dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers

Some of you may remember my VPS flea market which became a bit messy eventually. I was nonetheless able to get rid of some of my idlers, others were canceled since then but I'm still sitting on a pile of them.

In December, I decided to turn some of them into something useful (hopefully...) for the community and dnscry.pt was born:



Public DNSCrypt resolvers hosted by LowEnd providers

Most of the servers have been taken from my collection of idlers, but I'd like to give a shout-out to @Kuroit and @terrahost who are generously sponsoring three servers for the project.

In a nutshell, DNSCrypt is a protocol which encrypt and authenticates your DNS requests, so that a third party (like your ISP) can no longer tinker with them. You have to run a DNSCrypt client like dnscrypt-proxy locally or in your network and point your DNS requests there instead of towards your Wi-Fi router or public resolvers like Google's 8.8.8.8. Your DNSCrypt client will take care of the encryption and forward your requests to a public DNSCrypt resolver (like one of those I run for dnscry.pt).

None of the resolvers do any filtering of any kind. I don't store any logs of your requests. All I do is collect metrics using Munin.

If you're interested in giving it a try, further instructions can be found here. There's also a list of all resolvers.

Singapore may appear offline from time to time but is doing fine for local traffic. Intercontinental traffic is going through Cogent and their lines appear to be congested af. I'm monitoring all resolvers from a server hosted in Jacksonville, FL.

If you're using dnscrypt-proxy, you don't have to handpick resolvers near your location. Instead, use the auto-generated resolver list. Configuration instructions can be found in the file header or in the "Get Started" guide on the website.

I hope this is useful for some of you. I'm using DNSCrypt for years and have switched to my resolver list recently.

Let me know if you have any feedback or questions. I'm also open for suggestions for new locations. :smile:

dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

«13

Comments

  • Is DNSCrypt still a thing? I thought it was superseded by DoH/DoT.

  • @cmeerw said:
    Is DNSCrypt still a thing? I thought it was superseded by DoH/DoT.

    DoH/DoT can be intercepted by ISP.. Dunno how.

  • @cmeerw said:
    Is DNSCrypt still a thing? I thought it was superseded by DoH/DoT.

    I've never been a fan of DoH and DoT due to their protocol overhead. Still, those are more popular nowadays.

    Unlike DoH/DoT, DNSCrypt has never been standardized in form of a RFC. But since it works well for me and is easy to maintain, I'd still say DNSCrypt has its right to exist.

    Thanked by (2)FrankZ skorous

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • This is great.
    Another alternative to commercial companies products. Keep it up, man.

    Thanked by (1)Brueggus

    MicroLXC is lovable. Uptime of C1V

  • so how do I run my own instance? possibly with ghetto-rigging it with wireguard

    atm DoH still suffice for my usage (especially for android private dns), but this seems interesting to try

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • Cool project, I really like the option of a non-commercial DNS, but also gotta say that imo the days of glory of DNSCrypt are long over, the killer feature of DoH and DoT is that they work OOTB on Android, iOS and macOS.

    I also remember that back then when I messed around with DNSCrypt, it was actually pretty darn slow, or more precisely the DNS proxy implementations that I used at that time.
    Since I run my own DoH/DoT instance, what made you pick unbound over knot-resolver, I feel like it works better on LE platforms.

    Either way, thanks @Brueggus for the community effort and keep it up!

    If I dare to state some wishes - considering adding DoT/DoH with nice and signed iOS MDM profiles (like dnsforge.de) and adding an option for blocklists (oisd.nl is superb).

    Thanked by (1)Brueggus
  • edited February 2023

    Great project, finally some more servers that actually respond with a RRSIG.
    For anyone wondering - the opnsense version of dnscrypt-proxy isn't recent enough for the provided DNS Stamps.

    If someone needs a list of a couple of other EU servers that respond with RRSIG, let me know.

  • @benz said:
    For anyone wondering - the opnsense version of dnscrypt-proxy isn't recent enough for the provided DNS Stamps.

    Is it due to the signature algorithm I use to sign the resolver list? I ran into a similar issue since the version of dnscrypt-proxy I run on my Raspberry Pi at home was too old for "non-legacy" signatures.

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said: Is it due to the signature algorithm I use to sign the resolver list?

    I guess so, opnsense uses version 2.0.45.

  • @Brueggus said: Let me know if you have any feedback or questions.

    Nice project, this should be added to DNSCrypt official resolvers.

  • crunchbitscrunchbits Hosting Provider

    @Brueggus you already have our primary geographic location covered (same DC), but if you wanted a sponsored one w/IPv6 I'm happy to oblige.

  • edited March 2023

    @alexxgg said:

    @Brueggus said: Let me know if you have any feedback or questions.

    Nice project, this should be added to DNSCrypt official resolvers.

    I'm a bit hesitant to open a PR to have them added. I don't have much experience with the components involved. I've seen PRs on their repo of people asking to have their resolvers removed due to the amount of traffic they get. Bandwidth shouldn't be an issue but I don't know how much CPU and memory they require if they're under load. So I'd prefer to get some traffic (and gain experience) first before I open the flood-gates.

    @crunchbits said:
    @Brueggus you already have our primary geographic location covered (same DC), but if you wanted a sponsored one w/IPv6 I'm happy to oblige.

    Thanks for the generous offer. I'll keep it in mind and am looking forward to your next expansion ;)

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • Practically everything behind the scenes is automated via Ansible, so adding/removing resolvers is a piece of cake.
    So I've taken 14 servers from my collection of idlers and dedicated them to the project. Another one in Stockholm, Sweden has been donated by Internetport who are running a promo on OGF at the moment.

