dnscry.pt - Road to 100 resolvers

➜  ~ whois dnscry.pt
Domain: dnscry.pt
Domain Status: Registered
Creation Date: 10/01/2023 10:26:12

It's been almost two years since I started the project with about 30 resolvers taken from my collection of idlers. And while I still love idling servers, it felt good to have them do something useful. But what is this all about?

The dnscry.pt project is a personal initiative by a developer known as @brueggus. It focuses on enhancing DNS security and privacy through the use of the DNSCrypt protocol. Here are some key points about the project:

  • DNSCrypt Protocol: This protocol authenticates and encrypts DNS requests between clients and resolvers, preventing third parties (like ISPs) from spying on or tampering with your DNS queries.
  • Public Resolvers: The project operates public DNSCrypt, DNS over HTTPS (DoH), and DNS over TLS (DoT) resolvers in various locations worldwide. These resolvers are uncensored, unfiltered, encrypted, and support DNSSEC.
  • No Logging: The project ensures privacy by not storing any query logs.
  • Accessibility: The resolvers can be used with any client implementing the DNSCrypt protocol, with dnscrypt-proxy being a recommended option.

If you’re interested in securing your DNS traffic, dnscry.pt offers a robust solution. Would you like to know more about how to set it up?

Thanks, Microsoft Copilot. While I wouldn't consider myself a developer, the rest is pretty accurate.

Since then, the project has been growing steadily and while I started it to promote the DNSCrypt protocol, which I still prefer over DoT/DoH, I eventually decided to support these two protocols as well on popular demand. My resolvers have been added to the official DNSCrypt resolver list and I am aware of a handful of open source projects which use my resolvers to circumvent censorship in countries which don't have the privilege of free internet access.

If you haven't looked into switching to an encrypted protocol to prevent your ISP, employer, Google or Cloudflare from analyzing or even tampering with your DNS traffic, I encourage you to do so. Chances are good that there's a dnscry.pt resolver near you.

This wouldn't have been possible without the help of generous providers sponsoring the project. Most of them are active here as well – show them some love, please!

At the moment, I am running 88 resolvers around the globe. 12 to go to reach my next milestone of 100 resolvers worldwide.

I'm particularly interested in expanding in Africa and South America and am still looking into providing a proper solution for Chinese users. But what would you be interested in? Any particular location in mind? Features you are missing? Let me know!

Hey Copilot, tell me a joke about DNSCrypt.

Sure, here’s a lighthearted one for you:

Why did the DNSCrypt protocol go to therapy?

Because it had too many unresolved queries! 😄

dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

«1

Comments

  • Unfortunately I don't have anything meaningful to contribute at the moment, but I just wanted to say thank you to you and your sponsors for running these resolvers and allowing people to use them for free through dnscry.pt!

    I noticed your post back when you started this project, and I was interested in keeping an eye on your progress. I've noticed, over the last few months, that my own Pi-Hole has started using some of your resolvers occasionally through DNSCrypt. It's awesome that dnscry.pt's resolvers were added to the official DNSCrypt resolver list.

    Thanks again, it's all very much appreciated, and keep up the great work!

    (P.S. - If you have stickers left or plan on having more made, I would love some!)

    Thanked by (3)skorous Brueggus artem
  • KuroitKuroit Hosting Provider

    @Brueggus I see you dont have Redditch, UK location. Lets add that?

    Will do Brisbane in future ;)

    https://www.kuroit.com - Managed cPanel Hosting & VPS Hosting in UK

  • What pain points do you see for users from China?

    The all seeing eye sees everything...

  • edited September 2024

    @Kuroit said:
    @Brueggus I see you dont have Redditch, UK location. Lets add that?

    Will do Brisbane in future ;)

    Sent you a PM. Thanks <3

    @terrorgen said:
    What pain points do you see for users from China?

    The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    Thanked by (1)Kuroit

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • host_chost_c Hosting Provider

    @brueggus

    Happy to be part of your project, when I saw the map, I was like:

    Keep up the nice work! and congratulations.

    As we will expand our operations, I will DM you for further additions to the location list.

    Host-C - VPS & Storage VPS Services – Reliable, Scalable and Fast - AS211462

    "If there is no struggle there is no progress"

  • @Wonder_Woman said:
    Unfortunately I don't have anything meaningful to contribute at the moment, but I just wanted to say thank you to you and your sponsors for running these resolvers and allowing people to use them for free through dnscry.pt!

