Network Security Introduction |
Firejail Encrypted DNS HowTo |
FDNS is an encrypted DNS proxy designed for small networks and Linux desktops. Lean and mean, it protects your computer from some of the most common cyber threats, while also improving privacy and the system performance.
FDNS is written in C and licensed under GPLv3. We use only DoH/DoT/DoQ services from non-logging and non-censoring providers, while preferring small operators such as open-source enthusiasts and privacy-oriented non-profit organizations.
- Network of 300+ non-logging/non-censoring service providers spread across the globe. Access to specialized services such as family filtering, adblocking, and security.
- Blocking ads, trackers, coinminers, phishing.
- DNS resolver cache and DNS firewall targeting various DNS attack techniques.
- Highly scalable multi-process design and built-in support for various security technologies such as seccomp, Linux namespaces, and AppArmor.
- Seamless integration with Firejail Security Sandbox.
sudo apt install build-essential make git
sudo apt install libseccomp-dev libssl-dev
git clone --recursive https://github.com/netblue30/fdns
cd fdns
./configure --prefix=/usr --enable-apparmor
make
sudo make install
(to uninstall) sudo make uninstall
(to update the repo) git submodule update --remote --merge
FDNS is a community project. We are not affiliated with any company, and we don’t have any commercial goals. Our focus is the Linux desktop. Home users and Linux beginners are our target market. The software is built by a large international team of volunteers on GitHub. Expert or regular Linux user, you are welcome to join us!
Security bugs are taken seriously, please email them to netblue30 at protonmail.com.
- Webpage: https://firejaildns.wordpress.com
- Development: https://github.com/netblue30/fdns
- Documentation: https://github.com/netblue30/fdns/wiki (wiki)
- Download: https://github.com/netblue30/fdns/releases
- Support: https://github.com/netblue30/fdns/issues (GitHub)
- FAQ: https://github.com/netblue30/fdns/wiki/FAQ (wiki)
Current DNS over QUIC server list:
$ fdns --list=all | grep quic
adguard-unfiltered-quic - anycast, quic, America, AsiaPacific, Europe
adguard-unfiltered2-quic - anycast, quic, America, AsiaPacific, Europe
adguard-quic - anycast, quic, adblocker, America, AsiaPacific, Europe
adguard2-quic - anycast, quic, adblocker, America, AsiaPacific, Europe
adguard-family-quic - quic, family, America, AsiaPacific, Europe
adguard-family2-quic - quic, family, America, AsiaPacific, Europe
blissdns-quic - quic, adblocker, US, America
brahmaworld-quic - quic, adblocker, Sweden, Europe
dynx-quic - quic, adblocker, Germany, Europe
nextdns-quic - quic, America, AsiaPacific, Europe
nextdns2-quic - quic, America, AsiaPacific, Europe
nextdns3-quic - anycast, quic, America, AsiaPacific, Europe
noridev-quic - quic, adblocker, Korea, AsiaPacific, FarEast
qquackdns-quic - quic, Korea, AsiaPacific, FarEast
rbn-quic - quic, adblocker, Germany, Europe
rezjahul-quic - quic, adblocker, Singapore, AsiaPacific, FarEast
surfshark-quic - anycast, quic, America, AsiaPacific, Europe
sz-dns-quic - quic, America, AsiaPacific, Europe
tridns-ca-quic - quic, America, Canada
tridns-ch-quic - quic, Europe, Switzerland
tridns-sg-quic - quic, Singapore, AsiaPacific. FarEast
tiarap2-quic - quic, Singapore, FarEast, AsiaPacific
zdn-quic - quic, adblocker, Romania, Europe
A short comparison of DoH, DoT, and DoQ:
$ fdns --test-server
Current zone: America
Testing server adguard-unfiltered
Tags: anycast, America, AsiaPacific, Europe
SSL/TLS connection: 122.96 ms
DoH query average: 22.22 ms
DoH/Do53 bandwidth ratio: 2.13
Testing server adguard-unfiltered-dot
Tags: anycast, dot, America, AsiaPacific, Europe
SSL/TLS connection: 146.72 ms
DoT query average: 20.88 ms
DoT/Do53 bandwidth ratio: 1.32
Testing server adguard-unfiltered-quic
Tags: anycast, quic, America, AsiaPacific, Europe
SSL/TLS connection: 485.44 ms
DoQ query average: 22.92 ms
[...]
Larger connection time, but similar query time averages. We will add more DoQ servers as the technology matures.