From f94878ed87a8f7a6f171d3ba726595134c1efc6c Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Tue, 11 May 2021 13:37:36 -0500
Subject: [PATCH] Create recommendation table templates

---
 _includes/country.html              |   1 +
 _includes/legacy/sections/dns.html  | 661 ----------------------------
 _includes/recommendation-table.html |  13 +
 _includes/table-header-dns.html     |  11 +
 _includes/table-row-dns.html        |  54 +++
 5 files changed, 79 insertions(+), 661 deletions(-)
 create mode 100644 _includes/country.html
 delete mode 100644 _includes/legacy/sections/dns.html
 create mode 100644 _includes/recommendation-table.html
 create mode 100644 _includes/table-header-dns.html
 create mode 100644 _includes/table-row-dns.html

diff --git a/_includes/country.html b/_includes/country.html
new file mode 100644
index 00000000..032250f7
--- /dev/null
+++ b/_includes/country.html
@@ -0,0 +1 @@
+<span class="text-nowrap"><span class="flag-icon flag-icon-{{ include.cc | escape | downcase }}" title='{{ site.data.country[include.cc] | escape }}' aria-hidden="true"></span> {{ site.data.country[include.cc] | escape }}</span>
diff --git a/_includes/legacy/sections/dns.html b/_includes/legacy/sections/dns.html
deleted file mode 100644
index 347a6ec9..00000000
--- a/_includes/legacy/sections/dns.html
+++ /dev/null
@@ -1,661 +0,0 @@
-<h2 id="dns" class="anchor">
-  <a href="#dns"><i class="fas fa-link anchor-icon"></i></a> Encrypted DNS Resolvers
-</h2>
-
-<div class="alert alert-warning" role="alert">
-  DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides <em>only</em> your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here. See the <a href="#dns-definitions">definitions</a> below.
-</div>
-
-<div id="dns-table" class="table-responsive">
-  <table class="table sortable-theme-bootstrap" data-sortable>
-    <thead>
-      <tr>
-        <th data-sorted="true" data-sorted-direction="ascending">DNS Provider</th>
-        <th data-sortable="true">Server Locations</th>
-        <th data-sortable="false">Privacy Policy</th>
-        <th data-sortable="true">Type</th>
-        <th data-sortable="true">Logging</th>
-        <th data-sortable="true">Protocols</th>
-        <th data-sortable="true">DNSSEC</th>
-        <th data-sortable="true">QNAME Minimization</th>
-        <th data-sortable="true">Filtering</th>
-        <th data-sortable="true">Source Code</th>
-        <th data-sortable="true">Hosting Provider</th>
-      </tr>
-    </thead>
-    <tbody>
-      <tr>
-        <td data-value="AdGuard">
-          <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a>
-        </td>
-        <td>Anycast (based in
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-cy"></span>
-              Cyprus)
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://adguard.com/en/privacy/dns.html">
-            <span class="fad fa-globe"></span>
-          </a>
-        </td>
-        <td>Commercial</td>
-       <td><a data-bs-toggle="tooltip" data-bs-placement="bottom" title='"We store aggregated performance metrics of our DNS server, namely the number of complete requests to a particular server, the number of blocked requests, the speed of processing requests.
-We keep and store the database of domains requested in the last 24 hours. We need this information to identify and block new trackers and threats.
