Our great sponsors
-
stubby
Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Overall, while DoT, DoH, and DNSCrypt are all far better than nothing in terms of privacy and security, I would say that DoH is probably the simplest and most effective choice for the average user, while DNSCrypt (or DoT with a flexible client like Stubby) are preferable for users who desire more robust configuration options, or have niche use cases. I tend toward DoH for devices that frequently travel with me, and DNSCrypt or DoT for devices that rarely leave my home.
It should be noted that DNSCrypt v2 offers a unique advantage in the form of relays (Anonymized DNSCrypt), which ensure that domain names and client IP addresses from which DNS requests originate are not visible to providers as well (though this is subject to significantly increased latency). DNSCrypt also makes it easier to utilize multiple resolvers of one's choosing in a round robin configuration (though this can be done with DoT via clients like Stubby as well, it is a bit more time-consuming to set up).
Related posts
- What to do with your DNS when ODoH's Trust-Me-Bruh Model doesn't work for you
- Installing DNSCrypt-Proxy on Silverblue - possible SELinux issue
- SmartDNS – local DNS server that forwards to multiple upstream DNS servers
- I need help with DNScrypt proxy v2 and dnsmasq to prevent dns leaks
- trying to use Anonymized DNS with DNScrypty proxy v2 on openwrt router