dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers
Some of you may remember my VPS flea market which became a bit messy eventually. I was nonetheless able to get rid of some of my idlers, others were canceled since then but I'm still sitting on a pile of them.
In December, I decided to turn some of them into something useful (hopefully...) for the community and dnscry.pt was born:
Public DNSCrypt resolvers hosted by LowEnd providers
Most of the servers have been taken from my collection of idlers, but I'd like to give a shout-out to @Kuroit and @terrahost who are generously sponsoring three servers for the project.
In a nutshell, DNSCrypt is a protocol which encrypt and authenticates your DNS requests, so that a third party (like your ISP) can no longer tinker with them. You have to run a DNSCrypt client like dnscrypt-proxy locally or in your network and point your DNS requests there instead of towards your Wi-Fi router or public resolvers like Google's 8.8.8.8. Your DNSCrypt client will take care of the encryption and forward your requests to a public DNSCrypt resolver (like one of those I run for dnscry.pt).
None of the resolvers do any filtering of any kind. I don't store any logs of your requests. All I do is collect metrics using Munin.
If you're interested in giving it a try, further instructions can be found here. There's also a list of all resolvers.
Singapore may appear offline from time to time but is doing fine for local traffic. Intercontinental traffic is going through Cogent and their lines appear to be congested af. I'm monitoring all resolvers from a server hosted in Jacksonville, FL.
If you're using dnscrypt-proxy, you don't have to handpick resolvers near your location. Instead, use the auto-generated resolver list. Configuration instructions can be found in the file header or in the "Get Started" guide on the website.
I hope this is useful for some of you. I'm using DNSCrypt for years and have switched to my resolver list recently.
Let me know if you have any feedback or questions. I'm also open for suggestions for new locations. 
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Comments
Is DNSCrypt still a thing? I thought it was superseded by DoH/DoT.
DoH/DoT can be intercepted by ISP.. Dunno how.
https://microlxc.net/
I've never been a fan of DoH and DoT due to their protocol overhead. Still, those are more popular nowadays.
Unlike DoH/DoT, DNSCrypt has never been standardized in form of a RFC. But since it works well for me and is easy to maintain, I'd still say DNSCrypt has its right to exist.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
This is great.
Another alternative to commercial companies products. Keep it up, man.
MicroLXC is lovable.
so how do I run my own instance? possibly with ghetto-rigging it with wireguard
atm DoH still suffice for my usage (especially for android private dns), but this seems interesting to try
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Cool project, I really like the option of a non-commercial DNS, but also gotta say that imo the days of glory of DNSCrypt are long over, the killer feature of DoH and DoT is that they work OOTB on Android, iOS and macOS.
I also remember that back then when I messed around with DNSCrypt, it was actually pretty darn slow, or more precisely the DNS proxy implementations that I used at that time.
Since I run my own DoH/DoT instance, what made you pick unbound over knot-resolver, I feel like it works better on LE platforms.
Either way, thanks @Brueggus for the community effort and keep it up!
If I dare to state some wishes - considering adding DoT/DoH with nice and signed iOS MDM profiles (like dnsforge.de) and adding an option for blocklists (oisd.nl is superb).
Great project, finally some more servers that actually respond with a RRSIG.
For anyone wondering - the opnsense version of dnscrypt-proxy isn't recent enough for the provided DNS Stamps.
If someone needs a list of a couple of other EU servers that respond with RRSIG, let me know.
Is it due to the signature algorithm I use to sign the resolver list? I ran into a similar issue since the version of dnscrypt-proxy I run on my Raspberry Pi at home was too old for "non-legacy" signatures.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
I guess so, opnsense uses version 2.0.45.
Nice project, this should be added to DNSCrypt official resolvers.
@Brueggus you already have our primary geographic location covered (same DC), but if you wanted a sponsored one w/IPv6 I'm happy to oblige.
NVMe VPS | Ryzen 5950X VPS | Dedicated Servers -- Crunchbits.com
I'm a bit hesitant to open a PR to have them added. I don't have much experience with the components involved. I've seen PRs on their repo of people asking to have their resolvers removed due to the amount of traffic they get. Bandwidth shouldn't be an issue but I don't know how much CPU and memory they require if they're under load. So I'd prefer to get some traffic (and gain experience) first before I open the flood-gates.
Thanks for the generous offer. I'll keep it in mind and am looking forward to your next expansion
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Practically everything behind the scenes is automated via Ansible, so adding/removing resolvers is a piece of cake.
So I've taken 14 servers from my collection of idlers and dedicated them to the project. Another one in Stockholm, Sweden has been donated by Internetport who are running a promo on OGF at the moment.
New Locations:
* 🇺🇸 Philadelphia, Durham, Denver, Salt Lake City, Atlanta, Chicago
* 🇨🇦 Castlegar, Montreal
* 🇨🇱 Valdivia
* 🇮🇳 Mumbai
* 🇿🇦 Johannesburg
* 🇹🇼 Taipeh
* 🇲🇩 Chișinău
* 🇸🇪 Stockholm
* 🇮🇪 Dublin
Instructions on how to use them can be found here or in the first post.
Enjoy!
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Woop! Woop!
We have stickers available now. I'm unsure whether anyone cares, but if you'd like to pimp your laptop lid, let me know and I'll get one shipped.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
International shipping for stickers? :-)
Sure, it's not much more expensive than a domestic letter.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Oh, in that case I'd be happy to have one. Wasn't going to ask since it had to come across the pond.
It'll look good next to my Grimm Reaper and Bernie in Mittens. DM you?
I'm getting a 403 on the image link, but I'd like some! I'll pay for the shipping as well if you can throw in more than one
Sorry for that... I have to move my image hosting. The current hoster seems to do some weird geo-blocking stuff.
Don't worry about the shipping fees. It's about €1 per letter and Paypal will likely charge the same amount... Just DM me your address and how many stickers you'd like. I ordered only a small batch of 12 stickers, so please keep it within reasonable limits.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
DM'd
I don't know where you ordered the stickers, but a lot of those places will let you sell them directly to other people.
That way anyone could order as many stickers they want directly from the printer and you will not have to pay shipping.
That's a good idea. I'll consider it if more people are interested. For now I'm just looking to get the other half of my sample batch off my desk.
I'll get the stickers shipped tomorrow. If anyone wants some and hasn't PM'ed me yet, please do so now
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Stickers received. Thanks @Brueggus!
Waiting for a new laptop, will put them properly then.
Edit: made the image slightly smaller.
Btw, very pretty handwriting @Brueggus, at least compared to mine
Oh well... It used to be much cleaner but it's become worse and worse over the years. Glad to hear that you've been able to read it.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Happy to donate an instance for you if you'd like a presence in Naaldwijk, Netherlands.
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ Idaho, US | New Location w/ 5Gbps default ] [Netherlands, EU | Great connectivity to Europe ] [ CL Shared | KVM VPS | Dedicated Servers | Domain Names ]
Thanks for the offer
I'll let you know when I'm adding the next batch.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Sure thing, happy to help.
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ Idaho, US | New Location w/ 5Gbps default ] [Netherlands, EU | Great connectivity to Europe ] [ CL Shared | KVM VPS | Dedicated Servers | Domain Names ]
The resolver in Mumbai is offline due to https://lowendspirit.com/discussion/5655/stromonic-has-deadpooled .
It will most likely not be replaced as there aren't many options in that region.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
amazing.
any plans to support anonymized dns with dnscrypt?
I received a letter with some amazing stuff inside
Thanks @Brueggus!