🌐 Website Issue | Add more encrypted DNS servers #1077

New Issue

2019-08-01T09:40:02Z

Mikaela commented

2019-08-01 09:40:02 +00:00

(Migrated from github.com)

Description

Currently all DNS servers have warnings and we only list 4. I had been wondering if there really are no others than what we list, Google and Cloudflare, but there is a long list. I have no idea where I picked my previous list and I apologize.

https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers

Short list of what may be worth looking at:

https://securedns.eu/ - no logs, all three protocols, optional adblock (alternative domain)
~~http://neutopia.org/~~ - missing privacy policy
~~https://tenta.com/dns-setup-guides~~ - I am not sure on their policy of counting counters and their privacy policy has the "information we don't collect" section and they talk about supporting law enforcement whentalking about VPN, so I am not sure if the DNS should be listed either.
https://appliedprivacy.net/services/dns/ - DoH & DoT
https://blog.uncensoreddns.org/ - "Absolutely nothing is being logged, neither about the users nor the usage of this service." - DoT
https://dnsprivacy.at/ - " NO REQUESTS ARE LOGGED! This is an experimental service, only on a "best effort" basis." - DoT only?
https://github.com/bhanupratapys/dnswarden/blob/master/README.md - "Use at your own risk. I will not be held responsible for any downtime of the servers , only on a "best effort" basis. No query logging . Completely disabled query logs related to the DNS traffic." - all three

This is based on the dnsprivacy.org list, from which homepages or additional information I found very easily by just checking the main domain.

## Description Currently all DNS servers have warnings and we only list 4. I had been wondering if there really are no others than what we list, Google and Cloudflare, but there is a long list. I have no idea where I picked my previous list and I apologize. * https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers Short list of what may be worth looking at: * https://securedns.eu/ - no logs, all three protocols, optional adblock (alternative domain) * ~~http://neutopia.org/~~ - missing privacy policy * ~~https://tenta.com/dns-setup-guides~~ - I am not sure on their policy of counting counters and their privacy policy has the "information we don't collect" section and they talk about supporting law enforcement whentalking about VPN, so I am not sure if the DNS should be listed either. * https://appliedprivacy.net/services/dns/ - DoH & DoT * https://blog.uncensoreddns.org/ - "Absolutely nothing is being logged, neither about the users nor the usage of this service." - DoT * https://dnsprivacy.at/ - " NO REQUESTS ARE LOGGED! This is an experimental service, only on a "best effort" basis." - DoT only? * https://github.com/bhanupratapys/dnswarden/blob/master/README.md - "Use at your own risk. I will not be held responsible for any downtime of the servers , only on a "best effort" basis. No query logging . Completely disabled query logs related to the DNS traffic." - all three This is based on the dnsprivacy.org list, from which homepages or additional information I found very easily by just checking the main domain.

👍 2

Mikaela commented

2019-08-01 11:24:16 +00:00

(Migrated from github.com)

As there are starting to be options, maybe regional ones can join the list too

https://www.nic.cz/odvr/ - enable cookies and click English - CZ.NIC resolvers neither collect any personal data nor gather information on pages where your computer sends personal data. - DoT & DoH

As there are starting to be options, maybe regional ones can join the list too * https://www.nic.cz/odvr/ - enable cookies and click English - CZ.NIC resolvers neither collect any personal data nor gather information on pages where your computer sends personal data. - DoT & DoH

nitrohorse commented

2019-08-01 14:53:06 +00:00

(Migrated from github.com)

The larger the list grows, I’m wondering if it makes sense to create a new table like the Email and VPN providers have?

👍 2

Mikaela commented

2019-08-01 18:39:41 +00:00

(Migrated from github.com)

Assigning to Nitrohorse who agreed to take this/tablesizing on Wire

Mikaela commented

2019-08-04 11:15:21 +00:00

(Migrated from github.com)

However it's worth noting that these listings are based on what the sites are saying, I don't know if there are methods to ensure those claims are true.

Me at Reddit, maybe this should also be said on the site?

> However it's worth noting that these listings are based on what the sites are saying, I don't know if there are methods to ensure those claims are true. Me at Reddit, maybe this should also be said on the site?

