompt go to the Windows search box and type ‘cmd’ and then choose the ‘Command prompt’ option)
The -l flag enables full logging. Alternatively a specific logging
level can be controlled by using the -v flag
- h’ for details of
We are working on support for running Stubby as a service on Windows 10. Instructions for setting up a Scheduled task are below.
A quick test can be done by opening a separate Command prompt window and using getdns_query (or your favourite DNS tool) on the loopback address:
You should see a status of GETDNS_RESPSTATUS_GOOD and and rcode of GETDNS_RCODE_NOERROR in the getdns_query output. You should also see a connection being made in the stubby logs.
Once this change is made all your DNS queries will be re-directed to
Stubby and sent over TLS!
(You may need to restart some applications to have them pick up the network settings).
For Stubby to re-send outgoing DNS queries over TLS the recursive resolvers configured on your machine must be changed to send all the local queries to the loopback interface on which Stubby is listening.
In most cases your system will use the ‘default’ DNS servers that are provided by whatever network you are on at the time. Using the two Powershell comands will be all you need to switch back and forth from Stubby to the default DNS settings for the network you are on. (The scripts don’t store any DNS config information because it can change dynamically). If you want to double check what servers you are using right now you can use then follow the instructions below to inspect your system settings. If you have reason to think your system uses specific servers on all networks it might be useful to note your existing default nameservers before making this change so you can use the same instructions to reset them!
To set your nameservers to use Stubby
From Windows search box type ‘cmd’ and on the ‘Command prompt’ option that appears right click and select ‘run as Administrator’
In the command prompt window that appears type the following to switch the system DNS resolvers to use Stubby.
You can monitor the DNS traffic using Wireshark watching on port 853.
If you encounter problems or want to turn Stubby off for any reason then reverse this change to restore the default network settings (no DNS Privacy) by running
Follow the procedure above, but use the scripts:
WARNING: These scripts can only update DNS servers on the IPv4 service. IPv6 will still use the default DNS servers, sending queries in clear text so one option is to disable IPv6, the other is to manually update the IPv6 addessses (see below).
See this README.md for details.
If you want Stubby to always start when you boot your system, you can create a Scheduled task for this. A template for the task is provided.
To create the task just run
schtasks /create /tn Stubby /XML "C:\Program Files\Stubby\stubby.xml" /RU <you_user_name>
If you need to manually inspect or change your system revolvers on Windows through the GUI then do the following:
If you have changed the default config in the stubby.yml file and are running in Opportunistic mode then you may want to add an alternative DNS server in here for robustness. However DNS queries sent to this server will be sent clear text over UDP/TCP, so this is NOT recommended for Strict mode unless required for bootstrapping (e.g. in a corporate network).