DNS Privacy Project

Skip to end of metadata
Go to start of metadata

This documentation is a Work in progress while the Stubby docs move home to dnsprivacy.org, for the latest complete documentation see https://getdnsapi.net/blog/dns-privacy-daemon-stubby/

'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

Stubby is developed by the getdns project.

For more background and FAQ see our About Stubby page. Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way!

Why Use Stubby?

Read about the problem with DNS Privacy and how Stubby helps

 

Key Features:

  • Runs as a daemon listening on the loopback  addresses (127.0.0.1, ::0) 
  • Sends all outgoing DNS queries received on those addresses out over TLS
  • Uses a default configuration which provides Strict Privacy and uses a subset of the available DNS Privacy servers

Stubby uses getdns, it is recommended to use the 1.1.1 release or later of getdns, and preferably the latest getdns stable release.

Installation

At the moment Stubby lives with the getdns code, but Stubby is being moved to its own home on github so keep an eye on this page for updates on how to install the latest version!

Stubby is supported on several platforms:

  • Linux
    • Build from source
    • Packages
  • macOS
    • Build from source
    • Homebrew Tap
    • Installer including prototype GUI on the way!
  • Windows

We hope to have support on mobile platforms in the future

Configuration

See our Stubby configuration guide.

Support

Bugs or feature requests can be directed to either

How can I contribute to the getdns/Stubby projects?

Other options

Other ways to run a privacy daemon are: 

  • Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries). 
  • Work is in progress to enable knot resolver to work in this mode too


  • No labels
Write a comment…