dnscry.pt - Road to 100 resolvers

➜  ~ whois dnscry.pt
Domain: dnscry.pt
Domain Status: Registered
Creation Date: 10/01/2023 10:26:12

It's been almost two years since I started the project with about 30 resolvers taken from my collection of idlers. And while I still love idling servers, it felt good to have them do something useful. But what is this all about?

The dnscry.pt project is a personal initiative by a developer known as @brueggus. It focuses on enhancing DNS security and privacy through the use of the DNSCrypt protocol. Here are some key points about the project:

  • DNSCrypt Protocol: This protocol authenticates and encrypts DNS requests between clients and resolvers, preventing third parties (like ISPs) from spying on or tampering with your DNS queries.
  • Public Resolvers: The project operates public DNSCrypt, DNS over HTTPS (DoH), and DNS over TLS (DoT) resolvers in various locations worldwide. These resolvers are uncensored, unfiltered, encrypted, and support DNSSEC.
  • No Logging: The project ensures privacy by not storing any query logs.
  • Accessibility: The resolvers can be used with any client implementing the DNSCrypt protocol, with dnscrypt-proxy being a recommended option.

If you’re interested in securing your DNS traffic, dnscry.pt offers a robust solution. Would you like to know more about how to set it up?

Thanks, Microsoft Copilot. While I wouldn't consider myself a developer, the rest is pretty accurate.

Since then, the project has been growing steadily and while I started it to promote the DNSCrypt protocol, which I still prefer over DoT/DoH, I eventually decided to support these two protocols as well on popular demand. My resolvers have been added to the official DNSCrypt resolver list and I am aware of a handful of open source projects which use my resolvers to circumvent censorship in countries which don't have the privilege of free internet access.

If you haven't looked into switching to an encrypted protocol to prevent your ISP, employer, Google or Cloudflare from analyzing or even tampering with your DNS traffic, I encourage you to do so. Chances are good that there's a dnscry.pt resolver near you.

This wouldn't have been possible without the help of generous providers sponsoring the project. Most of them are active here as well – show them some love, please!

At the moment, I am running 88 resolvers around the globe. 12 to go to reach my next milestone of 100 resolvers worldwide.

I'm particularly interested in expanding in Africa and South America and am still looking into providing a proper solution for Chinese users. But what would you be interested in? Any particular location in mind? Features you are missing? Let me know!

Hey Copilot, tell me a joke about DNSCrypt.

Sure, here’s a lighthearted one for you:

Why did the DNSCrypt protocol go to therapy?

Because it had too many unresolved queries! 😄

dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

Comments

  • Unfortunately I don't have anything meaningful to contribute at the moment, but I just wanted to say thank you to you and your sponsors for running these resolvers and allowing people to use them for free through dnscry.pt!

    I noticed your post back when you started this project, and I was interested in keeping an eye on your progress. I've noticed, over the last few months, that my own Pi-Hole has started using some of your resolvers occasionally through DNSCrypt. It's awesome that dnscry.pt's resolvers were added to the official DNSCrypt resolver list.

    Thanks again, it's all very much appreciated, and keep up the great work!

    (P.S. - If you have stickers left or plan on having more made, I would love some!)

    Thanked by (3)skorous Brueggus artem
  • KuroitKuroit Hosting Provider

    @Brueggus I see you dont have Redditch, UK location. Lets add that?

    Will do Brisbane in future ;)

    Thanked by (2)Wonder_Woman Brueggus

    https://www.kuroit.com - Managed cPanel Hosting & VPS Hosting in UK

  • What pain points do you see for users from China?

    The all seeing eye sees everything...

  • edited September 17

    @Kuroit said:
    @Brueggus I see you dont have Redditch, UK location. Lets add that?

    Will do Brisbane in future ;)

    Sent you a PM. Thanks <3

    @terrorgen said:
    What pain points do you see for users from China?

    The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    Thanked by (1)Kuroit

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • host_chost_c Hosting Provider

    @brueggus

    Happy to be part of your project, when I saw the map, I was like:

    Keep up the nice work! and congratulations.

    As we will expand our operations, I will DM you for further additions to the location list.

    Thanked by (2)Brueggus Wonder_Woman

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

  • @Wonder_Woman said:
    Unfortunately I don't have anything meaningful to contribute at the moment, but I just wanted to say thank you to you and your sponsors for running these resolvers and allowing people to use them for free through dnscry.pt!

    I noticed your post back when you started this project, and I was interested in keeping an eye on your progress. I've noticed, over the last few months, that my own Pi-Hole has started using some of your resolvers occasionally through DNSCrypt. It's awesome that dnscry.pt's resolvers were added to the official DNSCrypt resolver list.

    Thanks again, it's all very much appreciated, and keep up the great work!

    (P.S. - If you have stickers left or plan on having more made, I would love some!)

    Thank you a lot for your feedback! Having the resolvers added to the official list has definitely boosted the visibility of the project. Someone even created a script to sync the dnscry.pt resolvers with the official repo which I am very thankful for.

    And sure thing - I still have some stickers left as well as some new merch. Just shoot me a message with your address and I'll get them shipped next week. :)

    @host_c said: Happy to be part of your project,

    Thanks for your support <3 It means a lot to me. As said before, growing the project to its current extend wouldn't have been possible without providers like you backing it up.

    Thanked by (2)host_c Wonder_Woman

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said:

    @terrorgen said:
    What pain points do you see for users from China?

    The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    All valid pain points ;)
    Do you want to try https://hk.skywolf.cloud/store/sjc-vps?language=english? I have been following them on telegram and they seem to be a pretty solid provider.

    Thanked by (1)Brueggus

    The all seeing eye sees everything...

  • @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    Thanked by (1)Brueggus
  • skhronskhron Hosting Provider
    edited September 19

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    Thanked by (2)Brueggus artem

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

  • @Brueggus can I put my weed in it?

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • @AuroraZero said:
    @Brueggus can I put my weed in it?

    Sure.

    image

    ("weed" appears to be on the list of naughty words, so I had to replace them with dandelions.)

    Thanked by (1)host_c

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said:

    @AuroraZero said:
    @Brueggus can I put my weed in it?

    Sure.

    image

    ("weed" appears to be on the list of naughty words, so I had to replace them with dandelions.)

    You bad boy you, breaking all the rules

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • host_chost_c Hosting Provider

    Sniffing dandelions

    Thanked by (1)Brueggus

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

  • @skhron said:

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    i mean DoH

  • SGrafSGraf Hosting ProviderServices Provider

    @Brueggus said:
    At the moment, I am running 88 resolvers around the globe. 12 to go to reach my next milestone of 100 resolvers worldwide.

    Send me an email to [email protected]. I'm considering supporting this project with a vm in vienna and one in amsterdam.

    MyRoot.PW ★ Dedicated Servers ★ LIR-Services ★ | ★ SiteTide Web-Hosting ★
    MrVM ★ Virtual Servers ★ | ★ Blesta.Store ★ Blesta licenses and Add-ons at amazing Prices ★

  • skhronskhron Hosting Provider

    @taizi said:

    @skhron said:

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    i mean DoH

    Anyway, my point is that dnscry.pt runs a public service that publishes the list of DNSCrypt/DoT/DoH servers, making it not useful for circumventing censorship due to service design. Also, maintenance of censorship-resistant public service, like Tor Bridges or anything similar is pretty time-consuming and expensive task.

    Given all of that, I see no sense in attempting changing some connection parameters as they will be inevitably leaked to censorship operators due to publicity.

    Thanked by (2)taizi artem

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

Sign In or Register to comment.