dnscrypt.one | DNSCrypt resolver and relay in Germany
Non-logging, non-censoring, DNSSEC-capable DNSCrypt resolver and relay in Germany
View the Project on GitHub
What is DNSCrypt
Most applications on your computer, mobile devices and connected gadgets heavily use DNS, a mandatory protocol to communicate over the Internet.
Unfortunately, the security of that important protocol could be vastly improved. Encryption is nonexistent, and authentication mechanisms exist, but are criticized and haven’t received much adoption.
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing, uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
Features of dnscrypt.one
- official, public and free DNSCrypt resolver & anonymized DNS relay
- no logs, no tracking and no surveillance for clients’ privacy 1
- non-filtering and non-censoring
- DNSSEC validation for enhanced security and integrity
- no forwarding to external DNS servers (Google, Quad9, Cloudflare, DNS.WATCH, …)
- build on open-source software (encrypted-dns, Unbound, Redis)
- keys and certificates rotation
- local copy of the DNS root zone (hyperlocal)
- DNSKEY and cache prefetching for reduced latency
- Redis as second-level-cache
- UDP/443 and TCP/443 (mostly open for HTTPS)
- DNSCrypt version 2 protocol
- compatible with Pi-hole
- running on a multi-core system with a 400 Mbit/s port in the European Union
How to connect
Connecting to dnscrypt.one requires a DNSCrypt client to be installed on a computer, device or router.
Names, IP address and status
Server name: dnscrypt.one
Provider name: 2.dnscrypt-cert.dnscrypt.one
Anonymized DNS relay: anon-dnscrypt.one
Protocol, port: UDP and TCP, 443
Status and uptime
E-Mail: email@example.com (remove the number)
Disclaimer: Use at your own risk. This DNSCrypt resolver/relay is provided by a private person, not a company. Under no circumstances will the DNSCrypt resolver/relay operator be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from accessing or otherwise using this service. The operator does not guarantee in any way the access, availability and continuity of the functioning of this service. By using this service you consent to the disclaimer and agree to its terms and conditions.
1 The operator would like to make it clear that there is no interest whatsoever in the surfing behaviour and online activities of users. The resolver/relay neither collects any personal data nor gathers information a device sends to or an user enters on websites.