    I noticed your post back when you started this project, and I was interested in keeping an eye on your progress. I've noticed, over the last few months, that my own Pi-Hole has started using some of your resolvers occasionally through DNSCrypt. It's awesome that dnscry.pt's resolvers were added to the official DNSCrypt resolver list.

    Thanks again, it's all very much appreciated, and keep up the great work!

    (P.S. - If you have stickers left or plan on having more made, I would love some!)

    Thank you a lot for your feedback! Having the resolvers added to the official list has definitely boosted the visibility of the project. Someone even created a script to sync the dnscry.pt resolvers with the official repo which I am very thankful for.

    And sure thing - I still have some stickers left as well as some new merch. Just shoot me a message with your address and I'll get them shipped next week. :)

    @host_c said: Happy to be part of your project,

    Thanks for your support <3 It means a lot to me. As said before, growing the project to its current extend wouldn't have been possible without providers like you backing it up.

    Thanked by (2)host_c Wonder_Woman

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said:

    @terrorgen said:
    What pain points do you see for users from China?

    The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    All valid pain points ;)
    Do you want to try https://hk.skywolf.cloud/store/sjc-vps?language=english? I have been following them on telegram and they seem to be a pretty solid provider.

    Thanked by (1)Brueggus

    The all seeing eye sees everything...

  • @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    Thanked by (1)Brueggus
  • skhronskhron Hosting Provider
    edited September 2024

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    Thanked by (2)Brueggus artem

    Check our KVM VPS plans in 🇵🇱 Warsaw, Poland and 🇸🇪 Stockholm, Sweden

  • AuroraZeroAuroraZero ModeratorHosting ProviderRetired

    @Brueggus can I put my weed in it?

  • @AuroraZero said:
    @Brueggus can I put my weed in it?

    Sure.

    image

    ("weed" appears to be on the list of naughty words, so I had to replace them with dandelions.)

    Thanked by (1)host_c

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • AuroraZeroAuroraZero ModeratorHosting ProviderRetired

    @Brueggus said:

    @AuroraZero said:
    @Brueggus can I put my weed in it?

    Sure.

    image

    ("weed" appears to be on the list of naughty words, so I had to replace them with dandelions.)

    You bad boy you, breaking all the rules

  • host_chost_c Hosting Provider

    Sniffing dandelions

    Thanked by (1)Brueggus

    Host-C - VPS & Storage VPS Services – Reliable, Scalable and Fast - AS211462

    "If there is no struggle there is no progress"

  • @skhron said:

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    i mean DoH

  • SGrafSGraf Hosting ProviderServices Provider

    @Brueggus said:
    At the moment, I am running 88 resolvers around the globe. 12 to go to reach my next milestone of 100 resolvers worldwide.

    Send me an email to [email protected]. I'm considering supporting this project with a vm in vienna and one in amsterdam.

    Thanked by (4)Ympker wankel cxg adly

    MyRoot.PW ★ Dedicated Servers ★ LIR-Services ★ | ★ SiteTide Web-Hosting ★
    MrVM ★ Virtual Servers ★ | ★ Blesta.Store ★ Blesta licenses and Add-ons at amazing Prices ★

  • skhronskhron Hosting Provider

    @taizi said:

    @skhron said:

    @taizi said:

    @Brueggus said: The RTT and/or packet loss, for sure. None of the resolvers has "China-optimized bandwith" and from what I've been able to check using public looking glasses, this makes a huge difference. But services with direct links to Chinese ISPs are outside my comfort zone price-wise.

    also the possible that blocked by gfw(try not use default path like /dns-query ,gfw have active scan)

    I think it makes public DNSCrypt useless and changing URI to something else won't help much but defer block for a bit.

    i mean DoH

    Anyway, my point is that dnscry.pt runs a public service that publishes the list of DNSCrypt/DoT/DoH servers, making it not useful for circumventing censorship due to service design. Also, maintenance of censorship-resistant public service, like Tor Bridges or anything similar is pretty time-consuming and expensive task.

    Given all of that, I see no sense in attempting changing some connection parameters as they will be inevitably leaked to censorship operators due to publicity.

    Thanked by (2)taizi artem

    Check our KVM VPS plans in 🇵🇱 Warsaw, Poland and 🇸🇪 Stockholm, Sweden

  • It's been about two years since I came up with the wet idea to turn my idlers into something useful for the public. Today, I am running 106 resolvers worldwide. Oopsie.
    This wouldn't have been possible without the generosity of the sponsors of this project, of course. Most of them are active members of the LowEnd community.

