DNS Privacy Project

Skip to end of metadata
Go to start of metadata

Welcome to the DNS Privacy project home page

This site is the home of a collaborative open project to promote, implement and deploy DNS Privacy. The goals of this project include:

  • Raising awareness of the issue of DNS Privacy
  • Empowering users to take advantage of DNS Privacy tools and resources (client applications, DNS Privacy resolvers)
  • Evolving the DNS to support DNS Privacy in particular developing new DNS Protocol standards
  • Working towards full support for DNS Privacy in a range of Open Source DNS implementations including: getdns, Unbound, NSD, BIND and Knot (Auth and Resolver)
  • Co-ordinating deployment of DNS Privacy services and documenting operational practices

Among the many contributors to this project are Sinodun IT, NLnet Labs, SalesForce, Surftnet, Stephane Borztmeyer and No Mountain Software.



  • What is the problem? Read up on why DNS Privacy is an issue.
  • Clients: Meet 'Stubby' - a experimental DNS Privacy stub resolver for use on client machines.
  • Test servers: See information on the current list of DNS Privacy test servers available


  • Implementation status: See the current status of DNS Privacy (using DNS-over-TLS) implementations in various DNS software
  • How to run a DNS-over-TLS server: Guides on TLS proxies and key management and tools
  • COMING SOON: Guidance on data handling on DNS Privacy servers

Looking for DNSCrypt? See this DNSCrypt project update

DNS Privacy - Current Work

January 2018

  • Two more Test servers now listen on port 443: dnsovertls.sinodun.com and dnsovertls1.sinodun.com
  • Thanks to the Knot Resolver folks for quick fixes to some issues with DNS-over-TLS support - the latest release (1.5.1) seems much more stable!
  • We note that dnscrypt.org is now re-directed to this site due to changes in the DNSCrypt project status
  • We also have additional documentation on automating certificate renewal

December 2017

  • Check out the interesting privacy work and products coming out of the Tenta project - in particular their Tenta browser, open source DNS resolver and comparison of DNS-over-TLS vs DNSCrypt!
  • 2 new test servers:
    • dnsovertls3.sinodun.com which supports TLS 1.3 and TLS 1.2 (thanks again to Surfnet for hosting)!
      • Version 1.3.0 of getdns (to be release Dec 21st) will support TLS 1.3 when linked against OpenSSL 1.1.1, so build stubby against that to that if you want to test out TLS 1.3!
    • dns.bitgeek.in based in India - many thanks Sairam Kunala!

Overview of DNS Privacy Status

High level overview of ongoing work on DNS Privacy with monthly updates

DPRIVE Working Group

Catch up with the latest standards being developed to support DNS Privacy: DPRIVE Working group

Reference Material

For a list of useful RFCs, Internet Drafts and presentations see the Reference Material page.


Thanks to NLnet Foundation and OTF for donations to support DNS Privacy work. Thanks for past support from Verisign Labs.

Running a DNS Privacy server

If you are interested in contributing by running a server see our how-to guide: Running a DNS Privacy server


If you are interested in contributing to the project please contact:

  • Sara Dickinson (sara@sinodun.com)
  • Allison Mankin (allison.mankin@gmail.com)
  • Benno Overeinder (benno@NLnetLabs.nl)

Comments, JIRA and Bitbucket Access

After a spate of spam comments we have reluctantly change permissions so that commenting on pages requires a user account. An account also provides access to submit general privacy issues in the issue tracker and contribute to the code repositories create a user account (note that Stubby has it's own issue tracker in github):

  • No labels