This site is mainly focussed on following the development and deployment of DNS-over-TLS as the leading solution for DNS Privacy because that is the only protocol currently standardized by the IETF.

Some history and background on other alternatives are outlined below and we intend to follow other solutions as things evolve.


DNSCrypt is a method of authenticating communications between a DNS client and a DNS resolver that has been around since 2011:


DNSCurve was developed with encrypting the resolver to authoritative communications in mind. It was not standardized by the IETF.


RFC8094 specified DNS-over-DTLS as an Experimental Standard. To our knowledge that are no implementations of DNS-over-DTLS planned or in progress.

One issue with DNS-over-DTLS is that it must still truncate DNS responses if the response size it too large (just as UDP does) and so it cannot be a standalone solution for privacy without a fallback mechanism (such as DNS-over-TLS) also being available.


There are implementations available (e.g. from BII) of proxies that will tunnel DNS-over-HTTPS.

Google offers a proprietary DNS-over-HTTPS service using a JSON format for DNS queries.

A new working group has also recently been formed in the IETF: DNS-over-HTTPS (DOH)


A draft has been submitted to the IETF QUIC Working group on DNS-over-QUIC