- change DNS on windows includes trusted and filtering servers
- https://www.privacy-handbuch.de/handbuch_93d.htm
- https://wiki.ipfire.org/dns/public-servers
- https://github.com/DNSCrypt/dnscrypt-resolvers
- https://quad9.net/
- https://one.one.one.one/help/ with testpage
- https://res3.digitale-gesellschaft.ch/
- https://ffmuc.net/wiki/doku.php?id=knb:dohdot freifunk muc
- https://my.nextdns.io/login semi-commercial
If systemd-resolved is used /etc/resolv.conf
is a link:
$ ls -l /etc/resolv.conf
lrwxrwxrwx. 1 root root 37 1. Apr 14:12 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
It is not recommended to replace this file when using systemd-resolved at all. systemd-resolved is not suited on machines were you run an 'real' DNS server (turn it off in this case).
NetworkManager could manage /etc/resolv.conf as well.
- systemd-resolved
- https://geekflare.com/de/linux-server-local-dns-caching/
- https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f
- https://sites.google.com/site/nandydandyoracle/orabuntu-lxc/using-systemd-resolved-in-a-networkmanager-environment
- https://wiki.archlinux.org/index.php/Systemd#Diagnosing_a_service
- https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
- https://gbe0.com/posts/linux/systemd-resolved-setup/
- https://wiki.ubuntuusers.de/systemd/systemd-resolved/
resolvectl
- systemd-resolved vs NetworkManager
- resolvconf
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-different-dns-servers-for-different-domains_configuring-and-managing-networking
- https://fedoramagazine.org/systemd-resolved-introduction-to-split-dns/
- https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/
- https://fedoramagazine.org/systemd-resolved-introduction-to-split-dns/
- DNS overview german
- DNSCrypt old
- anomyized DNS
- client side dns api (with node bindings)
- stubby - dns stub resolver
- https://dnsprivacy.org/wiki/
- https://dnscrypt.info/implementations/
- dnsproxy
- unbound
- nginx as dns-over-tls
- nginx and unbound
- fdns an alternative encrypted DNS for small networks
- SmartDNS DoT (DNS over TLS), DoH (DNS over HTTPS)
- https://github.com/DNSCrypt/dnscrypt-proxy includes http/socks5 proxy
- https://github.com/F1ash/dnscrypt-proxy-gui
- adblocker with dnscrypt-proxy
- https://0x1.gitlab.io/security/Dnscrypt-Proxy-Gui/
- dnslookup
- dnscrypt (tool) server and client and tool
- dog
- dnsChanger-desktop win, osx, linux
- https://www.pep.security/de/
- alternative to pep - based on SMIMEA DNS record
- support for DNSSEC/DANE/TLSA validation in thunderbird
- https://www.nettask.de/de/loesungen/dehosted-exchange/e-mail-sicherheit-mit-dmarc-dkim-spf-dane.html
- https://www.mailhardener.com/kb/email-hardening-guide
- part 1 - SPF
- part 2 - DKIM
- part 3 - DMARC
- part 4 - mail flow
- DANE/TLSA
- DKIM
- DMARC
DNSSEC is used between DNS servers but has failed to spread to 'DNS consumer' clients. For clients, the world now counts on DNS-over-TLS and DNS-over-HTTPS (but both only for browser at present).
-
online DNSSEC resolver test should fail, as client support is not present