    I'd like to celebrate this by giving away two of these brand new dnscry.pt mugs:

    ChatGPT and I have created a small CTF challenge which can be found at https://raffle.dnscry.pt/
    More information on how to participate can be found here.
    If you don't live in the EU or rather spend your time on smashing F5 in the Christmas thread, I still have few dnscry.pt stickers in stock. Just shoot me a PM - I ship these worldwide. :)

    Good luck and Merry Christmas!

    image

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • AuroraZeroAuroraZero ModeratorHosting ProviderRetired

    Merry Christmas @Brueggus!!! Thank You for all the hard work!!!

    Thanked by (2)Brueggus sh97
  • @Brueggus said:

    Where can I buy that mug?

    Thanked by (2)skorous Brueggus
  • @Brueggus said:
    It's been about two years since I came up with the wet idea to turn my idlers into something useful for the public. Today, I am running 106 resolvers worldwide. Oopsie.
    This wouldn't have been possible without the generosity of the sponsors of this project, of course. Most of them are active members of the LowEnd community.

    I'd like to celebrate this by giving away two of these brand new dnscry.pt mugs:

    ChatGPT and I have created a small CTF challenge which can be found at https://raffle.dnscry.pt/
    More information on how to participate can be found here.
    If you don't live in the EU or rather spend your time on smashing F5 in the Christmas thread, I still have few dnscry.pt stickers in stock. Just shoot me a PM - I ship these worldwide. :)

    Good luck and Merry Christmas!

    image

    This was really fun! Unfortunately I'm not in the EU :(

    Thanked by (1)Brueggus
  • @Wonder_Woman said: This was really fun!

    You mean, you already cracked it? I had a look at the page, but have no idea where to start!

    Thanked by (2)Wonder_Woman Brueggus
  • @wankel said:

    @Wonder_Woman said: This was really fun!

    You mean, you already cracked it? I had a look at the page, but have no idea where to start!

    Click around. :)
    Common thing about CTF challenges is that stuff is hidden in "plain sight". Look a bit deeper into things that might seem normal (but probably isn't). Everything you need is contained within raffle.dnscry.pt one way or another.

  • @Decicus said: Common thing about CTF challenges is that stuff
    is hidden in "plain sight".

    I had 'participate in a CTF' somewhere on the vague to-do list in the back of my mind, so I couldn't let this opportunity slip.

    With your hint I had a new look at the html, CSS and other files downloaded, and did get some further. Thanks!

    Not to spoil the fun I won't go through my few steps or publicly ask for hints on the specific step where I got stuck. I won't be able to solve this without more help, so I hereby disqualify myself ;-)

    Thanked by (1)Decicus
  • @Brueggus said:
    More information on how to participate can be found here.

    What I actually find interesting is that you seem to be using mxroute, but with IPv6 - I didn't think mxroute had IPv6 support?

    H=mail.bruegmail.de [2a01:4f8:242:52ab::2] X=TLS1.2:ECDHE_SECP256R1__ECDSA_SHA512__AES_256_GCM:256 CV=no DN="CN=sunfire.mxrouting.net"

  • Great work with this.
    Changed do dnscry.pt on all my PiHoles and worked superb and have a good latency to one of the Stockholm servers.
    Keep up the good work

    Thanked by (1)Brueggus
  • @cmeerw said:

    @Brueggus said:
    More information on how to participate can be found here.

    What I actually find interesting is that you seem to be using mxroute, but with IPv6 - I didn't think mxroute had IPv6 support?

    H=mail.bruegmail.de [2a01:4f8:242:52ab::2] X=TLS1.2:ECDHE_SECP256R1__ECDSA_SHA512__AES_256_GCM:256 CV=no DN="CN=sunfire.mxrouting.net"

    They don't (officially) support it, but I noticed that the server I am on had IPv6 enabled and working, so I'm using it. It works only for incoming mail, outgoing mails go through IPv4 relays.

    Thanked by (2)adly cmeerw

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • Wohoo! That was fun indeed. Thanks Decicus for the help!

    Thanked by (1)Decicus
  • @wankel said:
    Wohoo! That was fun indeed. Thanks Decicus for the help!

    Good job!

    Thanked by (1)wankel

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • skhronskhron Hosting Provider

    @kvidden said: Changed do dnscry.pt on all my PiHoles and worked superb and have a good latency to one of the Stockholm servers.

    One of the Stockholm server is ours, may I know if it is the best for you? 👀

    Check our KVM VPS plans in 🇵🇱 Warsaw, Poland and 🇸🇪 Stockholm, Sweden

  • fyi, i recommend absolutehosting for Johannesburg

Sign In or Register to comment.