# paulmillr/encrypted-dns **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/paulmillr-encrypted-dns).** 4,415 stars · 416 forks · JavaScript · unlicense ## Links - GitHub: https://github.com/paulmillr/encrypted-dns - Homepage: https://paulmillr.com/posts/encrypted-dns/ - awesome-repositories: https://awesome-repositories.com/repository/paulmillr-encrypted-dns.md ## Topics `cloudflare` `configuration-profile` `dns` `encrypted-dns` `google` `https` `ios` `macos` `mobileconfig` `opendns` `over` `quad9` `rfc7858` `rfc8484` `tls` ## Description This project is a DNS privacy proxy and resolver that functions as a local bridge, converting plaintext DNS traffic into encrypted requests. It acts as a client for DNS-over-HTTPS and DNS-over-TLS protocols to prevent interception and spoofing of network requests. The system implements network privacy hardening by routing domain lookups through secure tunnels, which reduces the amount of plain text data leaked to internet service providers. It utilizes a profile-based connection management system to map security profiles to specific encrypted endpoints, preventing DNS hijacking and man-in-the-middle attacks. The tool covers a range of secure resolution capabilities, including TLS-handshake authentication and stateless query resolution. It handles binary packet parsing and utilizes an asynchronous request pipeline to process multiple DNS queries concurrently. ## Tags ### Security & Cryptography - [Network Privacy Hardening](https://awesome-repositories.com/f/security-cryptography/network-privacy-hardening.md) — Hardens network privacy by routing all DNS lookups through encrypted tunnels to reduce data leakage. - [TLS Certificate Validations](https://awesome-repositories.com/f/security-cryptography/handshake-protocols/handshake-validations/tls-certificate-validations.md) — Validates server certificates during TLS handshake to prevent man-in-the-middle attacks. - [DNS Connection Profiles](https://awesome-repositories.com/f/security-cryptography/malleable-c2-traffic-profiles/profile-management/dns-connection-profiles.md) — Maps named security profiles to specific encrypted DNS endpoints for per-query routing decisions. ### Networking & Communication - [DNS-over-HTTPS Clients](https://awesome-repositories.com/f/networking-communication/dns-servers/dns-over-https-servers/dns-over-https-clients.md) — Routes DNS lookups through HTTPS connections to secure domain resolution against man-in-the-middle attacks. - [DNS-over-HTTPS Relays](https://awesome-repositories.com/f/networking-communication/dns-servers/dns-over-https-servers/dns-over-https-relays.md) — Converts plaintext DNS queries into encrypted DNS-over-HTTPS or DNS-over-TLS requests to prevent interception and spoofing. - [DNS-over-TLS Clients](https://awesome-repositories.com/f/networking-communication/dns-servers/dns-over-tls-clients.md) — Converts DNS queries into encrypted DNS-over-TLS requests for secure resolution. - [Local Encrypted DNS Resolvers](https://awesome-repositories.com/f/networking-communication/load-balancers/dns-resolver/local-encrypted-dns-resolvers.md) — Acts as a local bridge that forwards system DNS traffic to encrypted upstream resolvers without modifying network settings. - [DNS Proxy Bridges](https://awesome-repositories.com/f/networking-communication/local-proxy-gateways/dns-proxy-bridges.md) — Intercepts plaintext DNS traffic on localhost and forwards it over encrypted upstream connections. - [DNS Configuration](https://awesome-repositories.com/f/networking-communication/dns-configuration.md) — Applies ready-made configuration profiles that route all system DNS traffic through encrypted protocols. ([source](https://cdn.jsdelivr.net/gh/paulmillr/encrypted-dns@master/README.md)) - [Encrypted DNS Profile Installers](https://awesome-repositories.com/f/networking-communication/dns-configuration/encrypted-dns-profile-installers.md) — Installs pre-built configuration profiles that route all system DNS traffic through encrypted protocols automatically. ([source](https://cdn.jsdelivr.net/gh/paulmillr/encrypted-dns@master/README.md)) - [Encrypted DNS Profile Installers](https://awesome-repositories.com/f/networking-communication/dns-servers/dns-over-tls-clients/encrypted-dns-profile-installers.md) — Installs a configuration profile on iOS or macOS that routes all DNS traffic through encrypted servers. ([source](https://paulmillr.com/posts/encrypted-dns/)) ### Programming Languages & Runtimes - [DNS Wire-Format Parsers](https://awesome-repositories.com/f/programming-languages-runtimes/binary-parsing/dns-wire-format-parsers.md) — Directly parses raw DNS wire-format packets without intermediate abstraction layers. ### Software Engineering & Architecture - [Stateless DNS Proxies](https://awesome-repositories.com/f/software-engineering-architecture/stateless-architectures/stateless-dns-proxies.md) — Resolves each DNS query independently without maintaining session state between requests.