-We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters."' href="https://adguard.com/en/privacy/dns.html">Some</a></td>
-        <td>DoH, DoT, DNSCrypt</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Based on server choice
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://github.com/AdguardTeam/AdGuardDNS/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.choopa.com/">Choopa, LLC</a>,
-          </span>
-          <span class="no-text-wrap">
-            <a href="https://flops.ru/en/about.html">Serveroid, LLC</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="BlahDNS">
-          <a href="https://blahdns.com/">BlahDNS</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-fi"></span>
-            Finland,
-          </span>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-de"></span>
-            Germany,
-          </span>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-jp"></span>
-            Japan
-          </span>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-sg"></span>
-            Singapore
-          </span>
-        </td>
-        <td>
-          <div
-            class="btn btn-primary btn-icon"
-            title="&quot;No logs.&quot;"
-            data-bs-toggle="tooltip"
-            data-bs-placement="bottom">
-            <span class="fas fa-globe"></span>
-          </div>
-        </td>
-        <td>Hobby Project</td>
-        <td>No</td>
-        <td data-value="dot/443">
-          <span class="no-text-wrap">
-            DoH,
-            <span data-bs-toggle="tooltip" data-bs-placement="bottom" title="Supports port 443 in addition to 853">
-              DoT <span class="fas fa-info-circle fa-sm text-muted"></span>,
-            </span>
-          </span>
-          DNSCrypt
-        </td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Ads, trackers,
-          </span>
-          <span class="no-text-wrap">
-            malicious domains
-          </span>
-          <span class="no-text-wrap">
-            Based on server choice only for DoH
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://github.com/ookangzheng/blahdns/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.choopa.com/">Choopa, LLC</a>,
-          </span>
-          <span class="no-text-wrap">
-            <a href="https://www.hetzner.com/">Hetzner Online GmbH</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="Cloudflare">
-          <a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a>
-        </td>
-        <td>Anycast (based in
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-us"></span>
-            US)
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://www.cloudflare.com/privacypolicy/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>Commercial</td>
-        <td><a data-bs-toggle="tooltip" data-bs-placement="bottom" title="Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is only stored for 25 hours." href="https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/">Some</a></td>
-        <td>DoH, DoT</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Based on server choice
-          </span>
-        </td>
-        <td>?</td>
-        <td>Self</td>
-      </tr>
-
-      <tr>
-        <td data-value="CZ.NIC">
-          <a href="https://www.nic.cz/odvr/">CZ.NIC</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-cz"></span>
-            Czech Republic
-          </span>
-        </td>
-        <td>
-          <div
-            class="btn btn-primary btn-icon"
-            title="&quot;CZ.NIC resolvers neither collect any personal data nor gather information on pages where your computer sends personal data.&quot;"
-            data-bs-toggle="tooltip"
-            data-bs-placement="bottom">
-            <span class="fas fa-globe"></span>
-          </div>
-        </td>
-        <td><a data-bs-toggle="tooltip" data-bs-placement="bottom" title='"CZ.NIC is an interest association of legal entities, founded in 1998 by leading providers of Internet services."' href="https://www.nic.cz/page/351/about-association/">Association</a></td>
-        <td>No</td>
-        <td>DoH, DoT</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td data-value="No">?</td>
-        <td>?</td>
-        <td>Self</td>
-      </tr>
-
-      <tr>
-        <td data-value="Foundation for Applied Privacy">
-          <a href="https://appliedprivacy.net/services/dns/">Foundation for Applied Privacy</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-at"></span>
-            Austria
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://appliedprivacy.net/privacy-policy">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>Non-Profit</td>
-        <td><a data-bs-toggle="tooltip" data-bs-placement="bottom" title='"We do NOT log your IP address or DNS queries during normal operations. We do NOT share query data with third parties that are not directly involved with resolving the query (i.e. sending queries to authoritative nameservers for resolution)."' href="https://appliedprivacy.net/privacy-policy/">Some</a></td>
-        <td data-value="dot/443">
-          <span class="no-text-wrap">
-            DoH,
-            <span data-bs-toggle="tooltip" data-bs-placement="bottom" title="Supports port 443 in addition to 853">
-              DoT <span class="fas fa-info-circle fa-sm text-muted"></span>
-            </span>
-          </span>
-        </td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>No</td>
-        <td>?</td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.ipax.at/">IPAX OG</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="LibreDNS">
-          <a href="https://libredns.gr/">LibreDNS</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-de"></span>
-            Germany
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://libreops.cc/terms.html">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <a data-bs-toggle="tooltip" data-bs-placement="bottom" title="Part of LibreHosters, &quot;a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms.&quot;" href="https://libreho.st/">
-            Informal collective
-          </a>
-        </td>
-        <td>No</td>
-        <td>DoH, DoT</td>
-        <td>No</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Based on server choice only for DoH
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://gitlab.com/libreops/libredns">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.hetzner.com/">Hetzner Online GmbH</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="nextdns">
-          <a href="https://www.nextdns.io/">NextDNS</a>
-        </td>
-        <td>Anycast (based in
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-us"></span>
-            US)
