DNS over HTTPS (DoH) is a next-generation communication protocol on track on becoming a major Internet standard (RFC 8484). By adding strong encryption and authentication, DoH tries to eliminate some of the biggest problems DNS had from the beginning: censorship, surveillance, and man-in-the-middle attacks.
FDNS was designed to run as a local DoH proxy on a Linux desktop, or as a server for a small network. Lean and mean, it protects the computers against some of the most common cyber threats, all while improving the privacy and the system performance.
FDNS is written in C and licensed under GPLv3. The number one job is privacy. We use only DoH services from non-logging providers, while preferring small operators such as open-source enthusiasts and privacy-oriented non-profit organizations.
- Works out of the box with little or no configuration changes.
- Network of 100+ non-logging DoH service providers spread across the globe. Access to specialized services such as family filtering, adblocking, security, OpenNIC.
- DNS over TLS support.
- Blocking ads, first and third-party trackers, coinminers, etc. The filters are configurable, the user can add his own hosts filter.
- DNS resolver cache and firewall: by default only A and AAAA queries are forwarded.
- Conditional DNS forwarding support and whitelisting mode.
- Regular DNS over UDP fallback in case the DoH service becomes unavailable.
- Live DNS request monitoring and statistics.
- Highly scalable multi-process design and built-in support for various security technologies: chroot, seccomp, Linux namespaces, and AppArmor.
- Seamless integration with Firejail Security Sandbox.
FDNS is a community project. We are not affiliated with any company, and we don’t have any commercial goals. Our focus is the Linux desktop. Home users and Linux beginners are our target market. The software is built by a large international team of volunteers on GitHub. Expert or regular Linux user, you are welcome to join us!
Security bugs are taken seriously, please email them to netblue30 at protonmail.com.
- Webpage: https://firejaildns.wordpress.com
- Development: https://github.com/netblue30/fdns
- Download: https://github.com/netblue30/fdns/releases
- Documentation: https://github.com/netblue30/fdns/wiki
- Support: https://github.com/netblue30/fdns/issues (GitHub)
- FAQ: https://github.com/netblue30/fdns/wiki/FAQ
September 2020 – released FDNS 0.9.62.10. In this release we are adding support for DNS over TLS and HTTP 1.1, restructure geographical zones, keepalive timer randomization, server list updates and bugfixes. Release Notes
June 2020 – released FDNS 0.9.62.8. In this release we are replacing HTTP 1.1 with HTTP 2 in the protocol stack, and we are adding a lot of new DoH servers to our list – only https://commons.host brings in a network of more than 20 geolocated DoH servers! We also added several new command line options, and fixed quite a number of bugs. Arch Linux just started packaging and distributing fdns in AUR. Release Notes
May 2020 – released FDNS 0.9.62.6. In this release we are adding whitelisting domains functionality, resizable monitor window, support for multiple FDNS proxies running on the same system, enforcing NXDOMAIN for blacklisted domains, a server list update and bugfixes. A lot of development went into our regression testing, we started tracking gcov-based code coverage for our tests (published on https://netblue30.github.io/regtest/), and integrated lgtm.com security scanner in our ongoing development process. Release Notes
March 2020 – released FDNS 0.9.62.4. In this release we introduce CNAME cloaking protection, DNS rebinding protection, SNI cloaking whenever possible, we disable all known DoH service on the local network, and we increased DNS cache TTL to 40 minutes. Also bugfixes and a DoH server list update.
February 2020 – released FDNS 0.9.62.2. The project is feature-complete! We added over 60 new DNS over HTTPS servers, documentation, an automated test framework, and lots of bugfixes.