DNS over HTTPS Jump to bottom
623 edited this page Feb 12, 2020 · 157 revisions
DOH
Do DNS resolves over HTTPS for privacy, performance, and security. It also makes it easier to use a name server of your choice instead of the one configured for your system.
Spec
RFC 8484 - DNS Queries over HTTPS (DoH)
Publicly available servers
Who runs it Base URL Comm
Default provides a Default: https://dns.adguard.com/dns-query DNS level, while Fa AdGuard Family protection: https://dns- protection adds ad family.adguard.com/dns-query blocking.
Google https://dns.google/dns-query Full RFC 8484 supp
https://cloudflare-dns.com/dns-query Supports both -04 Cloudflare also available via Tor onion service content-types
Secured provides: Recommended: https://dns.quad9.net/dns- blocklist, DNSSEC, query Client-Subnet Secured: https://dns9.quad9.net/dns-query Unsecured provide Quad9 Unsecured: https://dns10.quad9.net/dns-query blocklist, no DNSS Secured w/ECS Support: Client-Subnet https://dns11.quad9.net/dns-query Recommend is cur identical to secure
Cisco https://doh.opendns.com/dns-query Experimental, No D Umbrella/OpenDNS Who runs it Base URL Comm
anycast DoH serve https://doh.cleanbrowsing.org/doh/family- CleanBrowsing control (restricts ac filter/ content + enforces
Comcast https://doh.xfinity.com/dns-query Experimental, DNS
Cox https://dohdot.coxlab.net/dns-query Experimental, No D
The first cloud-bas https://dns.nextdns.io/
"toy server" which @chantra https://dns.dnsoverhttps.net/dns-query proxy
a server which run @jedisct1 https://doh.crypto.sx/dns-query project called doh in Rust.
PowerDNS https://doh.powerdns.org Based on dnsdist-d
Finland: https://doh-fi.blahdns.com/dns-query Based on Go imple Japan: https://doh-jp.blahdns.com/dns-query knot-resolver, Unb blahdns.com Germany: https://doh-de.blahdns.com/dns- DNSSEC, No ECS, N query Adsblock
Runs Go implemen recursion itself wit NekomimiRouter.com https://dns.dns-over-https.com/dns-query servers. Toy server please report if fai
SecureDNS.eu https://doh.securedns.eu/dns-query No Logging & DN
East China Zone, B Rubyfish.cn https://dns.rubyfish.cn/dns-query https://github.com over-https
Based on m13253/ Unfiltered by Cloudflare: HTTPS, no logging https://dns.containerpi.com/dns-query Subnet enabled. M Filtered by CleanBrowsing, blocks adult in China Mainland ContainerPI content: China Taiwan , Ja https://dns.containerpi.com/doh/family-filter/ Korea , India , Ger Filtered, blocks malicious domains only: România , Russia , https://dns.containerpi.com/doh/secure-filter/ Brazil . Who runs it Base URL Comm
Australian server t @publicarray https://doh-2.seby.io/dns-query @m13253's Go im dns.seby.io https://doh.seby.io:8443/dns-query Unbound with DN and No logs
~20 PoPs worldwid Commons Host https://commons.host Node.js/playdoh o Resolver.
No query/IP loggin DNSSEC enabled. Adblocking DNS: Blocks ads and tra https://doh.dnswarden.com/adblock Adblocking DNS. Uncensored DNS: DnsWarden No filtering in Unc https://doh.dnswarden.com/uncensored Blocks adult conte Adult-filter DNS: trackers and also e https://doh.dnswarden.com/adult-filter safe search for sea and youtube in Ad
Runs on Star Brillia Server US: https://dns-nyc.aaflalo.me/dns- https aaflalo.me query Both servers check Server EU: https://dns.aaflalo.me/dns-query and block advertis
No query/IP loggin QNAME minimizat Foundation for client subnet, TLS https://doh.applied-privacy.net/query Applied Privacy RFC7706, RFC8198 https://applied- privacy.net/service
Runs dnss with loc resolver running D DNSSEC support a upstream. Privacy captnemo.in https://doh.captnemo.in/dns-query details at https://captnemo.i logging or filtering Bangalore, India
Based in Singapore https://doh.tiar.app/dns-query Tiarap block Ad/Ad-track https://doh.tiarap.org/dns-query No ECS, DNSSEC Who runs it Base URL Comm
DNS.SB https://doh.dns.sb/dns-query DNSSEC enabled
No logging, based doh RC querying o FAELIX https://rdns.faelix.net/ recursor resolvers, nodes in UK and C
Runs on dns-over- logging, EDNS Clie doh.li https://doh.li/dns-query enabled, based in London. DNSSEC a not currently enab armadillodns.net https://doh.armadillodns.net/dns-query No source IP loggi
https://jp.tiar.app/dns-query No Censorship, No jp.tiar.app https://jp.tiarap.org/dns-query ECS, support DNSS
DNSSEC, not loggi content, uses doh- edgedns for cachin Association 42l https://doh.42l.fr/dns-query proxied randomly members' open DN (French ISPs comm neutrality).