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://www.nextdns.io/privacy">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>Commercial</td>
-        <td>
-          <a data-bs-toggle="tooltip" data-bs-placement="bottom" title='"Some of the features require some sort of data retention. In that case, we give our users the choice to granularly or completely disable those features (and associated data retention), and we follow up immediately on that promise"' href="https://www.nextdns.io/privacy">Based on user choice</a>
-        </td>
-        <td>DoH, DoT, DNSCrypt</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Based on server choice
-          </span>
-        </td>
-        <td>?</td>
-        <td>Self</td>
-      </tr>
-
-      <tr>
-        <td data-value="NixNet">
-          <a href="https://nixnet.xyz/">NixNet</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            Anycast (based in
-            <span class="flag-icon flag-icon-us"></span>
-            US),
-          </span>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-us"></span>
-            US,
-          </span>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-lu"></span>
-            Luxembourg
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://nixnet.xyz/privacy/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <a data-bs-toggle="tooltip" data-bs-placement="bottom" title='Part of LibreHosters, "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."' href="https://libreho.st/">
-            Informal collective
-          </a>
-        </td>
-        <td>No</td>
-        <td>DoH, DoT</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Based on server choice
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://git.nixnet.xyz/NixNet/dns">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://frantech.ca/">FranTech Solutions</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="PowerDNS">
-          <a href="https://powerdns.org/">PowerDNS</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-nl"></span>
-            The Netherlands
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://powerdns.org/doh/privacy.html">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>Hobby Project</td>
-        <td>No</td>
-        <td>DoH</td>
-        <td>Yes</td>
-        <td>No</td>
-        <td>No</td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://github.com/PowerDNS/pdns">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.transip.nl/">TransIP B.V. Admin</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="Quad9">
-          <a href="https://quad9.net/">Quad9</a>
-        </td>
-        <td>Anycast (based in
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-ch"></span>
-            Switzerland)
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://quad9.net/policy/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>Non-Profit</td>
-        <td><a data-bs-toggle="tooltip" data-bs-placement="bottom" title='"Our normal course of data management does not have any IP address information or other PII logged to disk or transmitted out of the location in which the query was received."' href="https://quad9.net/policy/">Some</a></td>
-        <td>DoH, DoT, DNSCrypt</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            Malicious domains
-          </span>
-        </td>
-        <td>?</td>
-        <td>
-          Self,
-          <span class="no-text-wrap">
-            <a href="https://www.pch.net/">Packet Clearing House</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="Snopyta">
-          <a href="https://snopyta.org/service/dns/index.html">Snopyta</a>
-        </td>
-        <td>
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-fi"></span>
-            Finland
-          </span>
-        </td>
-        <td>
-          <a
-            class="btn btn-primary btn-icon"
-            href="https://snopyta.org/privacy_policy/">
-            <span class="fas fa-globe"></span>
-          </a>
-        </td>
-        <td>
-          <a data-bs-toggle="tooltip" data-bs-placement="bottom" title="Part of LibreHosters, &quot;a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms.&quot;" href="https://libreho.st/">
-            Informal collective
-          </a>
-        </td>
-        <td>No</td>
-        <td>DoH, DoT</td>
-        <td>Yes</td>
-        <td>Yes</td>
-        <td>
-          <span class="no-text-wrap">
-            No
-          </span>
-        </td>
-        <td>?</td>
-        <td>
-          <span class="no-text-wrap">
-            <a href="https://www.hetzner.com/">Hetzner Online GmbH</a>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td data-value="UncensoredDNS">
-          <a href="https://blog.uncensoreddns.org/">UncensoredDNS</a>
-        </td>
-        <td>Anycast (based in
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-dk"></span>
-            Denmark),
-          </span>
-
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-dk"></span>
-            Denmark,
-            </span>
-
-          <span class="no-text-wrap">
-            <span class="flag-icon flag-icon-us"></span>
-            US
-          </span>
-        </td>
-        <td>
-          <div
-            class="btn btn-primary btn-icon"
-            title="&quot;Absolutely nothing is being logged, neither about the users nor the usage of this service. I do keep graphs of the total number of queries, but no personally identifiable information is saved. The data that is saved will never be sold or used for anything except capacity planning of the service.&quot;"
-            data-bs-toggle="tooltip"
-            data-bs-placement="bottom">
-            <span class="fas fa-globe"></span>
-          </div>
-        </td>
-        <td>Hobby Project</td>
-        <td>No</td>
-        <td data-value="doh">DoH, DoT</td> <!-- "hack" to group "DoT" values (when sorted) with "DoH" values -->
-        <td>Yes</td>
-        <td>No</td>
-        <td>No</td>
-        <td>?</td>
-        <td>
-          Self,
-          <span class="no-text-wrap">
-            <a href="https://www.teliacompany.com">Telia Company AB</a>
-          </span>
-        </td>
-      </tr>
-    </tbody>
-  </table>
-</div>
-
-<h2 id="dns-desktop-clients" class="anchor">
-  <a href="#dns-desktop-clients">
-    <i class="fas fa-link anchor-icon"></i>
-  </a> Encrypted DNS Client Recommendations for Desktop
-</h2>
-
-{%
-  include legacy/cardv2.html
-  title="Unbound"
-  image="/assets/img/legacy_svg/3rd-party/unbound.svg"
-  description='A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been <a href="https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/">independently audited</a>.'
