Add DNS provider data files and move DNS page

2024-10-01 05:35:57 +00:00 · 2021-05-11 13:37:53 -05:00 · 2021-05-11 13:37:53 -05:00 · a70fa8f0c4
commit a70fa8f0c4
parent f94878ed87
16 changed files with 430 additions and 20 deletions
--- a/_config.yml
+++ b/_config.yml
@ -13,16 +13,10 @@ collections_dir: collections
 collections:
  evergreen:
    output: true
-    permalink: /:name/
+    permalink: /:slug/
-  devices:
+  pages:
    output: true
-    permalink: /devices/:path/
+    permalink: /:path/
  software:
    output: true
    permalink: /software/:path/
  providers:
    output: true
    permalink: /providers/:path/
  posts:
    permalink: /blog/:year/:month/:day/:title/
  people:
--- a/_data/dns/adguard.yml
+++ b/_data/dns/adguard.yml
@ -0,0 +1,30 @@
 title: AdGuard
 homepage: 'https://adguard.com/en/adguard-dns/overview.html'
 source: 'https://github.com/AdguardTeam/AdGuardDNS/'
 anycast: true
 locations:
  - CY
 privacy_policy:
  link: 'https://adguard.com/en/privacy/dns.html'
 type:
  name: Commercial
 logs:
  policy: true
  text: Some
  link: 'https://adguard.com/en/privacy/dns.html'
  tooltip: >-
    We store aggregated performance metrics of our DNS server, namely the number of complete requests to a particular server, the number of blocked requests, the speed of processing requests.
    We keep and store the database of domains requested in the last 24 hours. We need this information to identify and block new trackers and threats.
    We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters.
 protocols:
  - name: DoH
  - name: DoT
  - name: DNSCrypt
 dnssec: true
 qname_minimization: true
 filtering: Based on server choice
 providers:
  - name: Choopa, LLC
    link: 'https://www.choopa.com'
  - name: Serveroid, LLC
    link: 'https://flops.ru/en/about.html'
--- a/_data/dns/blahdns.yml
+++ b/_data/dns/blahdns.yml
@ -0,0 +1,29 @@
 title: BlahDNS
 homepage: 'https://blahdns.com/'
 source: 'https://github.com/ookangzheng/blahdns/'
 anycast: false
 locations:
  - FI
  - DE
  - JP
  - SG
 privacy_policy:
  tooltip: >-
    "No Logs" claim on homepage.
 type:
  name: Hobby Project
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
    tooltip: Additionally supports port 443
  - name: DNSCrypt
 dnssec: true
 qname_minimization: true
 filtering: Some DoH servers can optionally filters ads, trackers, or malicious domains.
 providers:
  - name: Choopa, LLC
    link: 'https://www.choopa.com'
  - name: Hetzner Online GmbH
    link: 'https://www.hetzner.com/'
--- a/_data/dns/cloudflare.yml
+++ b/_data/dns/cloudflare.yml
@ -0,0 +1,25 @@
 title: Cloudflare
 homepage: 'https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/'
 anycast: true
 locations:
  - US
 privacy_policy:
  link: 'https://www.cloudflare.com/privacypolicy/'
 type:
  name: Commercial
 logs:
  policy: true
  text: Some
  link: 'https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/'
  tooltip: >-
    "Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver.
    The 1.1.1.1 resolver service does not log personal data,
    and the bulk of the limited non-personally identifiable query data is only stored for 25 hours."
 protocols:
  - name: DoH
  - name: DoT
 dnssec: true
 qname_minimization: true
 filtering: Based on server choice.
 providers:
  - name: Self
--- a/_data/dns/cznic.yml
+++ b/_data/dns/cznic.yml
@ -0,0 +1,23 @@
 title: CZ.NIC
 homepage: 'https://www.nic.cz/odvr/'
 anycast: false
 locations:
  - CZ
 privacy_policy:
  link: 'https://www.nic.cz/files/documents/20180525_Zasady_zpracovani_osobnich_udaju_AJ.pdf'
  tooltip: >-
    "CZ.NIC temporarily processes IP addresses of devices you are using and never stores it in permanent logs. CZ.NIC stores these IP addresses only temporarily for a few minutes and then CZ.NIC deletes it permanently."
 type:
  name: Association
  link: 'https://www.nic.cz/page/351/about-association/'
  tooltip: >-
    "CZ.NIC is an interest association of legal entities, founded in 1998 by leading providers of Internet services."
