加密的域名解析

别让 Google 和一般传统 DNS 供应商知道您所有的网站访问状况,换换其它更注重隐私的域名解析服务吧。

加密域名系统解析

DNS 供应商 服务器所在地 隐私政策 经营者类型 用户活动记录 网络协议 DNSSEC 限定名(QNAME) 最小化 过滤器 源代码 使用的网络服务提供商
AdGuard Anycat 任播型 (以 赛浦勒斯为主要地) Commercial 某些 DoH, DoT, DNSCrypt 依服务器而异 Choopa, LLC, Serveroid, LLC
BlahDNS 芬兰、 德国、 日本
兴趣项目 DoH, DoT , DNSCrypt 广告,跟踪器 恶意域名 Choopa, LLC, Data Center Light, Hetzner Online GmbH
Cloudflare Anycat 任播型(主要在 美国) 商业 某些 DoH, DoT 依服务器而异 ? Self
CZ.NIC 捷克
基于协会运营 DoH, DoT ? ? 自行架设
Foundation for Applied Privacy 奥地利 非盈利 某些 DoH, DoT ? IPAX OG
LibreDNS 德国 非正式协作 DoH, DoT 依服务器而异(仅 DoH) Hetzner Online GmbH
NextDNS Anycat 任播型(主要在 美国) 商业l 基于用户的选择 DoH, DoT, DNSCrypt 依服务器而异 ? Self
NixNet Anycast 任播型(主要在 美国), 美国, 卢森堡 非正式协作 DoH, DoT 依服务器而异 FranTech Solutions
PowerDNS 尼德兰 兴趣项目 DoH TransIP B.V. Admin
Quad9 Anycast 任播型(主要在 美国) 非盈利 某些 DoH, DoT, DNSCrypt 恶意域名 ? 自建, Packet Clearing House
Snopyta 芬兰 非正式协作 DoH, DoT ? Hetzner Online GmbH
UncensoredDNS 任播型 (主要在 丹麦), 丹麦, 美国
兴趣项目 DoT ? Self, Telia Company AB

Encrypted DNS Client Recommendations for Desktop

Unbound

Unbound logo A validating, recursive, caching DNS resolver, supporting DNS-over-TLS, and has been independently audited.


dnscrypt-proxy

dnscrypt-proxy logo A DNS proxy with support for DNSCrypt, DNS-over-HTTPS, and Anonymized DNSCrypt, a relay-based protocol that the hides client IP address.


Stubby

Stubby logo An application that acts as a local DNS-over-TLS stub resolver. Stubby can be used in combination with Unbound by managing the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections) with Unbound providing a local cache.


Firefox's built-in DNS-over-HTTPS resolver

Firefox's built-in DNS-over-HTTPS resolver logo Firefox comes with built-in DNS-over-HTTPS support for NextDNS and Cloudflare but users can manually any other DoH resolver. Warning


Encrypted DNS Client Recommendations for Android

Android 9's built-in DNS-over-TLS resolver

Android 9's built-in DNS-over-TLS resolver logo Android 9 (Pie) comes with built-in DNS-over-TLS support without the need for a 3rd-party application. Warning


Nebulo

Nebulo logo An open-source Android client supporting DNS-over-HTTPS and DNS-over-TLS, caching DNS responses, and locally logging DNS queries.


Encrypted DNS Client Recommendations for iOS

DNSCloak

DNSCloak logo An open-source iOS client supporting DNS-over-HTTPS, DNSCrypt, and dnscrypt-proxy options such as caching DNS responses, locally logging DNS queries, and custom block lists. Users can add custom resolvers by DNS stamp.


相关术语

DNS-over-TLS (DoT)

加密 DNS 的安全协定,在特定的的 853 端口上提供服务,某些供应商则用 443 端口,尤其当 853 常被限制的防火墙所阻挡时。

DNS-over-HTTPS (DoH)

类似 DoT,但采用 HTTPS 取代,通过 443 端口,和一般的 HTTPS 流量无异 警告

DNSCrypt

一种稍旧但仍常被使用的 DNS 加密方式,它的协议是开放的

匿名化 DNSCrypt

A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays.