Differences

This shows you the differences between two versions of the page.

--- networking:dns:stubby [2020/12/18 09:44] – created peter
+++ networking:dns:stubby [2020/12/18 10:41] (current) – peter
@@ Line 1: / Line 1: @@
 ====== Networking - DNS - Stubby ======
-**Stubby** acts as a local DNS Privacy stub resolver (using DNS-over-TLS).
+Stubby is an open-source DNS stub resolver which supports DNS over TLS by default and therefore it will only send DNS requests encrypted.
-Stubby encrypts DNS queries sent from a client machine to a DNS Privacy resolver increasing end user privacy.
-Stubby uses only DNS-over-TLS to provide privacy, it does not implement DNSCrypt.
 <WRAP info>
-**NOTE:**  [[https://dnscrypt.info/|DNSCrypt]] is a method of authenticating communications between a DNS client and a DNS resolver.
+**NOTE:**  A **stub resolver** is a small DNS client on the end-user’s computer that receives DNS requests from applications such as Firefox and forwards requests to a recursive resolver like 1.1.1.1 or 8.8.8.8.
-It prevents DNS spoofing.
-It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with (the messages are still sent over UDP).
-As a side effect it provides increased privacy because the DNS message content is encrypted.
+There are other stub resolvers that also support DNS over HTTPS, such as cloudflared, but Stubby is very easy to use.
-It is an open specification but it has not been standardized by the IETF.
+Stubby uses only DNS-over-TLS to provide privacy, it does not implement [[https://dnscrypt.info/|DNSCrypt]].  DNSCrypt is a method of authenticating communications between a DNS client and a DNS resolver; using cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with (the messages are still sent over UDP).
 </WRAP>