    New Locations:
    * 🇺🇸 Philadelphia, Durham, Denver, Salt Lake City, Atlanta, Chicago
    * 🇨🇦 Castlegar, Montreal
    * 🇨🇱 Valdivia
    * 🇮🇳 Mumbai
    * 🇿🇦 Johannesburg
    * 🇹🇼 Taipeh
    * 🇲🇩 Chișinău
    * 🇸🇪 Stockholm
    * 🇮🇪 Dublin

    Instructions on how to use them can be found here or in the first post.

    Enjoy!

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • Woop! Woop!

    image

    We have stickers available now. I'm unsure whether anyone cares, but if you'd like to pimp your laptop lid, let me know and I'll get one shipped.

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • International shipping for stickers? :-)

    Thanked by (1)Brueggus
  • @risturiz said:
    International shipping for stickers? :-)

    Sure, it's not much more expensive than a domestic letter.

    Thanked by (2)_MS_ skorous

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • skorousskorous OGSenpai
    edited March 2023

    @Brueggus said:

    @risturiz said:
    International shipping for stickers? :-)

    Sure, it's not much more expensive than a domestic letter.

    Oh, in that case I'd be happy to have one. Wasn't going to ask since it had to come across the pond.

    It'll look good next to my Grimm Reaper and Bernie in Mittens. DM you?

  • @Brueggus said:
    Woop! Woop!

    image

    We have stickers available now. I'm unsure whether anyone cares, but if you'd like to pimp your laptop lid, let me know and I'll get one shipped.

    I'm getting a 403 on the image link, but I'd like some! I'll pay for the shipping as well if you can throw in more than one :)

  • @daffy said:

    @Brueggus said:
    Woop! Woop!

    image

    We have stickers available now. I'm unsure whether anyone cares, but if you'd like to pimp your laptop lid, let me know and I'll get one shipped.

    I'm getting a 403 on the image link, but I'd like some!

    Sorry for that... I have to move my image hosting. The current hoster seems to do some weird geo-blocking stuff.

    I'll pay for the shipping as well if you can throw in more than one :)

    @skorous said: DM you?

    Don't worry about the shipping fees. It's about €1 per letter and Paypal will likely charge the same amount... Just DM me your address and how many stickers you'd like. I ordered only a small batch of 12 stickers, so please keep it within reasonable limits. :)

    Thanked by (2)skorous daffy

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said:

    @daffy said:

    @Brueggus said:
    Woop! Woop!

    image

    We have stickers available now. I'm unsure whether anyone cares, but if you'd like to pimp your laptop lid, let me know and I'll get one shipped.

    I'm getting a 403 on the image link, but I'd like some!

    Sorry for that... I have to move my image hosting. The current hoster seems to do some weird geo-blocking stuff.

    I'll pay for the shipping as well if you can throw in more than one :)

    @skorous said: DM you?

    Don't worry about the shipping fees. It's about €1 per letter and Paypal will likely charge the same amount... Just DM me your address and how many stickers you'd like. I ordered only a small batch of 12 stickers, so please keep it within reasonable limits. :)

    DM'd :)

    Thanked by (1)Brueggus
  • @Brueggus said:

    Don't worry about the shipping fees. It's about €1 per letter and Paypal will likely charge the same amount... Just DM me your address and how many stickers you'd like. I ordered only a small batch of 12 stickers, so please keep it within reasonable limits. :)

    I don't know where you ordered the stickers, but a lot of those places will let you sell them directly to other people.
    That way anyone could order as many stickers they want directly from the printer and you will not have to pay shipping.

    Thanked by (1)Brueggus
  • @rcy026 said:

    @Brueggus said:

    Don't worry about the shipping fees. It's about €1 per letter and Paypal will likely charge the same amount... Just DM me your address and how many stickers you'd like. I ordered only a small batch of 12 stickers, so please keep it within reasonable limits. :)

    I don't know where you ordered the stickers, but a lot of those places will let you sell them directly to other people.
    That way anyone could order as many stickers they want directly from the printer and you will not have to pay shipping.

    That's a good idea. I'll consider it if more people are interested. For now I'm just looking to get the other half of my sample batch off my desk.

    I'll get the stickers shipped tomorrow. If anyone wants some and hasn't PM'ed me yet, please do so now :)

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • edited March 2023

    Stickers received. Thanks @Brueggus! :)
    Waiting for a new laptop, will put them properly then.

    Edit: made the image slightly smaller.
    Btw, very pretty handwriting @Brueggus, at least compared to mine :p

    Thanked by (1)Brueggus
  • @daffy said:
    Btw, very pretty handwriting @Brueggus, at least compared to mine

    Oh well... It used to be much cleaner but it's become worse and worse over the years. Glad to hear that you've been able to read it. ;)

    Thanked by (1)daffy

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • MannDudeMannDude Hosting Provider

    Happy to donate an instance for you if you'd like a presence in Naaldwijk, Netherlands.

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • @MannDude said:
    Happy to donate an instance for you if you'd like a presence in Naaldwijk, Netherlands.

    Thanks for the offer <3 I'll let you know when I'm adding the next batch.

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • MannDudeMannDude Hosting Provider

    @Brueggus said:

    @MannDude said:
    Happy to donate an instance for you if you'd like a presence in Naaldwijk, Netherlands.

    Thanks for the offer <3 I'll let you know when I'm adding the next batch.

    Sure thing, happy to help.

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • The resolver in Mumbai is offline due to https://lowendspirit.com/discussion/5655/stromonic-has-deadpooled .
    It will most likely not be replaced as there aren't many options in that region.

    Thanked by (1)Ympker

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • amazing.
    any plans to support anonymized dns with dnscrypt?


  • I received a letter with some amazing stuff inside :)
    Thanks @Brueggus!

    Thanked by (1)Brueggus
Sign In or Register to comment.