17 KiB
title, icon, description, cover, global
| title | icon | description | cover | global | |||
|---|---|---|---|---|---|---|---|
| DNS解析器 | material/dns | These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. | dns.webp |
|
Protects against the following threat(s):
- :material-account-cash: 监视资本主义{.pg-brown}
Encrypted DNS with third-party servers should only be used to get around basic DNS blocking when you can be sure there won't be any consequences. 加密的DNS不会帮助你隐藏任何浏览活动。
Learn more about DNS :material-arrow-right-drop-circle:{.md-button}
推荐的供应商
These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked you should use a dedicated DNS filtering product instead.
| DNS供应商 | 协议 | Logging / Privacy Policy | ECS | 筛选 | Signed Apple Profile |
|---|---|---|---|---|---|
| AdGuard Public DNS | Cleartext DoH/3 DoT DoQ DNSCrypt | Anonymized1 | Anonymized | Based on server choice. 正在使用的过滤器列表可以在这里找到。 :octicons-link-external-24: | Yes :octicons-link-external-24: |
| Cloudflare | Cleartext DoH/3 DoT | Anonymized2 | No | Based on server choice. | No :octicons-link-external-24: |
| Control D Free DNS | Cleartext DoH/3 DoT DoQ | No3 | No | Based on server choice. | Yes :octicons-link-external-24: |
| dns0.eu | Cleartext DoH/3 DoH DoT DoQ | Anonymized4 | Anonymized | Based on server choice. | Yes :octicons-link-external-24: |
| Mullvad | DoH DoT | No5 | No | Based on server choice. 正在使用的过滤器列表可以在这里找到。 :octicons-link-external-24: | Yes :octicons-link-external-24: |
| Quad9 | Cleartext DoH DoT DNSCrypt | Anonymized6 | 可选 | Based on server choice, malware blocking by default. | Yes :octicons-link-external-24: |
Self-Hosted DNS Filtering
自我托管的DNS解决方案对于在智能电视和其他物联网设备等受控平台上提供过滤非常有用,因为不需要客户端软件。
Pi-hole
{ align=right }
Pi-hole is an open-source DNS-sinkhole which uses DNS filtering to block unwanted web content, such as advertisements.
Pi-hole被设计为在Raspberry Pi上托管,但它并不局限于这种硬件。 该软件具有一个友好的网络界面,可以查看洞察力和管理封锁的内容。
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title=Contribute }
AdGuard Home
{ align=right }
AdGuard Home is an open-source DNS-sinkhole which uses DNS filtering to block unwanted web content, such as advertisements.
AdGuard Home有一个精致的网络界面,可以查看洞察力和管理被阻止的内容。
:octicons-home-16: 主页{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="隐私政策" } :octicons-info-16:{ .card-link title=文档} :octicons-code-16:{ .card-link title="源代码" }
Cloud-Based DNS Filtering
These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
Control D
{ align=right }
Control D is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
NextDNS
{ align=right }
NextDNS is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
When used with an account, NextDNS will enable insights and logging features by default (as some features require it). You can choose retention time and log storage location for any logs you choose to keep, or disable logs altogether.
NextDNS's free plan is fully functional, but should not be relied upon for security or other critical filtering applications, because after 300,000 DNS queries in a month all filtering, logging, and other account-based functionality is disabled. It can still be used as a regular DNS provider after that point, so your devices will continue to function and make secure queries via DNS-over-HTTPS, just without your filter lists.
NextDNS also offers public DNS-over-HTTPS service at https://dns.nextdns.io and DNS-over-TLS/QUIC at dns.nextdns.io, which are available by default in Firefox and Chromium, and subject to their default no-logging privacy policy.
Encrypted DNS Proxies
加密的DNS代理软件为 未加密的DNS 解析器提供一个本地代理转发。 Typically, it is used on platforms that don't natively support encrypted DNS.
RethinkDNS
{ align=right }
{ align=right }
RethinkDNS is an open-source Android client that supports DNS-over-HTTPS, DNS-over-TLS, DNSCrypt and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" }
While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by adding a Wireguard configuration or manually configuring Orbot as a Proxy server, respectively.
dnscrypt-proxy
{ align=right }
dnscrypt-proxy is a DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNS.
:octicons-repo-16: Repository{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title=Documentation} :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title=Contribute }
警告
The anonymized DNS feature does not anonymize other network traffic.
Criteria
请注意,我们与我们推荐的任何项目都没有关系。 除了 我们的标准标准,我们还制定了一套明确的要求,使我们能够提供客观的建议。 我们建议你在选择使用一个项目之前熟悉这个清单,并进行自己的研究以确保它是你的正确选择。
All DNS products must support:
Additionally, all public providers:
- 倾向于 anycast 支持或地理转向支持。
- Must not log any personal data to disk
- As noted in our footnotes, some providers collect query information for example, for purposes like security research, but in that case that data must not be associated with any PII such as IP address, etc.
-
AdGuard存储其DNS服务器的汇总性能指标,即对特定服务器的完整请求数、被阻止的请求数和处理请求的速度。 他们还保留并存储了过去24小时内请求的域名数据库。 "我们需要这些信息来识别和阻止新的追踪者和威胁。" "我们还记录了这个或那个追踪器被封锁的次数。 我们需要这些信息来从我们的过滤器中删除过时的规则"。 https://adguard-dns.io/en/privacy.html ↩︎
-
Cloudflare只收集和存储发送到1.1.1.1解析器的有限DNS查询数据。 1.1.1.1解析器服务不记录个人数据,而且大部分有限的非个人识别的查询数据只存储25小时。 https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/ ↩︎
-
Control D只记录具有自定义DNS配置文件的高级解析器。 自由解析器不记录数据。 https://controld.com/privacy ↩︎
-
dns0.eu collects some data for their threat intelligence feeds, to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some partners for e.g. security research. They do not collect any Personally Identifiable Information. https://dns0.eu/privacy ↩︎
-
Mullvad的DNS服务对Mullvad VPN的订阅者和非订阅者都适用。 他们的隐私政策明确声称他们不会以任何方式记录DNS请求。 https://mullvad.net/en/help/no-logging-data-policy/ ↩︎
-
Quad9收集了一些数据,用于威胁监测和应对。 然后,这些数据可能被重新混合和共享,例如为了安全研究的目的。 Quad9不会收集或记录IP地址或其他他们认为可以识别个人身份的数据。 https://quad9.net/privacy/policy ↩︎