...
| Section |
|---|
| Column |
|---|
|
| Info |
|---|
'Stubby' is part of the getdns project - this is just a reference page on how to get up and running with Stubby! Bugs or feature requests can be directed to either |
|
|
Stubby
...
...
...
which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way! |
|
|
It is recommended to use the latest release of the 1.1 version of getdns to have the most up to date version of Stubby.
In this mode Stubby (getdns) does several things
- Runs as a daemon
- By default obtains its configuration information from the configuration file at /etc/stubby.conf
- Can be configured to listen on the loopback address and send all outgoing DNS queries received on that address out over TLS to a DNS Privacy server
- Can be configured with authentication information for DNS Privacy servers and instructed to use either a 'Strict' or an 'Opportunistic' Profile as described in Authentication and (D)TLS Profile for DNS-over-(D)TLS
...
Since Stubby is part of the getdns project - the reference page for how to get up and running with Stubby has moved to the getdns website: Stubby Reference Guide As always, bugs or feature requests can be directed to either |
|
|
Other options
Other ways to run a privacy daemon are:
- Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries).
- Work is in progress to enable knot resolver to work in this mode too
