Server #1 | Server #2 |
---|---|
dnscrypt.ca-1 | dnscrypt.ca-2 |
dnscrypt.ca-1-doh | dnscrypt.ca-2-doh |
dnscrypt.ca-1-ipv6 | dnscrypt.ca-2-ipv6 |
dnscrypt.ca-1-doh-ipv6 | dnscrypt.ca-2-doh-ipv6 |
Last check: 2023-12-11 at 01:45 Eastern time. Service names shown in green are currently up, service names shown in red are currently down. The script only checks every 15 minutes but if you think any or all of the servers are experiencing problems, feel free to contact me to let me know. DNSCrypt services are provided on port 443 with dnscrypt-wrapper and DoH services are provided on port 453 with m13253 and nginx.
The dnscrypt.ca servers are Virtual Private Servers I rent from ULayer.net. The servers went public in September of 2017, and each server has an IPv4 address and an IPv6 address. On each server I run Unbound which receives DNS queries and looks up the IP addresses for them. The encrypted listener services allow you to connect with an appropriate client application which will forward your queries to the local Unbound service. Both servers are in Montreal, both support DNSSEC (a feature of DNS that ensures you are getting the correct answers to your queries), both are uncensored, and these servers record no query logs. Unbound has some built in metrics that allow me to see that lately [as of 2023-03-29] the servers are doing about 21.5 million queries per day (that's about 250 queries per second), but that is all I know. There is no record of who connects to these servers, or what names they resolve to IP addresses.
Server #1 | Server #2 | |
---|---|---|
DNS Name | dns1.dnscrypt.ca | dns2.dnscrypt.ca |
IPv6 Specific DNS Name | dns1.ipv6.dnscrypt.ca | dns2.ipv6.dnscrypt.ca |
IPv4 Address | 167.114.220.125 | 149.56.228.45 |
IPv6 Address | 2607:5300:61:95f:7283:11d9:f86:e689 | 2607:5300:61:95f:7283:11d9:f86:e690 |
DNSCrypt Provider Name | 2.dnscrypt-cert.dnscrypt.ca-1 | 2.dnscrypt-cert.dnscrypt.ca-2 |
DNSCrypt Port Number | 443 | 443 |
DoH Port Number | 453 | 453 |
DoH SNI + path | https://dns1.dnscrypt.ca:453/dns-query | https://dns2.dnscrypt.ca:453/dns-query |
DNSSEC | Yes | Yes |
Logging | No | No |
Filtering/Censoring | No | No |
I have no corporate affiliation, and I have nothing to do with the development of DNSCrypt, m13253, nginx, or Unbound. I am just some retired infrastructure guy who has strong opinions about privacy and security. I use these dnscrypt'ed servers for my own name resolution, I receive no compensation for the time spent managing the servers, and my costs are partially covered[1] by donations from users like you.
Pretty much everything you do with your Internet-connected device requires a DNS lookup [or many lookups] to function. DNS turns names like dnscrypt.ca in to IP addresses like 69.165.220.221. Unfortunately, DNS is almost always unencrypted. As a result, it might be possible for someone to know what DNS names you are requesting, or in some cases provide intentionally incorrect replies to your DNS queries. DNSCrypt is a way to encrypt your DNS queries, hiding them from prying eyes and fingers.
[1] To date there has been a single donation of CAD$20 back in 2019.