DNS over HTTPS (DoH) is a next-generation communication protocol on track on becoming a major Internet standard (RFC 8484). By adding strong encryption and authentication to the good old DNS protocol, DoH tries to eliminate some of the biggest problems DNS had from the beginning: censorship, surveillance, and man-in-the-middle attacks.
FDNS was designed to run as a local DoH proxy on a Linux desktop, or as a server for a small network. Lean and mean, it protects the computers against some of the most common cyber threats, all while improving the privacy and the system performance.
FDNS is written in C and licensed under GPLv3. The number one job is privacy. We use only DoH services from non-logging providers, while preferring small operators such as open-source enthusiasts and privacy-oriented non-profit organizations.
- Works out of the box with little or no configuration changes.
- Network of 60+ non-logging DoH service providers spread around the globe. The servers are organized in several categories using a simple geographically-aware tagging system.
- Access to specialized DoH services such as family filtering, adblocking, security, OpenNIC.
- DNS resolver cache with a fixed TTL (default 40 minutes).
- Blocking ads, first and third-party trackers, coinminers, etc. The filters are configurable, the user can add his own hosts filter.
- Blocking IPv6 queries by default to reduce the DNS traffic on IPv4 networks.
- Anti-tunneling technology: by default only A and AAAA queries are forwarded.
- Conditional DNS forwarding support.
- Regular DNS over UDP fallback in case the DoH service becomes unavailable.
- Live DNS request monitoring and statistics.
- Scalable multi-process design with a frontend process and several independent resolver processes. Security technologies: chroot, seccomp, Linux namespaces, and AppArmor.
- Seamless integration with Firejail security sandbox.
FDNS is a community project. We are not affiliated with any company, and we don’t have any commercial goals. Our focus is the Linux desktop. Home users and Linux beginners are our target market. The software is built by a large international team of volunteers on GitHub. Expert or regular Linux user, you are welcome to join us!
We also develop Firejail Security Sandbox at https://firejail.wordpress.com.
- Webpage: https://firejaildns.wordpress.com
- Development: https://github.com/netblue30/fdns
- Download: https://github.com/netblue30/fdns/releases
- Documentation: https://github.com/netblue30/fdns/wiki/Introduction (wiki)
- Support: https://github.com/netblue30/fdns/issues (GitHub)
- FAQ: https://github.com/netblue30/fdns/wiki/FAQ (wiki)
March 2020 – released FDNS 0.9.62.4. In this release we introduce CNAME cloaking protection, DNS rebinding protection, SNI cloaking whenever possible, we disable all known DoH service on the local network, and we increased DNS cache TTL to 40 minutes. Also bugfixes and a DoH server list update.
February 2020 – released FDNS 0.9.62.2. The project is feature-complete! We added over 60 new DNS over HTTPS servers, documentation, an automated test framework, and lots of bugfixes.