DNS Privacy Project

Skip to end of metadata
Go to start of metadata



'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

Stubby is developed by the getdns project.

For more background and FAQ see our About Stubby page. Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way!

Why Use Stubby?

Read about the problem with DNS Privacy and how Stubby helps

 

Key Features:

  • Runs as a daemon listening on the loopback  addresses (127.0.0.1, ::0) 
  • Sends all outgoing DNS queries received on those addresses out over TLS
  • Uses a default configuration which provides Strict Privacy and uses a subset of the available DNS Privacy servers

Stubby uses getdns, it is recommended to use at lleast the 1.2 release of getdns, and preferably the latest getdns stable release.

Code

As of August 2017 Stubby has moved to its own repository and getdns is a library dependancy!

Source code is available on github: https://github.com/getdnsapi/stubby

Lastest release

Source Tarball: stubby-0.1.5.tar.gz

Installation

Stubby is supported on several platforms:

We hope to have support on mobile platforms in the future.

Configuration

See our Stubby configuration guide.

Support

Bugs or feature requests can be directed to either

How can I contribute to the getdns/Stubby projects?

Other options

Other ways to run a privacy daemon are: 

  • Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries). 
  • Work is in progress to enable knot resolver to work in this mode too


  • No labels
Write a comment…