From 1e976219ead2ab8c9202d78010ddcd581959d3c8 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 25 Aug 2020 22:45:25 +0300 Subject: [PATCH 1/5] old.html/classic: include DNS page instead of section Otherwise the DNS app recommendations don't appear as for some reason they aren't in the DNS section, but are on the page directly. Reported by `@kgde9vnr1rxty6hj:privacytools.io` --- pages/old.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/old.html b/pages/old.html index 646299fe..2fa08290 100644 --- a/pages/old.html +++ b/pages/old.html @@ -67,7 +67,7 @@ permalink: /classic/ {% include sections/video-frontends.html %} -{% include sections/dns.html %} +{% include pages/providers/dns.html %} {% include sections/notebooks.html %} -- 2.47.2 From 98f3a8527c458de19cdad7ad302fbb6bb375623b Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 25 Aug 2020 22:58:09 +0300 Subject: [PATCH 2/5] Separate DNS clients from page to section, add them to classic --- _includes/sections/dns-software.html | 119 ++++++++++++++++++++++++++ pages/old.html | 2 +- pages/providers/dns.html | 120 +-------------------------- 3 files changed, 121 insertions(+), 120 deletions(-) create mode 100644 _includes/sections/dns-software.html diff --git a/_includes/sections/dns-software.html b/_includes/sections/dns-software.html new file mode 100644 index 00000000..749cb6b8 --- /dev/null +++ b/_includes/sections/dns-software.html @@ -0,0 +1,119 @@ +

+ + + Encrypted DNS Client Recommendations for Desktop +

+ +{% + include cardv2.html + title="Unbound" + image="/assets/img/svg/3rd-party/unbound.svg" + description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' + website="https://nlnetlabs.nl/projects/unbound/about/" + forum="https://forum.privacytools.io/t/discussion-unbound/3563" + github="https://github.com/NLnetLabs/unbound" +%} + +{% + include cardv2.html + title="dnscrypt-proxy" + image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" + description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' + website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" + forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" + github="https://github.com/DNSCrypt/dnscrypt-proxy" +%} + +{% + include cardv2.html + title="Stubby" + image="/assets/img/png/3rd-party/stubby.png" + description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' + website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" + forum="https://forum.privacytools.io/t/discussion-stubby/3582" + github="https://github.com/getdnsapi/stubby" +%} + +{% + include cardv2.html + title="Firefox's built-in DNS-over-HTTPS resolver" + image="/assets/img/svg/3rd-party/firefox_browser.svg" + description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." + website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" + privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" + forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" +%} + +

+ + + Encrypted DNS Client Recommendations for Android +

+ +{% + include cardv2.html + title="Android 9's built-in DNS-over-TLS resolver" + image="/assets/img/svg/3rd-party/android.svg" + description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." + website="https://support.google.com/android/answer/9089903#private_dns" + forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" +%} + +{% + include cardv2.html + title="Nebulo" + image="/assets/img/png/3rd-party/nebulo.png" + description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' + website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" + privacy-policy="https://smokescreen.app/privacypolicy" + forum="https://forum.privacytools.io/t/discussion-nebulo/3565" + fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" + googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" + source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" +%} + +

+ + + Encrypted DNS Client Recommendations for iOS +

+ +{% + include cardv2.html + title="DNSCloak" + image="/assets/img/png/3rd-party/dnscloak.png" + description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' + website="https://github.com/s-s/dnscloak/blob/master/README.md" + privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" + forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" + ios="https://apps.apple.com/app/id1452162351" + github="https://github.com/s-s/dnscloak" +%} + +

+ + + Definitions +

+ +

DNS-over-TLS (DoT)

+

+ A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. +

+ +

DNS-over-HTTPS (DoH)

+

+ Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} +

+ +

DNSCrypt

+

+ With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. +

+ +

Anonymized DNSCrypt

+

+ A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. +

diff --git a/pages/old.html b/pages/old.html index 2fa08290..cbd4fbc7 100644 --- a/pages/old.html +++ b/pages/old.html @@ -67,7 +67,7 @@ permalink: /classic/ {% include sections/video-frontends.html %} -{% include pages/providers/dns.html %} +{% include sections/dns-software.html %} {% include sections/notebooks.html %} diff --git a/pages/providers/dns.html b/pages/providers/dns.html index 34a8f7dc..cb81326d 100644 --- a/pages/providers/dns.html +++ b/pages/providers/dns.html @@ -7,123 +7,5 @@ breadcrumb: "DNS" --- {% include sections/dns.html %} +{% include sections/dns-software.html %} -

