diff --git a/_includes/country.html b/_includes/country.html
new file mode 100644
index 00000000..032250f7
--- /dev/null
+++ b/_includes/country.html
@@ -0,0 +1 @@
+ {{ site.data.country[include.cc] | escape }}
diff --git a/_includes/legacy/sections/dns.html b/_includes/legacy/sections/dns.html
deleted file mode 100644
index 347a6ec9..00000000
--- a/_includes/legacy/sections/dns.html
+++ /dev/null
@@ -1,661 +0,0 @@
-
- Encrypted DNS Resolvers
-
-
-
- DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides
only your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here. See the
definitions below.
-
-
-
-
- | DNS Provider |
- Server Locations |
- Privacy Policy |
- Type |
- Logging |
- Protocols |
- DNSSEC |
- QNAME Minimization |
- Filtering |
- Source Code |
- Hosting Provider |
-
-
-
-
- |
- AdGuard
- |
- Anycast (based in
-
-
- Cyprus)
-
- |
-
-
-
-
- |
- Commercial |
- Some |
- DoH, DoT, DNSCrypt |
- Yes |
- Yes |
-
-
- Based on server choice
-
- |
-
-
-
-
- |
-
-
- Choopa, LLC,
-
-
- Serveroid, LLC
-
- |
-
-
-
- |
- BlahDNS
- |
-
-
-
- Finland,
-
-
-
- Germany,
-
-
-
- Japan
-
-
-
- Singapore
-
- |
-
-
-
-
- |
- Hobby Project |
- No |
-
-
- DoH,
-
- DoT ,
-
-
- DNSCrypt
- |
- Yes |
- Yes |
-
-
- Ads, trackers,
-
-
- malicious domains
-
-
- Based on server choice only for DoH
-
- |
-
-
-
-
- |
-
-
- Choopa, LLC,
-
-
- Hetzner Online GmbH
-
- |
-
-
-
- |
- Cloudflare
- |
- Anycast (based in
-
-
- US)
-
- |
-
-
-
-
- |
- Commercial |
- Some |
- DoH, DoT |
- Yes |
- Yes |
-
-
- Based on server choice
-
- |
- ? |
- Self |
-
-
-
- |
- CZ.NIC
- |
-
-
-
- Czech Republic
-
- |
-
-
-
-
- |
- Association |
- No |
- DoH, DoT |
- Yes |
- Yes |
- ? |
- ? |
- Self |
-
-
-
- |
- Foundation for Applied Privacy
- |
-
-
-
- Austria
-
- |
-
-
-
-
- |
- Non-Profit |
- Some |
-
-
- DoH,
-
- DoT
-
-
- |
- Yes |
- Yes |
- No |
- ? |
-
-
- IPAX OG
-
- |
-
-
-
- |
- LibreDNS
- |
-
-
-
- Germany
-
- |
-
-
-
-
- |
-
-
- Informal collective
-
- |
- No |
- DoH, DoT |
- No |
- Yes |
-
-
- Based on server choice only for DoH
-
- |
-
-
-
-
- |
-
-
- Hetzner Online GmbH
-
- |
-
-
-
- |
- NextDNS
- |
- Anycast (based in
-
-
- US)
-
- |
-
-
-
-
- |
- Commercial |
-
- Based on user choice
- |
- DoH, DoT, DNSCrypt |
- Yes |
- Yes |
-
-
- Based on server choice
-
- |
- ? |
- Self |
-
-
-
- |
- NixNet
- |
-
-
- Anycast (based in
-
- US),
-
-
-
- US,
-
-
-
- Luxembourg
-
- |
-
-
-
-
- |
-
-
- Informal collective
-
- |
- No |
- DoH, DoT |
- Yes |
- Yes |
-
-
- Based on server choice
-
- |
-
-
-
-
- |
-
-
- FranTech Solutions
-
- |
-
-
-
- |
- PowerDNS
- |
-
-
-
- The Netherlands
-
- |
-
-
-
-
- |
- Hobby Project |
- No |
- DoH |
- Yes |
- No |
- No |
-
-
-
-
- |
-
-
- TransIP B.V. Admin
-
- |
-
-
-
- |
- Quad9
- |
- Anycast (based in
-
-
- Switzerland)
-
- |
-
-
-
-
- |
- Non-Profit |
- Some |
- DoH, DoT, DNSCrypt |
- Yes |
- Yes |
-
-
- Malicious domains
-
- |
- ? |
-
- Self,
-
- Packet Clearing House
-
- |
-
-
-
- |
- Snopyta
- |
-
-
-
- Finland
-
- |
-
-
-
-
- |
-
-
- Informal collective
-
- |
- No |
- DoH, DoT |
- Yes |
- Yes |
-
-
- No
-
- |
- ? |
-
-
- Hetzner Online GmbH
-
- |
-
-
-
- |
- UncensoredDNS
- |
- Anycast (based in
-
-
- Denmark),
-
-
-
-
- Denmark,
-
-
-
-
- US
-
- |
-
-
-
-
- |
- Hobby Project |
- No |
- DoH, DoT |
- Yes |
- No |
- No |
- ? |
-
- Self,
-
- Telia Company AB
-
- |
-
-
-
-
-
-
- Encrypted DNS Client Recommendations for Desktop
-
-
-{%
- include legacy/cardv2.html
- title="Unbound"
- image="/assets/img/legacy_svg/3rd-party/unbound.svg"
- description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.'