-  website="https://nlnetlabs.nl/projects/unbound/about/"
-  github="https://github.com/NLnetLabs/unbound"
-%}
-
-{%
-  include legacy/cardv2.html
-  title="dnscrypt-proxy"
-  image="/assets/img/legacy_svg/3rd-party/dnscrypt-proxy.svg"
-  description='A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and <a href="https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt">Anonymized DNSCrypt</a>, a <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">relay-based protocol that the hides client IP address.</a>'
-  website="https://github.com/DNSCrypt/dnscrypt-proxy/wiki"
-  github="https://github.com/DNSCrypt/dnscrypt-proxy"
-%}
-
-{%
-  include legacy/cardv2.html
-  title="Stubby"
-  image="/assets/img/legacy_png/3rd-party/stubby.png"
-  description='An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in <a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound/Stubbycombination">combination with Unbound</a> by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.'
-  website="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby"
-  github="https://github.com/getdnsapi/stubby"
-%}
-
-{%
-  include legacy/cardv2.html
-  title="Firefox's built-in DNS-over-HTTPS resolver"
-  image="/assets/img/legacy_svg/3rd-party/firefox_browser.svg"
-  description='Firefox comes with built-in DNS-over-HTTPS support for <a href="https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/">NextDNS and Cloudflare</a> but users can manually use any other DoH resolver.'
-  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.cloudflare.com/1.1.1.1/privacy/firefox::text==Warning::tooltip==Cloudflare logs a limited amount of data about the DNS requests that are sent to their custom resolver for Firefox."
-  website="https://support.mozilla.org/en-US/kb/firefox-dns-over-https"
-  privacy-policy="https://wiki.mozilla.org/Security/DOH-resolver-policy"
-%}
-
-<h2 id="dns-android-clients" class="anchor">
-  <a href="#dns-android-clients">
-    <i class="fas fa-link anchor-icon"></i>
-  </a> Encrypted DNS Client Recommendations for Android
-</h2>
-
-{%
-  include legacy/cardv2.html
-  title="Android 9's built-in DNS-over-TLS resolver"
-  image="/assets/img/legacy_svg/3rd-party/android.svg"
-  description="Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application."
-  labels="color==warning::icon==fas fa-exclamation-triangle::link==https://developers.google.com/speed/public-dns/docs/using#android_9_pie_or_later::text==Warning::tooltip==Android 9's DoT settings have no effect when used concurrently with VPN-based apps which override the DNS."
-  website="https://support.google.com/android/answer/9089903#private_dns"
-%}
-
-{%
-  include legacy/cardv2.html
-  title="Nebulo"
-  image="/assets/img/legacy_png/3rd-party/nebulo.png"
-  description='An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.'
-  website="https://git.frostnerd.com/PublicAndroidApps/smokescreen/-/blob/master/README.md"
-  privacy-policy="https://smokescreen.app/privacypolicy"
-  fdroid="https://git.frostnerd.com/PublicAndroidApps/smokescreen#f-droid"
-  googleplay="https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen"
-  source="https://git.frostnerd.com/PublicAndroidApps/smokescreen"
-%}
-
-<h2 id="dns-ios-clients" class="anchor">
-  <a href="#dns-ios-clients">
-    <i class="fas fa-link anchor-icon"></i>
-  </a> Encrypted DNS Client Recommendations for iOS
-</h2>
-
-{%
-  include legacy/cardv2.html
-  title="DNSCloak"
-  image="/assets/img/legacy_png/3rd-party/dnscloak.png"
-  description='An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki">dnscrypt-proxy</a> options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can <a href="https://blog.privacytools.io/adding-custom-dns-over-https-resolvers-to-dnscloak/">add custom resolvers by DNS stamp</a>.'