- - - Encrypted DNS Client Recommendations for Desktop -

- -{% - include cardv2.html - title="Unbound" - image="/assets/img/svg/3rd-party/unbound.svg" - description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' - website="https://nlnetlabs.nl/projects/unbound/about/" - forum="https://forum.privacytools.io/t/discussion-unbound/3563" - github="https://github.com/NLnetLabs/unbound" -%} - -{% - include cardv2.html - title="dnscrypt-proxy" - image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" - description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' - website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" - forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" - github="https://github.com/DNSCrypt/dnscrypt-proxy" -%} - -{% - include cardv2.html - title="Stubby" - image="/assets/img/png/3rd-party/stubby.png" - description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' - website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" - forum="https://forum.privacytools.io/t/discussion-stubby/3582" - github="https://github.com/getdnsapi/stubby" -%} - -{% - include cardv2.html - title="Firefox's built-in DNS-over-HTTPS resolver" - image="/assets/img/svg/3rd-party/firefox_browser.svg" - description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." - website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" - privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" - forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" -%} - -

- - - Encrypted DNS Client Recommendations for Android -

- -{% - include cardv2.html - title="Android 9's built-in DNS-over-TLS resolver" - image="/assets/img/svg/3rd-party/android.svg" - description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." - website="https://support.google.com/android/answer/9089903#private_dns" - forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" -%} - -{% - include cardv2.html - title="Nebulo" - image="/assets/img/png/3rd-party/nebulo.png" - description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' - website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" - privacy-policy="https://smokescreen.app/privacypolicy" - forum="https://forum.privacytools.io/t/discussion-nebulo/3565" - fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" - googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" - source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" -%} - -

- - - Encrypted DNS Client Recommendations for iOS -

- -{% - include cardv2.html - title="DNSCloak" - image="/assets/img/png/3rd-party/dnscloak.png" - description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' - website="https://github.com/s-s/dnscloak/blob/master/README.md" - privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" - forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" - ios="https://apps.apple.com/app/id1452162351" - github="https://github.com/s-s/dnscloak" -%} - -

- - - Definitions -

- -

DNS-over-TLS (DoT)

-

- A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. -

- -

DNS-over-HTTPS (DoH)

-

- Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} -

- -

DNSCrypt

-

- With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. -

- -

Anonymized DNSCrypt

-

- A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. -

-- 2.47.2 From 2f12cbefcdaea108c93827cd523d5be65a52b117 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 25 Aug 2020 23:02:55 +0300 Subject: [PATCH 3/5] old.html: restore DNS servers --- pages/old.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pages/old.html b/pages/old.html index cbd4fbc7..073cf116 100644 --- a/pages/old.html +++ b/pages/old.html @@ -67,6 +67,8 @@ permalink: /classic/ {% include sections/video-frontends.html %} +{% include sections/dns.html %} + {% include sections/dns-software.html %} {% include sections/notebooks.html %} -- 2.47.2 From ee25a7c44ad6594754447fe0ca5522bcf0c8974d Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 25 Aug 2020 23:04:28 +0300 Subject: [PATCH 4/5] Actually who not have everything in the DNS page? --- _includes/sections/dns-software.html | 119 -------------------------- _includes/sections/dns.html | 120 +++++++++++++++++++++++++++ pages/old.html | 2 - 3 files changed, 120 insertions(+), 121 deletions(-) delete mode 100644 _includes/sections/dns-software.html diff --git a/_includes/sections/dns-software.html b/_includes/sections/dns-software.html deleted file mode 100644 index 749cb6b8..00000000 --- a/_includes/sections/dns-software.html +++ /dev/null @@ -1,119 +0,0 @@ -

- - - Encrypted DNS Client Recommendations for Desktop -

- -{% - include cardv2.html - title="Unbound" - image="/assets/img/svg/3rd-party/unbound.svg" - description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' - website="https://nlnetlabs.nl/projects/unbound/about/" - forum="https://forum.privacytools.io/t/discussion-unbound/3563" - github="https://github.com/NLnetLabs/unbound" -%} - -{% - include cardv2.html - title="dnscrypt-proxy" - image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" - description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' - website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" - forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" - github="https://github.com/DNSCrypt/dnscrypt-proxy" -%} - -{% - include cardv2.html - title="Stubby" - image="/assets/img/png/3rd-party/stubby.png" - description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' - website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" - forum="https://forum.privacytools.io/t/discussion-stubby/3582" - github="https://github.com/getdnsapi/stubby" -%} - -{% - include cardv2.html - title="Firefox's built-in DNS-over-HTTPS resolver" - image="/assets/img/svg/3rd-party/firefox_browser.svg" - description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." - website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" - privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" - forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" -%} - -

