Four reference guides on how DNS actually works, from the basics to a full self-hosting runbook.
What Is a DNS Resolver? explains the piece that turns names into addresses, and what it can see about you along the way.
DoH vs DoT vs DNSCrypt vs DoQ compares the encrypted transports side by side, including DoH3, so you can pick the right one.
What Is DNSSEC? covers what DNSSEC proves, why it is not encryption, and how the two work together.
Build a Validating, Hardened Resolver is a runbook for running your own: Unbound for DNSSEC validation and caching, with dnscrypt-proxy encrypting the upstream.
Four guides on the fundamentals: what a resolver is and what it sees, how the encrypted protocols compare, what DNSSEC does and does not do, and a runbook for building your own validating resolver.
Highlights
- New guide: what a DNS resolver is and what it can see
- New guide: a detailed comparison of DoH, DoT, DNSCrypt and DoQ
- New guide: what DNSSEC does and does not do
- New runbook: build your own validating, hardened resolver