-  website="https://github.com/s-s/dnscloak/blob/master/README.md"
-  privacy-policy="https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view"
-  ios="https://apps.apple.com/app/id1452162351"
-  github="https://github.com/s-s/dnscloak"
-%}
-
-<h2 id="appledns" class="anchor">
-  <a href="#appledns">
-    <i class="fas fa-link anchor-icon"></i>
-  </a>Apple's native support
-</h2>
-
-<p>
-  In iOS, iPadOS, tvOS 14 and macOS 11, DoT and DoH were introduced. DoT and DoH are supported natively by installation of profiles (through mobileconfig files opened in <em>Safari</em>).
-  After installation, the encrypted DNS server can be selected in <em>Settings &rarr; General &rarr; VPN and Network &rarr; DNS</em>.
-</p>
-
-<ul>
-  <li><strong>Signed profiles</strong> are offered by <a href="https://adguard.com/en/blog/encrypted-dns-ios-14.html">AdGuard</a> and <a href="https://apple.nextdns.io/">NextDNS</a>.</li>
-  <li>User contributed <strong>unsigned profiles</strong> for several DNS providers are hosted by <a href="https://encrypted-dns.party/">encrypted-dns.party</a>.</li>
-</ul>
-
-<h2 id="dns-definitions" class="anchor">
-  <a href="#dns-definitions">
-    <i class="fas fa-link anchor-icon"></i>
-  </a> Definitions
-</h2>
-
-<h4>DNS-over-TLS (DoT)</h4>
-<p>
-  A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
-</p>
-
-<h4>DNS-over-HTTPS (DoH)</h4>
-<p>
-  Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
-</p>
-
-<h4>DNSCrypt</h4>
-<p>
-  With an <a href="https://dnscrypt.info/protocol/">open specification</a>, DNSCrypt is an older, yet robust method for encrypting DNS.
-</p>
-
-<h4>Anonymized DNSCrypt</h4>
-<p>
-  A <a href="https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS">lightweight protocol</a> that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by <a href="#dns-desktop-clients">dnscrypt-proxy</a> and a limited number of <a href="https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/relays.md">relays</a>.
-</p>
diff --git a/_includes/recommendation-table.html b/_includes/recommendation-table.html
new file mode 100644
index 00000000..a3f2fd19
--- /dev/null
+++ b/_includes/recommendation-table.html
@@ -0,0 +1,13 @@
+<div id="dns-table" class="table-responsive">
+  <table class="table table-hover sortable-theme-bootstrap" data-sortable>
+    <thead>
+      {% include table-header-{{ include.data }}.html %}
+    </thead>
+    <tbody>
+      {% for provider in site.data[include.data] %}<tr>
+      {% include table-row-{{ include.data }}.html data=provider %}</tr>
+      {% endfor %}
+    </tbody>
+  </table>
+</div>
+<p class="text-end"><small><a href="https://github.com/privacyguides/privacyguides.org/tree/main/_data/{{ include.data }}">View table data on GitHub</a></small></p>
diff --git a/_includes/table-header-dns.html b/_includes/table-header-dns.html
new file mode 100644
index 00000000..c70723c2
--- /dev/null
+++ b/_includes/table-header-dns.html
@@ -0,0 +1,11 @@
+<th data-sorted="true" data-sorted-direction="ascending">DNS Provider</th>
+<th data-sortable="true">Server Locations</th>
+<th data-sortable="false">Privacy Policy</th>
+<th data-sortable="true">Type</th>
+<th data-sortable="true">Protocols</th>
+<th data-sortable="true">Logging</th>
+<th data-sortable="true">DNSSEC</th>
+<th data-sortable="true">QNAME Minimization</th>
+<th data-sortable="true">Filtering</th>
+<th data-sortable="true">Source Code</th>
+<th data-sortable="true">Hosting Provider</th>
diff --git a/_includes/table-row-dns.html b/_includes/table-row-dns.html
