Stubby

dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby Desktop [Linux, Mac, OpenWrt & Windows]

Awesome Privacy ➔ Networking ➔ DNS Clients ➔ Stubby

Acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), see example configuration.

Homepage: dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
GitHub: github.com/getdnsapi/stubby
Web info: web-check.xyz/check/dnsprivacy.org

Open Source

Stubby Source Code

Author

getdnsapi

Description

Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).

Homepage

https://dnsprivacy.org/dns_privacy_daemon_-_stubby/

License

BSD-3-Clause

Created

26 Jun 17

Last Updated

03 Jun 26

Latest version

v0.4.3

Primary Language

Size

507 KB

Stars

1,305

Forks

106

Watchers

1,305

Language Usage

Star History

Top Contributors

Recent Commits

Sara Dickinson (15 Jul 25)
Update Adguard information
Sara Dickinson (15 Jul 25)
Merge pull request #367 from andy-bower/restena-ipv6 Update Foundation RESTENA IPv6 server in stubby.yml.example
Andrew Bower (03 Jul 25)
Update Foundation RESTENA IPv6 server in stubby.yml.example
Sara Dickinson (26 Mar 24)
Update hostname and pin for Fondation RESTENA server in stubby.yml.example
Sara Dickinson (26 Jun 23)
Remove `dnsovertls` servers from man page. Update version for custom Windows rc release.
Sara Dickinson (20 Apr 23)
Merge pull request #341 from ayushkamadji/fix-readme-links Fix broken wiki short links in readme
Ayushka Partohap (20 Apr 23)
Fix broken wiki short links
Sara Dickinson (09 Jan 23)
Merge pull request #335 from AstralStorm/develop Fix service build failure on Windows
Radosław Szkodziński (03 Jan 23)
Fix service build failure on Windows
Willem Toorop (22 Dec 22)
Log messages from getdns have '\n' at the end
Willem Toorop (22 Dec 22)
Fix PR #323 Reduce spam messages when interface is offline
Willem Toorop (22 Dec 22)
Stubby 0.4.3 Quickfix release scheduled for today
Willem Toorop (22 Dec 22)
Merge pull request #324 from pemensik/stubby.service Private users prevents running on systemd
Petr Menšík (15 Oct 22)
Private users prevents running on systemd Original value does not work on systemd v250, Fedora 36. Does not work on Fedora 38, systemd-252~rc1 either. It prevents the process from successfully binding the socket.
Willem Toorop (19 Aug 22)
stubby-0.4.2 quickfix release
Willem Toorop (19 Aug 22)
Fix #320 Stubby won't start without `log_level` setting
Willem Toorop (19 Aug 22)
Bump version for the 0.4.1 release
Willem Toorop (19 Aug 22)
Mention getdnsapi.net servers listen on port 443 now too
Willem Toorop (19 Aug 22)
getdnsapi.net DoT servers now listen on port 443 too
Willem Toorop (12 Aug 22)
Set log level from config file
Willem Toorop (11 Aug 22)
Bump version
Willem Toorop (11 Aug 22)
Attribute systemd file to Bruno in Changelog
Willem Toorop (11 Aug 22)
Merge pull request #294 from ArchangeGabriel/patch-1 Upgrade systemd service security
Willem Toorop (11 Aug 22)
Merge pull request #314 from getdnsapi/remove_dnsovertls_servers Remove the dnsovertls.sinodun.com servers from the config.
Sara Dickinson (07 Jun 22)
Remove the dnsovertls.sinodun.com servers from the config. Additional tidy up of config.
Sara Dickinson (05 Aug 22)
Tidy up Changelog
Sara Dickinson (05 Aug 22)
Add text on ECS use
Sara Dickinson (05 Aug 22)
Merge pull request #316 from pataquets/add-resolvers-quad9 Add Quad9 resolvers.
Sara Dickinson (21 Jul 22)
Fix typo in cmake check for libidn2
Sara Dickinson (21 Jul 22)
Merge pull request #319 from jpbion/fixlibidn2 Category: Strengthen check for LibIDN2 version in cmake build step

Stubby Security

2.9/10

Repo Security Summary

Updated 25 May 26

Dangerous-Workflow N/A
Token-Permissions N/A
Maintained 0/10
Packaging N/A
Code-Review 3/10
Binary-Artifacts 10/10
CII-Best-Practices 0/10
Security-Policy 0/10
Fuzzing 0/10
License 10/10
Pinned-Dependencies 0/10
Signed-Releases 8/10
Branch-Protection 0/10
SAST 0/10

Stubby Website

Website

http://dnsprivacy.org/dns_privacy_daemon_-_stubby/

Redirects

Redirects to http://dnsprivacy.org/dns_privacy_daemon_-_stubby/

Security Checks

All 65 security checks passed

Server Details

IP Address 185.199.111.153
Hostname cdn-185-199-111-153.github.com
Location California, Pennsylvania, United States of America, NA
ISP GitHub Inc.
ASN AS54113

Associated Countries

Safety Score

Website marked as safe

100%

Blacklist Check

dnsprivacy.org was found on 0 blacklists

AntiSocial Blacklist
Artists Against 419
Badbitcoin
Bambenek Consulting
CERT Polska
CoinBlockerLists
CRDF
CryptoScamDB
EtherAddressLookup
EtherScamDB
Fake Website Buster
MetaMask EthPhishing
NABP Not Recommended Sites
OpenPhish
PetScams
PhishFeed
PhishFort
Phishing.Database
PhishStats
PhishTank
Phishunt
RPiList Not Serious
Scam.Directory
SecureReload Phishing List
Spam404
StopGunScams
Suspicious Hosting IP
ThreatFox
ThreatLog
TweetFeed
URLhaus
ViriBack C2 Tracker

Website Preview

View full report at web-check.xyz

Stubby Reviews

More DNS Clients

DNS Cloak

(iOS)
apps.apple.com/us/app/dnscloak-secure-dns-client/id1452162351

Simple all that allows for the use for dnscrypt-proxy 2 on an iPhone.

Open Source s-s/dnscloak

View DNS Cloak Report
DNScrypt-proxy 2

(Desktop [BSD, Linux, Solaris, Windows, MacOS & Android])
dnscrypt.info

A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2, DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.

Open Source DNSCrypt/dnscrypt-proxy

View DNScrypt-proxy 2 Report
Nebulo

(Android)
nebulo.app

Non-root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo.)

Open Source Ch4t4r/Nebulo

View Nebulo Report
RethinkDNS & Firewall

(Android)
rethinkdns.com/app

Free and open source DNS changer with support for DNS-over-HTTPS, DNS-over-Tor, and DNSCrypt v3 with Anonymized Relays. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using RethinkDNS + Firewall.)

Open Source celzero/rethink-app

View RethinkDNS & Firewall Report
Unbound

(Desktop [Linux, Mac, OpenWrt & Windows])
nlnetlabs.nl/projects/unbound

Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)

Open Source NLnetLabs/unbound

View Unbound Report

About the Data: Stubby

API

You can access Stubby's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/stubby

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Stubby

Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share Stubby and Awesome Privacy with your network!

← Previous

DNS Cloak

View DNS Clients (6)