DNS over HTTPS

I publicly provide 2 DNS server endpoints using the HTTPS protocol. This means that the communication between your terminal and my DNS servers will be encrypted. If someone attempts a Man-in-the-Middle attack using mitmproxy, bettercap, or a simple tcpdump on port 53, they will be unable to see your traffic.

My servers use Adguard and Technitium as DNS software continuously updated.

The Adguard endpoint is useful for dispersing your DNS requests across more than 20 DNS over HTTPS servers, all hosted in Europe with extremely low latency. I have benchmarked each of them to create a curated list that respects privacy.

The Technitium endpoint is a unique DNS over HTTPS server, which can be useful for filling your list of dispersed servers, such as the one I offer above.

Regarding privacy, I host both services in separate LXC containers on my own equipment, connected to a low-latency fiber connection. I anonymize all IP addresses that connect to my DNS servers. I do not exploit any data and do not look at logs - I have better things to do... life is short 

🔮 Random Upstream

Software: AdGuard Home

Endpoint: https://doh-random-upstream.nicolas-dorriere.fr/dns-query

Features AdGuard Home: 

- self-hosted in France
- no filter
- no logging
- load-balancing mode
- dilution max 7.5%
- cache

Features Public Upstream: 

- keeps DNS traffic inside Europe
- 200ms max
- own recursion
- no Cloudflare
- no Google

Dilution

What is dilution? I've adopted this term to simply explain that each DNS request is systematically sent to a different DNS server, thus avoiding any notion of centralization by a single entity and reinforcing privacy.

The DNS servers of Cloudflare (1.1.1.1) or Google (8.8.8.8) concentrate too many DNS requests. They use your data to likely serve ads for Google, and for Cloudflare, likely to improve their products. 1.1.1.1 remains the recursive DNS server with the lowest latency in the world, ahead of Google and others.

The percentages in the table below show the number of requests dispatched to the different DNS servers present in Adguard's list. For example, for the server collecting the most requests, NextDNS, they will see a maximum of 7% of my DNS traffic. The public DNS server of DNSFORGE sees only 2.68% of my traffic.

We avoid centralization, as mentioned earlier, and achieve dilution. 
The more servers we have in our dilution list, the better your privacy will be.

DNS over HTTPS servers with low latency and respect for privacy (no logging, anonymization) are rare. That's why I offer a public endpoint to help improve the global privacy of internet users.

🍭 Own Recursion