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
 dnssec: true
 qname_minimization: true
 providers:
  - name: Self
--- a/_data/dns/foundation-for-applied-privacy.yml
+++ b/_data/dns/foundation-for-applied-privacy.yml
@ -0,0 +1,27 @@
 title: Foundation for Applied Privacy
 homepage: 'https://appliedprivacy.net/services/dns/'
 anycast: false
 locations:
  - AT
 privacy_policy:
  link: 'https://appliedprivacy.net/privacy-policy'
 type:
  name: Non-Profit
 logs:
  policy: true
  text: Some
  link: 'https://applied-privacy.net//privacy-policy/'
  tooltip: >-
    "We do NOT log your IP address or DNS queries during normal operations.
    We do NOT share query data with third parties that are not directly involved with resolving the query
    (i.e. sending queries to authoritative nameservers for resolution)."
 protocols:
  - name: DoH
  - name: DoT
    tooltip: Additionally supports port 443
 dnssec: true
 qname_minimization: true
 filtering: None
 providers:
  - name: IPAX OG
    link: 'https://www.ipax.at/'
--- a/_data/dns/libredns.yml
+++ b/_data/dns/libredns.yml
@ -0,0 +1,25 @@
 title: LibreDNS
 homepage: 'https://libredns.gr/'
 source: 'https://gitlab.com/libreops/libredns'
 anycast: false
 locations:
  - DE
 privacy_policy:
  link: 'https://libreops.cc/terms.html'
 type:
  name: Informal Collective
  link: 'https://libreho.st/'
  tooltip: >-
    Part of LibreHosters,
    "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
 dnssec: false
 qname_minimization: true
 filtering: Based on server choice (DoH servers only)
 providers:
  - name: Hetzner Online GmbH
    link: 'https://www.hetzner.com/'
--- a/_data/dns/nextdns.yml
+++ b/_data/dns/nextdns.yml
@ -0,0 +1,25 @@
 title: NextDNS
 homepage: 'https://www.nextdns.io/'
 anycast: true
 locations:
  - US
 privacy_policy:
  link: 'https://www.nextdns.io/privacy'
 type:
  name: Commercial
 logs:
  policy: true
  text: Optional
  tooltip: >-
    NextDNS can provide insights and logging features on an opt-in basis.
    Users can choose retention times and log storage locations for any logs they choose to keep.
  color: info
 protocols:
  - name: DoH
  - name: DoT
  - name: DNSCrypt
 dnssec: true
 qname_minimization: true
 filtering: Based on server choice
 providers:
  - name: Self
--- a/_data/dns/nixnet.yml
+++ b/_data/dns/nixnet.yml
@ -0,0 +1,26 @@
 title: NixNet
 homepage: 'https://nixnet.xyz/'
 source: 'https://git.nixnet.xyz/NixNet/dns'
 anycast: true
 locations:
  - US
  - LU
 privacy_policy:
  link: 'https://nixnet.xyz/privacy/'
 type:
  name: Informal Collective
  link: 'https://libreho.st/'
  tooltip: >-
    Part of LibreHosters,
    "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
 dnssec: true
 qname_minimization: true
 filtering: Based on server choice
 providers:
  - name: Frantech Solutions
    link: 'https://frantech.ca/'
--- a/_data/dns/powerdns.yml
+++ b/_data/dns/powerdns.yml
@ -0,0 +1,20 @@
 title: PowerDNS
 homepage: 'https://powerdns.org/'
 source: 'https://github.com/PowerDNS/pdns'
 anycast: false
 locations:
  - NL
 privacy_policy:
  link: 'https://powerdns.org/doh/privacy.html'
 type:
  name: Hobby Project
 logs:
  policy: false
 protocols:
  - name: DoH
 dnssec: true
 qname_minimization: false
 filtering: None
 providers:
  - name: TransIP B.V. Admin
    link: 'https://www.transip.nl/'
--- a/_data/dns/quad9.yml
+++ b/_data/dns/quad9.yml
@ -0,0 +1,25 @@
 title: Quad9
 homepage: 'https://quad9.net/'
 anycast: true
 locations:
  - CH
 privacy_policy:
  link: 'https://quad9.net/policy/'
 type:
  name: Non-Profit
 logs:
  policy: true
  text: Some
  tooltip: >-
    "Our normal course of data management does not have any IP address information or other PII logged to disk or transmitted out of the location in which the query was received."
