From 1cf6b13a86186463821e3c226e53046e36883c05 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sat, 12 Sep 2020 08:28:01 +0300 Subject: [PATCH] DNS: migrate software suggestions from DNS page to DNS section to make it appear in /classic (#2028) --- _includes/sections/dns.html | 120 ++++++++++++++++++++++++++++++++++++ pages/providers/dns.html | 119 ----------------------------------- 2 files changed, 120 insertions(+), 119 deletions(-) diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html index 5c2508c5..161b68a7 100644 --- a/_includes/sections/dns.html +++ b/_includes/sections/dns.html @@ -532,3 +532,123 @@ We also log how many times this or that tracker has been blocked. We need this i + +

+ + + Encrypted DNS Client Recommendations for Desktop +

+ +{% + include cardv2.html + title="Unbound" + image="/assets/img/svg/3rd-party/unbound.svg" + description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' + website="https://nlnetlabs.nl/projects/unbound/about/" + forum="https://forum.privacytools.io/t/discussion-unbound/3563" + github="https://github.com/NLnetLabs/unbound" +%} + +{% + include cardv2.html + title="dnscrypt-proxy" + image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" + description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' + website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" + forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" + github="https://github.com/DNSCrypt/dnscrypt-proxy" +%} + +{% + include cardv2.html + title="Stubby" + image="/assets/img/png/3rd-party/stubby.png" + description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' + website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" + forum="https://forum.privacytools.io/t/discussion-stubby/3582" + github="https://github.com/getdnsapi/stubby" +%} + +{% + include cardv2.html + title="Firefox's built-in DNS-over-HTTPS resolver" + image="/assets/img/svg/3rd-party/firefox_browser.svg" + description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." + website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" + privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" + forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" +%} + +

+ + + Encrypted DNS Client Recommendations for Android +

+ +{% + include cardv2.html + title="Android 9's built-in DNS-over-TLS resolver" + image="/assets/img/svg/3rd-party/android.svg" + description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." + labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." + website="https://support.google.com/android/answer/9089903#private_dns" + forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" +%} + +{% + include cardv2.html + title="Nebulo" + image="/assets/img/png/3rd-party/nebulo.png" + description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' + website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" + privacy-policy="https://smokescreen.app/privacypolicy" + forum="https://forum.privacytools.io/t/discussion-nebulo/3565" + fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" + googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" + source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" +%} + +

+ + + Encrypted DNS Client Recommendations for iOS +

+ +{% + include cardv2.html + title="DNSCloak" + image="/assets/img/png/3rd-party/dnscloak.png" + description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' + website="https://github.com/s-s/dnscloak/blob/master/README.md" + privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" + forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" + ios="https://apps.apple.com/app/id1452162351" + github="https://github.com/s-s/dnscloak" +%} + +

+ + + Definitions +

+ +

DNS-over-TLS (DoT)

+

+ A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. +

+ +

DNS-over-HTTPS (DoH)

+

+ Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} +

+ +

DNSCrypt

+

+ With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. +

+ +

Anonymized DNSCrypt

+

+ A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. +

diff --git a/pages/providers/dns.html b/pages/providers/dns.html index 34a8f7dc..a8d1196d 100644 --- a/pages/providers/dns.html +++ b/pages/providers/dns.html @@ -8,122 +8,3 @@ breadcrumb: "DNS" {% include sections/dns.html %} -

- - - Encrypted DNS Client Recommendations for Desktop -

- -{% - include cardv2.html - title="Unbound" - image="/assets/img/svg/3rd-party/unbound.svg" - description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.' - website="https://nlnetlabs.nl/projects/unbound/about/" - forum="https://forum.privacytools.io/t/discussion-unbound/3563" - github="https://github.com/NLnetLabs/unbound" -%} - -{% - include cardv2.html - title="dnscrypt-proxy" - image="/assets/img/svg/3rd-party/dnscrypt-proxy.svg" - description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.' - website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki" - forum="https://forum.privacytools.io/t/discussion-dnscrypt-proxy/1498" - github="https://github.com/DNSCrypt/dnscrypt-proxy" -%} - -{% - include cardv2.html - title="Stubby" - image="/assets/img/png/3rd-party/stubby.png" - description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.' - website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" - forum="https://forum.privacytools.io/t/discussion-stubby/3582" - github="https://github.com/getdnsapi/stubby" -%} - -{% - include cardv2.html - title="Firefox's built-in DNS-over-HTTPS resolver" - image="/assets/img/svg/3rd-party/firefox_browser.svg" - description='Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver.' - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox." - website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https" - privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy" - forum="https://forum.privacytools.io/t/discussion-firefox-s-built-in-dns-over-https-resolver/3564" -%} - -

- - - Encrypted DNS Client Recommendations for Android -

- -{% - include cardv2.html - title="Android 9's built-in DNS-over-TLS resolver" - image="/assets/img/svg/3rd-party/android.svg" - description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application." - labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS." - website="https://support.google.com/android/answer/9089903#private_dns" - forum="https://forum.privacytools.io/t/discussion-android-9s-built-in-dns-over-tls-resolver/3562" -%} - -{% - include cardv2.html - title="Nebulo" - image="/assets/img/png/3rd-party/nebulo.png" - description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.' - website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md" - privacy-policy="https://smokescreen.app/privacypolicy" - forum="https://forum.privacytools.io/t/discussion-nebulo/3565" - fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid" - googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen" - source="https://git.frostnerd.com/PublicAndroidApps/smokescreen" -%} - -

- - - Encrypted DNS Client Recommendations for iOS -

- -{% - include cardv2.html - title="DNSCloak" - image="/assets/img/png/3rd-party/dnscloak.png" - description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.' - website="https://github.com/s-s/dnscloak/blob/master/README.md" - privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view" - forum="https://forum.privacytools.io/t/discussion-dnscloak/3566" - ios="https://apps.apple.com/app/id1452162351" - github="https://github.com/s-s/dnscloak" -%} - -

- - - Definitions -

- -

DNS-over-TLS (DoT)

-

- A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. -

- -

DNS-over-HTTPS (DoH)

-

- Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %} -

- -

DNSCrypt

-

- With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS. -

- -

Anonymized DNSCrypt

-

- A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays. -