- website="https://nlnetlabs.nl/projects/unbound/about/"
- github="https://github.com/NLnetLabs/unbound"
-%}
-
-{%
- include legacy/cardv2.html
- title="dnscrypt-proxy"
- image="/assets/img/legacy_svg/3rd-party/dnscrypt-proxy.svg"
- description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.'
- website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki"
- github="https://github.com/DNSCrypt/dnscrypt-proxy"
-%}
-
-{%
- include legacy/cardv2.html
- title="Stubby"
- image="/assets/img/legacy_png/3rd-party/stubby.png"
- description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.'
- website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby"
- github="https://github.com/getdnsapi/stubby"
-%}
-
-{%
- include legacy/cardv2.html
- title="Firefox's built-in DNS-over-HTTPS resolver"
- image="/assets/img/legacy_svg/3rd-party/firefox_browser.svg"
- description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually use any other DoH resolver.'
- labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox."
- website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https"
- privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy"
-%}
-
-
-
-
- Encrypted DNS Client Recommendations for Android
-
-
-{%
- include legacy/cardv2.html
- title="Android 9's built-in DNS-over-TLS resolver"
- image="/assets/img/legacy_svg/3rd-party/android.svg"
- description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application."
- labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS."
- website="https://support.google.com/android/answer/9089903#private_dns"
-%}
-
-{%
- include legacy/cardv2.html
- title="Nebulo"
- image="/assets/img/legacy_png/3rd-party/nebulo.png"
- description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.'
- website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md"
- privacy-policy="https://smokescreen.app/privacypolicy"
- fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid"
- googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen"
- source="https://git.frostnerd.com/PublicAndroidApps/smokescreen"
-%}
-
-
-
-
- Encrypted DNS Client Recommendations for iOS
-
-
-{%
- include legacy/cardv2.html
- title="DNSCloak"
- image="/assets/img/legacy_png/3rd-party/dnscloak.png"
- description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.'
- website="https://github.com/s-s/dnscloak/blob/master/README.md"
- privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view"
- ios="https://apps.apple.com/app/id1452162351"
- github="https://github.com/s-s/dnscloak"
-%}
-
-
-
-
- Apple's native support
-
-
-
- In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in Safari).
- After installation, the encrypted DNS server can be selected in Settings → General → VPN and Network → DNS.
-
-
-
-
-
-
-
- Definitions
-
-
-DNS-over-TLS (DoT)
-
- A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
-
-
-DNS-over-HTTPS (DoH)
-
- Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
-
-
-DNSCrypt
-
- With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS.
-
-
-Anonymized DNSCrypt
-
- A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays.
-
diff --git a/_includes/recommendation-table.html b/_includes/recommendation-table.html
new file mode 100644
index 00000000..a3f2fd19
--- /dev/null
+++ b/_includes/recommendation-table.html
@@ -0,0 +1,13 @@
+
+
+
+ {% include table-header-{{ include.data }}.html %}
+
+
+ {% for provider in site.data[include.data] %}
+ {% include table-row-{{ include.data }}.html data=provider %}
+ {% endfor %}
+
+
+
View table data on GitHub
diff --git a/_includes/table-header-dns.html b/_includes/table-header-dns.html
new file mode 100644
index 00000000..c70723c2
--- /dev/null
+++ b/_includes/table-header-dns.html
@@ -0,0 +1,11 @@
+DNS Provider |
+Server Locations |
+Privacy Policy |
+Type |
+Protocols |
+Logging |
+DNSSEC |
+QNAME Minimization |
+Filtering |
+Source Code |
+Hosting Provider |
diff --git a/_includes/table-row-dns.html b/_includes/table-row-dns.html
new file mode 100644
index 00000000..4c318167
--- /dev/null
+++ b/_includes/table-row-dns.html
@@ -0,0 +1,54 @@
+{% assign data = include.data[1] %}
+
+ {{ data.title }}
+ |
+{%- if data.anycast -%}Anycast: {%- endif -%}
+ {%- for location in data.locations -%}
+ - {%- include country.html cc=location -%}
+ {%- endfor -%}
+ |
+
+ {% if data.privacy_policy.link %}
+
+ {% else %}
+ {% endif %}
+ |
+{% if data.type.link %}{{ data.type.name }}
+ {% else %}{{ data.type.name }}{% endif %}
+ |
+{%- for protocol in data.protocols -%}
+ - {{ protocol.name }}{% if protocol.tooltip %}
+
+ {% endif %}
{%- endfor -%}
+ |
+{% if data.logs.policy %}{% if data.logs.link %}
+ {{ data.logs.text | default: 'Yes' }}{% unless data.logs.link %}{% if data.logs.tooltip %} {% endif %}{% endunless %}
+ {% else %} | No{% endif %}
+ |
+No{% else %}
+ class="table-success">Yes{% endunless %}
+ |
+No{% else %}
+ class="table-success">Yes{% endunless %}
+ |
+
+ {{ data.filtering | escape | default: 'Unknown?' }}
+ |
+
+ {% if data.source %}
+
+ {% endif %}
+ |
+
+ {%- for provider in data.providers -%}
+ - {% if provider.link %}{{ provider.name | escape }}{% else %}{{ provider.name | escape }}{% endif %}
+ {%- endfor -%}
+ |