- - - Encrypted DNS Client Recommendations for Android -

- -{% - include cardv2.html - title="Android 9's built-in DNS-over-TLS resolver" - image="/assets/img/svg/3rd-party/android.svg" - description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." - website="https://support.google.com/android/answer/9089903#private_dns" - forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" -%} - -{% - include cardv2.html - title="Nebulo" - image="/assets/img/png/3rd-party/nebulo.png" - description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' - website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" - privacy-policy="https://smokescreen.app/privacypolicy" - forum="https://forum.privacytools.io/t/discussion-nebulo/3565" - fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" - googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" - source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" -%} - -

- - - Encrypted DNS Client Recommendations for iOS -

- -{% - include cardv2.html - title="DNSCloak" - image="/assets/img/png/3rd-party/dnscloak.png" - description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' - website="https://github.com/s-s/dnscloak/blob/master/README.md" - privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" - forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" - ios="https://apps.apple.com/app/id1452162351" - github="https://github.com/s-s/dnscloak" -%} - -

- - - Definitions -

- -

DNS-over-TLS (DoT)

-

- A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. -

- -

DNS-over-HTTPS (DoH)

-

- Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} -

- -

DNSCrypt

-

- With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. -

- -

Anonymized DNSCrypt

-

- A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. -

diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 5c2508c5..161b68a7 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -532,3 +532,123 @@ We also log how many times this or that tracker has been blocked. We need this i + +

+ + + Encrypted DNS Client Recommendations for Desktop +

+ +{% + include cardv2.html + title="Unbound" + image="/assets/img/svg/3rd-party/unbound.svg" + description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' + website="https://nlnetlabs.nl/projects/unbound/about/" + forum="https://forum.privacytools.io/t/discussion-unbound/3563" + github="https://github.com/NLnetLabs/unbound" +%} + +{% + include cardv2.html + title="dnscrypt-proxy" + image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" + description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' + website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" + forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" + github="https://github.com/DNSCrypt/dnscrypt-proxy" +%} + +{% + include cardv2.html + title="Stubby" + image="/assets/img/png/3rd-party/stubby.png" + description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' + website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" + forum="https://forum.privacytools.io/t/discussion-stubby/3582" + github="https://github.com/getdnsapi/stubby" +%} + +{% + include cardv2.html + title="Firefox's built-in DNS-over-HTTPS resolver" + image="/assets/img/svg/3rd-party/firefox_browser.svg" + description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." + website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" + privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" + forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" +%} + +

+ + + Encrypted DNS Client Recommendations for Android +

+ +{% + include cardv2.html + title="Android 9's built-in DNS-over-TLS resolver" + image="/assets/img/svg/3rd-party/android.svg" + description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." + website="https://support.google.com/android/answer/9089903#private_dns" + forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" +%} + +{% + include cardv2.html + title="Nebulo" + image="/assets/img/png/3rd-party/nebulo.png" + description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' + website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" + privacy-policy="https://smokescreen.app/privacypolicy" + forum="https://forum.privacytools.io/t/discussion-nebulo/3565" + fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" + googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" + source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" +%} + +

+ + + Encrypted DNS Client Recommendations for iOS +

+ +{% + include cardv2.html + title="DNSCloak" + image="/assets/img/png/3rd-party/dnscloak.png" + description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' + website="https://github.com/s-s/dnscloak/blob/master/README.md" + privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" + forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" + ios="https://apps.apple.com/app/id1452162351" + github="https://github.com/s-s/dnscloak" +%} + +

+ + + Definitions +

+ +

DNS-over-TLS (DoT)

+

+ A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. +

+ +

DNS-over-HTTPS (DoH)

+

+ Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} +

+ +

DNSCrypt

+

+ With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. +

+ +

Anonymized DNSCrypt

+

+ A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. +

diff --git a/pages/old.html b/pages/old.html index 073cf116..646299fe 100644 --- a/pages/old.html +++ b/pages/old.html @@ -69,8 +69,6 @@ permalink: /classic/ {% include sections/dns.html %} -{% include sections/dns-software.html %} - {% include sections/notebooks.html %} {% include sections/paste-services.html %} -- 2.47.2 From 3f24f03977996097143d87f30761c72b496bad73 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 25 Aug 2020 23:06:43 +0300 Subject: [PATCH 5/5] pages/providers/dns.html: remove extraneous section --- pages/providers/dns.html | 1 - 1 file changed, 1 deletion(-) diff --git a/pages/providers/dns.html b/pages/providers/dns.html index cb81326d..a8d1196d 100644 --- a/pages/providers/dns.html +++ b/pages/providers/dns.html @@ -7,5 +7,4 @@ breadcrumb: "DNS" --- {% include sections/dns.html %} -{% include sections/dns-software.html %} -- 2.47.2