 protocols:
  - name: DoH
  - name: DoT
  - name: DNSCrypt
 dnssec: true
 qname_minimization: true
 filtering: Malware blocking by default
 providers:
  - name: Self
  - name: Packet Clearing House
    link: 'https://www.pch.net/'
--- a/_data/dns/snoptya.yml
+++ b/_data/dns/snoptya.yml
@ -0,0 +1,24 @@
 title: Snoptya
 homepage: 'https://snopyta.org/service/dns/index.html'
 anycast: false
 locations:
  - FI
 privacy_policy:
  link: 'https://snopyta.org/privacy_policy/'
 type:
  name: Informal Collective
  link: 'https://libreho.st/'
  tooltip: >-
    Part of LibreHosters,
    "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
 dnssec: true
 qname_minimization: true
 filtering: None
 providers:
  - name: Hetzner Online GmbH
    link: 'https://www.hetzner.com/'
--- a/_data/dns/uncensoreddns.yml
+++ b/_data/dns/uncensoreddns.yml
@ -0,0 +1,31 @@
 title: UncensoredDNS
 homepage: 'https://blog.uncensoreddns.org/'
 source: 'https://github.com/AdguardTeam/AdGuardDNS/'
 anycast: true
 locations:
  - DE
  - US
 privacy_policy:
  link: 'https://blog.uncensoreddns.org/faq/'
  tooltip: >-
    "Absolutely nothing is being logged, neither about the users nor the usage of this service.
    I do keep graphs of the total number of queries, but no personally identifiable information is saved.
    The data that is saved will never be sold or used for anything except capacity planning of the service."
 type:
  name: Hobby Project
 logs:
  policy: false
 protocols:
  - name: DoH
  - name: DoT
 dnssec: true
 qname_minimization: false
 filtering: None
 providers:
  - name: DeiC
    link: 'https://www.deic.dk'
  - name: Kracon ApS
    link: 'https://kracon.dk'
  - name: RGnet OU
  - name: Telia Company AB
    link: 'https://www.telia.dk'
--- a/_data/nav/2_providers.yml
+++ b/_data/nav/2_providers.yml
@ -8,7 +8,7 @@ items:
  - type: link
    title: DNS Servers
    icon: fad fa-map-signs
-    file: legacy_pages/providers/dns.html
+    file: _pages/providers/dns.md
  - type: link
    title: Email Providers
    icon: fad fa-envelope
--- a/collections/_pages/providers/dns.md
+++ b/collections/_pages/providers/dns.md
@ -0,0 +1,116 @@
 ---
 layout: page
 title: "Encrypted DNS Resolvers"
 description: "Don't let Google see all your DNS traffic. Discover privacy-centric alternatives to the traditional DNS providers."
 breadcrumb: "DNS"
 ---
 <div class="alert alert-warning" role="alert">
  DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides <em>only</em> your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here. See the <a href="#dns-definitions">definitions</a> below.
