|Table of Contents|
It is recommended to use the latest release of the 1.1 version of getdns to have the most up to date version of Stubby.
In this mode Stubby (getdns) does several things
- Runs as a daemon
- By default obtains its configuration information from the configuration file at /etc/stubby.conf
- Can be configured to listen on the loopback address and send all outgoing DNS queries received on that address out over TLS to a DNS Privacy server
- Can be configured with authentication information for DNS Privacy servers and instructed to use either a 'Strict' or an 'Opportunistic' Profile as described in Authentication and (D)TLS Profile for DNS-over-(D)TLS
Other ways to run a privacy daemon are:
- Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries).
- Work is in progress to enable knot resolver to work in this mode too