'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
Stubby is developed by the getdns project.
For more background and FAQ see our About Stubby page. Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way!
Why Use Stubby?
- Runs as a daemon listening on the loopback addresses (127.0.0.1, ::0)
- Sends all outgoing DNS queries received on those addresses out over TLS
- Uses a default configuration which provides Strict Privacy and uses a subset of the available DNS Privacy servers
Stubby uses getdns, it is recommended to use the 1.1.3 release or later of getdns, and preferably the latest getdns stable release.
As of August 2017 Stubby has moved to its own repository and getdns is a library dependancy!
Stubby is supported on several platforms:
We hope to have support on mobile platforms in the future.
See our Stubby configuration guide.
Bugs or feature requests can be directed to either
- MAILING LIST: the getdns users mailing list
- BUG TRACKER: the getdns github issue tracker
- or directly to firstname.lastname@example.org
How can I contribute to the getdns/Stubby projects?
- Run and test stubby. Give feedback and report bugs!
- Contribute code to https://github.com/getdnsapi/getdns
- Running a DNS privacy resolver
Other ways to run a privacy daemon are:
- Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries).
- Work is in progress to enable knot resolver to work in this mode too