'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way!
Stubby uses getdns, it is recommended to use at least the 1.2 release of getdns, and preferably the latest getdns stable release.
The next release of Stubby (v0.3, getdns v1.5) is expected to support the following:
- DNS-over-HTTPS (DOH)
- Configuration of servers using authentication name only
As of August 2017 Stubby has moved to its own repository and getdns is a library dependancy!
Source code is available on github: https://github.com/getdnsapi/stubby
Various packages are available, see repology for Stubby.
Note1: A debian package is also available but doesn't show up in the above because the version number is currently incorrect (it picks up the getdns version, not the stubby version). Working to fix this!
Note2: The chocolatey package called 'stubby' as of March 2019 is for Stubby - the name was previously used for a package named stubby4net but that has now been renamed to stubby4net.
- See this tweet for an example of using Stubby + Quad9
- See this link for an example of using BIND as a local caching forwarder and stubby for upstream TLS
We hope to have support on mobile platforms in the future:
Note that Android has announced that it will support a native implementation of DNS-over-TLS in an upcoming official release (it is already available in developer releases). This does not share any code with Stubby but we applaud Android for this development!
See our Stubby configuration guide.
Note that some users use stubby in combination wtih Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet authentication upstreams, or re-use TCP/TLS connections). And example configuration is available on this page.
Bugs or feature requests can be directed to either
How can I contribute to the getdns/Stubby projects?
- Run and test stubby. Give feedback and report bugs!
- Contribute code to or https://github.com/getdnsapi/stubby or https://github.com/getdnsapi/getdns
- Running a DNS privacy resolver
See DNS Privacy Clients.