Uncensored DNS: https://dns.hostux.net/dns- DNSSEC, no EDNS Hostux.net query not logging querie Adblocking DNS: https://dns.hostux.net/ads hosted in Luxembo
Andrews & Arnold https://dns.aa.net.uk/dns-query no logging (see DN
no logging, DNSSE @matthewgall - https://adblock.mydns.network/dns-query DDoS protected (u mydns.network (adblock, using PiHole) by Cloudflare), any
doh-server (nginx unbound), DNSSEC Logged / Uncenso ibksturm.synology.me https://ibksturm.synology.me/dns-query and Root DNS-Zon Hosted in Switzerla ibksturm, aka And Who runs it Base URL Comm
secure nginx, Non Uncensored, hoste jcdns.fun https://jcdns.fun/dns-query Ocean VPS by jam AKA James Campb
Brazilian server tha Unbound with DN recursion with no u servers, QNAME m @null31 https://ibuki.cgnat.net/dns-query TLS 1.3, DoT, unce logging, no ECS, h Google Cloud VPS server -- may fail.
No source IP loggi TWNIC https://dns.twnic.tw/dns-query by Quad101 projec to this announcem
DNS-based ad-blo One-man operatio https://example.doh.blockerdns.com/dns- blockerDNS and DNS query log query and DoT. Charges month for https D
No query/IP loggin QNAME minimizat Digitale Gesellschaft https://dns.digitale-gesellschaft.ch/dns-query DNSSEC; https://w gesellschaft.ch/dns
LibreDNS https://doh.libredns.gr/dns-query no logging, TLS 1.3
Supported in browsers and clients
Name Version Comments
Firefox 62 Firefox DNS-over-HTTPS
Bromite 67.0.3396.88 How to enable DoH
curl 7.62.0 See DOH-implementation
OkHttp 3.11 See Providers Name Version Comments
curl- n/a basic stand-alone DoH client that uses curl doh
https://bugs.chromium.org/p/chromium/issues/detail? Chrome 66 id=799753
DOH Tools
Name Author/Organization Comments
CoreDNS is a DNS server/forwarder, written in Go coredns Cloudflare from the Cloud Native Computing Foundation.
doh-proxy Facebook tools for DoH
dns2doh Daniel tool for generating DOH responses and questions.
doh-proxy Frank Denis server-side proxy in rust
doh-php- can be used to test and run DoH requests via PHP Daniel Cid client applications.
doh-js- client-side implementation of DoH, can be used in Peter Lai client nodejs backend.
DNS proxy and cache, implementing DNS-over-TLS, jDnsProxy Travis Burtrum DNS-over-HTTPS, and Serve-Stale
dns-over- server-side and client-side implementation, written Star Brilliant https in Golang
supports doh, see https://dnsdist.org/guides/dns- dnsdist PowerDNS over-https.html
daemon written in Go which acts as a proxy (the dnss Alberto Bertogli most common use case), and as a server (in case you want end-to-end control).
a daemon that makes gethostbyname(), getaddrinfo(), etc. happen through DoH, without any nss-tls Dima Krasner change to applications, thus transparently migrating all applications that don't use their own resolver (like some browsers) from DNS to DoH.
a middleware to proxy DoH requests to different dealdoh Maxime Elomari DNS upstreams, written in PHP. Name Author/Organization Comments
Encrypted- Siujoeng Lau DNS-over-HTTPS forwarder written in Python DNS
a flexible stub resolver, proxy, and router with RouteDNS Frank Olbricht support for DoH, DoT, and plain DNS written in Go.
an implementation with H2O HTTP/2 server using h2odoh Max Kostikov embedded mruby.
Encrypted can serve DNSCrypt and DoH traffic simultaneously, DNS Frank Denis written in Rust. Server
HTTP/2 server who serves a DOH proxy written in quart-doh Matthieu Treussart Python, with Quart Python web microframework.
a simple add-on for Firefox that allows one to easily EasyDoH ElevenPaths activate DNS over HTTPS and its working mode with just one click.
Other
Script to parse DoH provider URLs from this wiki page
Pages 16
Find a Page…
Home
clang format style
curl tool master client
curl_easy_abort
DNS over HTTPS
DOH implementation
how to git bisect
HTTP 2 Stream Priority and Dependency
HTTP3
JSON
libcurl 8 push access guidelines
QUIC implementation
Realm aware auth API
Trust On First Use
Show 1 more pages…
Clone this wiki locally
https://github.com/curl/curl.wiki.git