A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS.
A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays.
| DNS Provider | Server Locations | Privacy Policy | Type | Logging | Protocols | DNSSEC | QNAME Minimization | Filtering | Source Code | Hosting Provider |
|---|---|---|---|---|---|---|---|---|---|---|
| AdGuard | Anycast (based in Cyprus) | Commercial | No | DoH, DoT, DNSCrypt | Yes | Yes | Based on server choice | Serveroid, LLC | ||
| BlahDNS | Finland, Germany, Japan | Hobby Project | No | DoH, DoT , DNSCrypt | Yes | Yes | Ads, trackers, malicious domains {% include badge.html link="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain" color="warning" icon="fas fa-exclamation-triangle" tooltip="And some wildcard and IDN domains." %} | Choopa, LLC, Data Center Light, Hetzner Online GmbH | ||
| Cloudflare {% include badge.html link="https://codeberg.org/crimeflare/cloudflare-tor/" color="warning" icon="fas fa-exclamation-triangle" tooltip="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization." %} | Anycast (based in US) | Commercial | Some | DoH, DoT | Yes | Yes | Based on server choice | ? | Self | |
| CZ.NIC | Czech Republic | Association | No | DoH, DoT | Yes | Yes | ? | ? | Self | |
| Foundation for Applied Privacy | Austria | Non-Profit | Some | DoH, DoT | Yes | Yes | No | ? | IPAX OG | |
| NextDNS | Anycast (based in US) | Commercial | Based on user choice | DoH, DoT, DNSCrypt | Yes | Yes | Based on server choice | ? | Self | |
| NixNet | Anycast (based in US), US, Luxembourg | Informal collective | No | DoH, DoT | Yes | Yes | Based on server choice | FranTech Solutions | ||
| PowerDNS | The Netherlands | Hobby Project | No | DoH | Yes | No | No | TransIP B.V. Admin | ||
| Quad9 {% include badge.html color="warning" icon="fas fa-exclamation-triangle" tooltip="Founders include the Global Cyber Alliance, composed of the City of London Police and Manhattan District Attorney's Office." %} | Anycast (based in US) | Non-Profit | Some | DoH, DoT, DNSCrypt | Yes | Yes | Malicious domains | ? | Self, Packet Clearing House | |
| Snopyta | Finland | Informal collective | No | DoH, DoT | Yes | Yes | No | ? | Hetzner Online GmbH | |
| UncensoredDNS | Anycast (based in Denmark), Denmark, US | Hobby Project | No | DoT | Yes | No | No | ? | Self, Telia Company AB |