Ilya-S-Zharskiy
dns2socks чебурнет adguard Shadowsocks DNSCryptProxy2 роскомпозор ODoH обход_блокировок docker DNS-proxy DNSSEC doh unbound DoQ privacy antiZapret DNS dnsleaktest ТСПУ wireguard суверенный_рунет DNSCrypt блокировка_VPN сувенирный_интернет АСБИ DNS-over-HTTPS habrastorage.org

Обход блокировок: настройка сервера XRay для Shadowsocks-2022 и VLESS с XTLS-Vision, Websockets и фейковым веб-сайтом

_habr.com/ru/articles/728836/
Ilya-S-Zharskiy
dns2socks adguard unbound Knot privacy DnsJumper dot dnsdist namebench dnsleaktest DNSBench ipcipher OpenNIC dnsmasq DNS-proxy dnsperf-tcp wireguard DNS-Resolvers DNSCrypt DNSSEC DNS-Privacy Acrylic DNS-over-HTTPS Stubby nlnetlabs.nl
Unbound or Knot
github.com
A validating, recursive, caching DNS resolvers (DoT)
knot-resolver.cz
github.com

github.com

dnsprivacy.org
Stubby
DNS queries are sent to resolvers over an encrypted TLS connection providing increased privacy
dnsprivacy.org
dnsprivacy.org
dnsprivacy.org
wiki.archlinux.org

dnscrypt.info
DNScrypt
Modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and oDoH (Oblivious DoH)
github.com
github.com
github.com
github.com



sourceforge.net

Acrylic is a local DNS proxy for Windows which improves the performance of your computer by caching the responses coming from your DNS servers and helps you fight unwanted ads through the use of a custom HOSTS file (optimized for handling hundreds of thousands of domain names) with support for wildcards and regular expressions.



DNSSEC allows a resolver to verify the records received from authoritative servers.

DNSCrypt allows a client to verify the records received from a resolver.



DNSSEC is the industry "standard", ironically, find me where its in wide use.DNSCrypt is in use with opendns and many other dns services.DNSCrypt has the ability to stop MITM DNS HIJACKING, SPOOFING, ETC, whereas DNSSEC will not. However DNSSEC is supposed to be what the "industry" has adopted (yeah like IPV6 LOL). It provides a chain of trust that the answer you get should be authentic, but truthfully cannot prevent or stop MITM they way DNSCrypt can.Your best bet is to use DNSCrypt, DNSSEC, and UNBOUND together.I think OPENDNS has a really good explanation opendns.com

sourceforge.net


What is Nebulo ?

When navigating to a website known by it's name, say example.com, your device ask specific servers — DNS servers — how to address the website. DNS is an old protocol which, except for smaller changes, hasn't been touched since its creation in 1987. Naturally the Internet changed a lot in this time, rendering the protocol outdated in some of its core aspects.

This app tackles one of the bigger problems with DNS: Encryption.

Whilst nearly all traffic on the Internet is encrypted now, DNS requests (i.e. questions for a names address) and the response aren't. This enables attackers to intercept, read and modify your requests.

Nebulo is a DNS changer which implements DNS-over-HTTPs and DNS-over-TLS to safely send your DNS requests to the target server. This way only you and the DNS server are able to read the requests you are sending.

Core features:


Configure the app once and then forget about it. After initial configuration it works fully autonomous

No ads and no tracking

Custom servers can be used

Low battery consumption


This app is open source. The source code can be accessed from within the app.


RethinkDNS

An OpenSnitch-inspired firewall and network monitor + a pi-hole-inspired DNS over HTTPS client with blocklists.

github.com — DNS Benchmark
report.opennicproject.org
dnsleaktest.com
cmdns.dev.dns-oarc.net
monitor.dnsprivacy.org

github.com

github.com
Quad9 is a global public recursive DNS resolver which aims to protect users from malware and phishing.
quad9.net
dnsprivacy.org

norguhtar
unbound Товарищи реальне ебанулись. Если у вас есть ipv6 в системе и DNS имеет адрес в ipv6,
то никоим образом нельзя отключить его использование так чтобы для таких записей не сломался ipv4.
Судя по всему нормально и по всем RFC работает только bind который нихрена не оптимален и жрет дофига ресурсов,
но в отличии от всяких новомодных кешеров просто работает.