Improving Privacy DNS

Last week, a small Greenhost-delegation visited the Internet Freedom Festival in order to meet other people active in the field of Privacy and Internet Freedom, and get new ideas to improve upon our services. Inspired by a great session by Daniel Khan Gillmor we immediately set up a new DNS-over-TLS server, allowing advanced users to use the internet more privately.

The Domain Name System (DNS) underpins most of our use of the Internet, by providing a way to look up IP addresses from domain names. By design, it provides very little privacy. While more and more sites use encryption once the connection is in place, the initial request is still unencrypted. This means that although it is often not possible to detect what information you send to or receive from a website, it is still detectable what websites you visit. There can be many reasons why you don't want people to know you are visiting sites like: "refugeerights.example", "abortionservices.example" or "blacklivesmatter.example".

Recently, simple basic privacy protection measures for DNS have been standardised, and we set up our own DNS-over-TLS-server according to this standard. Anyone with a correct client-side configuration can reach and use this server on 213.108.108.108, or pdns.greenhost.net.

Unfortunately, client-side development is still in it's infant stages. There is no easy implementation for well-used browsers, so if you want to start using DNS-over-TLS, currently your best shot is to use a specially developed daemon: Stubby. Of course we hope that in the future more programs will start supporting this protocol. Keep yourself updated through the project's homepage.