Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Stubby

...

Section


Column
width50%


Info

'Stubby' is the name given to a mode of

...

using getdns

...

 which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS

...

In this mode  Stubby (getdns) does several things

  • Runs as a daemon
  • By default obtains its configuration information from the configuration file at /etc/stubby.conf
  • Can be configured to listen on the loopback address and send all outgoing DNS queries received on that address out over TLS to a DNS Privacy server
  • Can be configured with authentication information for DNS Privacy servers and instructed to use either a 'Strict' or an 'Opportunistic' Profile as described in Authentication and (D)TLS Profile for DNS-over-(D)TLS

Building Stubby

 

...

). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

Stubby is in the early stages of development but is suitable for technical/advanced users. A more generally user-friendly version is on the way!

Since Stubby is part of the getdns project - the reference page for how to get up and running with Stubby has moved to the getdns website:

Stubby Reference Guide

As always, bugs or feature requests can be directed to either



Column
width30%

Image Added 



Other options

Other ways to run a privacy daemon are: 

  • Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries). 
  • Work is in progress to enable knot resolver to work in this mode too