 </div>
 {% include recommendation-table.html data='dns' %}
 ## Encrypted DNS Clients for Desktop
 {%
  include legacy/cardv2.html
  title="Unbound"
  image="/assets/img/legacy_svg/3rd-party/unbound.svg"
  description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been <a href="https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/">independently audited</a>.'
  website="https://nlnetlabs.nl/projects/unbound/about/"
  github="https://github.com/NLnetLabs/unbound"
 %}
 {%
  include legacy/cardv2.html
  title="dnscrypt-proxy"
  image="/assets/img/legacy_svg/3rd-party/dnscrypt-proxy.svg"
  description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and <a href="https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt">Anonymized DNSCrypt</a>, a <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">relay-based protocol that the hides client IP address.</a>'
  website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki"
  github="https://github.com/DNSCrypt/dnscrypt-proxy"
 %}
 {%
  include legacy/cardv2.html
  title="Stubby"
  image="/assets/img/legacy_png/3rd-party/stubby.png"
  description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in <a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound/Stubbycombination">combination with Unbound</a> by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.'
  website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby"
  github="https://github.com/getdnsapi/stubby"
 %}
 {%
  include legacy/cardv2.html
  title="Firefox's built-in DNS-over-HTTPS resolver"
  image="/assets/img/legacy_svg/3rd-party/firefox_browser.svg"
  description='Firefox comes with built-in DNS-over-HTTPS support for <a href="https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/">NextDNS and Cloudflare</a> but users can manually use any other DoH resolver.'
  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox."
  website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https"
  privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy"
 %}
 ## Encrypted DNS Clients for Android
 {%
  include legacy/cardv2.html
  title="Android 9's built-in DNS-over-TLS resolver"
  image="/assets/img/legacy_svg/3rd-party/android.svg"
  description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application."
  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS."
  website="https://support.google.com/android/answer/9089903#private_dns"
 %}
 {%
  include legacy/cardv2.html
  title="Nebulo"
  image="/assets/img/legacy_png/3rd-party/nebulo.png"
  description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.'
  website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md"
  privacy-policy="https://smokescreen.app/privacypolicy"
  fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid"
  googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen"
  source="https://git.frostnerd.com/PublicAndroidApps/smokescreen"
 %}
 ## Encrypted DNS Clients for iOS
 {%
  include legacy/cardv2.html
  title="DNSCloak"
  image="/assets/img/legacy_png/3rd-party/dnscloak.png"
  description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki">dnscrypt-proxy</a> options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can <a href="https://blog.privacytools.io/adding-custom-dns-over-https-resolvers-to-dnscloak/">add custom resolvers by DNS stamp</a>.'
  website="https://github.com/s-s/dnscloak/blob/master/README.md"
  privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view"
  ios="https://apps.apple.com/app/id1452162351"
  github="https://github.com/s-s/dnscloak"
 %}
 ## Native Operating System Support
 <p>
  In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in <em>Safari</em>).
  After installation, the encrypted DNS server can be selected in <em>Settings &rarr; General &rarr; VPN and Network &rarr; DNS</em>.
 </p>
 <ul>
  <li><strong>Signed profiles</strong> are offered by <a href="https://adguard.com/en/blog/encrypted-dns-ios-14.html">AdGuard</a> and <a href="https://apple.nextdns.io/">NextDNS</a>.</li>
 </ul>
 ## Definitions
 <p><strong>DNS-over-TLS (DoT):</strong>
  A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
 </p>
 <p><strong>DNS-over-HTTPS (DoH):</strong>
  Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
 </p>
 <p><strong>DNSCrypt:</strong>
  With an <a href="https://dnscrypt.info/protocol/">open specification</a>, DNSCrypt is an older, yet robust method for encrypting DNS.
 </p>
 <p><strong>Anonymized DNSCrypt:</strong>
  A <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">lightweight protocol</a> that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by <a href="#dns-desktop-clients">dnscrypt-proxy</a> and a limited number of <a href="https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/relays.md">relays</a>.
 </p>
--- a/legacy_pages/providers/dns.html
+++ b/legacy_pages/providers/dns.html
@ -1,10 +0,0 @@
 ---
 layout: page
 permalink: /providers/dns/
 title: "Encrypted DNS Resolvers"
 description: "Don't let Google see all your DNS traffic. Discover privacy-centric alternatives to the traditional DNS providers."
 breadcrumb: "DNS"
 ---
 {% include legacy/sections/dns.html %}