👍 1

nitrohorse commented

2019-08-04 17:36:16 +00:00

(Migrated from github.com)

^^ hmm, yeah, I think that's a good callout.

nitrohorse commented

2019-08-04 18:53:06 +00:00

(Migrated from github.com)

How's this for the columns / DNS resolver criteria for a new table?

DNS Provider
Website
Server Locations
Logging
Protocols
Filtering
Privacy Policy
Type (e.g. Commercial/Non-Profit/etc)
Source Code
DNSSEC
QNAME Minimization

Found this helpful reference from DNSPrivacy also: https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/

How's this for the columns / DNS resolver criteria for a new table? - DNS Provider - Website - Server Locations - Logging - Protocols - Filtering - Privacy Policy - Type (e.g. Commercial/Non-Profit/etc) - Source Code - DNSSEC - QNAME Minimization Found this helpful reference from DNSPrivacy also: https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/

nitrohorse commented

2019-08-04 18:56:54 +00:00

(Migrated from github.com)

^^ hmm, yeah, I think that's a good callout.

We could add an alert like how the VPN table has:

> ^^ hmm, yeah, I think that's a good callout. We could add an alert like how the [VPN table has](https://www.privacytools.io/providers/vpn/): ![vpn-warning](https://user-images.githubusercontent.com/1514352/62427891-9bdb8180-b6e9-11e9-8e4f-91c278df4213.png)

jamesponddotco commented

2019-08-06 14:11:32 +00:00

(Migrated from github.com)

Slightly off-topic, but what are the requirements to be considered for the list?

I am working on an open-source DNS resolver which can be seen over here, but would love to know if I need to add support for DoH and/or DoT, for example.

Slightly off-topic, but what are the requirements to be considered for the list? I am working on an open-source DNS resolver [which can be seen over here](https://gitgit.dev/madponydotco/adsnomore.io), but would love to know if I need to add support for DoH and/or DoT, for example.

Mikaela commented

2019-08-06 14:29:14 +00:00

(Migrated from github.com)

The closest we have to rules is https://github.com/privacytoolsIO/privacytools.io/pull/1097#issuecomment-518189915 , but we are yet to actually commit/document them anymore.

I think supporting DoH/DoT would be preferable as there are already public lists of DNSCrypt providers (so I see it as a nice bonus) as it's not a standard and requires a specialized software like dnscrypt-proxy while DoH (the original motivation for the issue) is supported natively by Firefox (and hopefully soon Chromium) while DoT is supported natively by Android 9 and systemd-resolved (and I know Windows 10 feedback hub has multiple requests for it).

The closest we have to rules is https://github.com/privacytoolsIO/privacytools.io/pull/1097#issuecomment-518189915 , but we are yet to actually commit/document them anymore. I think supporting DoH/DoT would be preferable as there are already public lists of DNSCrypt providers (so I see it as a nice bonus) as it's not a standard and requires a specialized software like dnscrypt-proxy while DoH (the original motivation for the issue) is supported natively by Firefox (and hopefully soon Chromium) while DoT is supported natively by Android 9 and systemd-resolved (and I know Windows 10 feedback hub has multiple requests for it).

👍 2

jamesponddotco commented

2019-08-06 14:33:38 +00:00

(Migrated from github.com)

Hm, going to look into adding DoH and DoT, then. I was mostly trying not to if I am honest, but with Firefox and Android 9 Pie going that route, it seems impossible to keep ignoring it.

We already have multiple DNSCrypt servers, and our central DNS server connects to them and use them as resolvers, but I will see about adding DoH and DoT support as well.

Thanks, @Mikaela! :)

Hm, going to look into adding DoH and DoT, then. I was mostly trying not to if I am honest, but with Firefox and Android 9 Pie going that route, it seems impossible to keep ignoring it. We already have multiple DNSCrypt servers, and our central DNS server connects to them and use them as resolvers, but I will see about adding DoH and DoT support as well. Thanks, @Mikaela! :)

😆 1

Mikaela commented

2019-08-06 14:35:35 +00:00

(Migrated from github.com)

Source on Chromium going to support DoH in the future: https://bugs.chromium.org/p/chromium/issues/detail?id=908132#c5

This repo is archived. You cannot comment on issues.