new file mode 100644
index 00000000..4c318167
--- /dev/null
+++ b/_includes/table-row-dns.html
@@ -0,0 +1,54 @@
+{% assign data = include.data[1] %}
+<td data-value="{{ data.title }}">
+  <a href="{{ data.homepage }}">{{ data.title }}</a>
+</td>
+<td>{%- if data.anycast -%}<strong class="text-green">Anycast:</strong> {%- endif -%}
+  <ul class="list-unstyled mb-0">{%- for location in data.locations -%}
+  <li>{%- include country.html cc=location -%}</li>
+  {%- endfor -%}</ul>
+</td>
+<td>
+  {% if data.privacy_policy.link %}<a
+    {% if data.privacy_policy.tooltip %}data-bs-toggle="tooltip" data-bs-placement="bottom" title='{{ data.privacy_policy.tooltip | escape }}'
+    {% endif %}href="{{ data.privacy_policy.link }}">
+    <span class="fad fa-external-link"></span>
+  </a>{% else %}
+  <span data-bs-toggle="tooltip" data-bs-placement="bottom" title='{{ data.privacy_policy.tooltip | escape }}' class="fad fa-info-circle"></span>{% endif %}
+</td>
+<td>{% if data.type.link %}<a
+  {% if data.type.tooltip %}data-bs-toggle="tooltip" data-bs-placement="bottom" title='{{ data.type.tooltip | escape }}'
+  {% endif %}href="{{ data.type.link }}">{{ data.type.name }}</a>
+  {% else %}{{ data.type.name }}{% endif %}
+</td>
+<td><ul class="list-unstyled mb-0">{%- for protocol in data.protocols -%}
+  <li>{{ protocol.name }}{% if protocol.tooltip %}
+    <span data-bs-toggle="tooltip" data-bs-placement="bottom" title='{{ protocol.tooltip | escape }}' class="fad fa-info-circle"></span>
+    {% endif %}</li>{%- endfor -%}</ul>
+</td>
+{% if data.logs.policy %}<td class="table-{{ data.logs.color | escape | default: 'warning' }}"><span class="text-nowrap">{% if data.logs.link %}
+  <a href="{{ data.logs.link }}"{% else %}<span{% endif %}
+  {% if data.logs.tooltip %}data-bs-toggle="tooltip" data-bs-placement="bottom" title='{{ data.logs.tooltip | escape }}'{% endif %}
+  >{{ data.logs.text | default: 'Yes' }}{% unless data.logs.link %}{% if data.logs.tooltip %} <span class="fad fa-info-circle"></span>{% endif %}{% endunless %}</{%- if data.logs.link -%}a{%- else -%}span{%- endif -%}>
+  </span>{% else %}<td class="table-success">No{% endif %}
+</td>
+<td
+  {% unless data.dnssec %}class="table-danger"><span title="Does not validate DNSSEC" aria-hidden="true" class="fad text-red fa-times-circle"></span><span class="visually-hidden">No</span>{% else %}
+  class="table-success"><span title="Validates DNSSEC" aria-hidden="true" class="fad text-green fa-check-square"></span><span class="visually-hidden">Yes</span>{% endunless %}
+</td>
+<td
+  {% unless data.qname_minimization %}class="table-danger"><span title="Does not perform QNAME Minimization" aria-hidden="true" class="fad text-red fa-times-circle"></span><span class="visually-hidden">No</span>{% else %}
+  class="table-success"><span title="Performs QNAME Minimization" aria-hidden="true" class="fad text-green fa-check-square"></span><span class="visually-hidden">Yes</span>{% endunless %}
+</td>
+<td>
+  {{ data.filtering | escape | default: '<em>Unknown?</em>' }}
+</td>
+<td>
+  {% if data.source %}<a href="{{ data.source }}">
+    <span class="fad fa-external-link"></span>
+  </a>{% endif %}
+</td>
+<td>
+  <ul class="list-unstyled mb-0">{%- for provider in data.providers -%}
+    <li class="text-nowrap">{% if provider.link %}<a href="{{ provider.link }}">{{ provider.name | escape }}</a>{% else %}{{ provider.name | escape }}{% endif %}</li>
+  {%- endfor -%}</ul>
+</td>