dnscrypt.ca ... Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated DNS service for your pleasure.

NOTICE: [2022-08-01] He.net's IPv6 tunnelling seems to be messed up right now. I get intermittent connectivity from my house to their tunnel service. As a result the web server incorrectly sometimes thinks the IPv6 resolver services are down. I am disabling the script that checks the resolvers temporarily.


Server #1 Server #2
dnscrypt.ca-1 dnscrypt.ca-2
dnscrypt.ca-1-doh dnscrypt.ca-2-doh
dnscrypt.ca-1-ipv6 dnscrypt.ca-2-ipv6
dnscrypt.ca-1-doh-ipv6 dnscrypt.ca-2-doh-ipv6

Last check: 2022-08-01 at 16:40 Eastern time. Service names shown in green are currently up, service names shown in red are currently down. The script only checks every 15 minutes but if you think any or all of the servers are experiencing problems, feel free to contact me to let me know. DNSCrypt services are provided on port 443 with dnscrypt-wrapper and DoH services are provided on port 453 with m13253 and nginx.


I have no corporate affiliation, and I have nothing to do with the development of DNSCrypt, m13253, nginx, or Unbound. I am just some retired infrastructure guy who has strong opinions about privacy and security. I use these dnscrypt'ed servers for my own name resolution, there is no compensation for the time spent managing the servers, and my costs are partially covered by donations from users like you.


The dnscrypt.ca servers are Virtual Private Servers I rent from ULayer.net. Each server has an IPv4 address and an IPv6 address. On each server I run Unbound which receives DNS queries and looks up the IP addresses for them. The encrypted listener services allow you to connect with an appropriate client application which will forward your queries to the local Unbound service.

Both servers are in Montreal, both support DNSSEC (a feature of DNS that ensures you are getting the correct answers to your queries), both are uncensored, and these servers record no query logs. Unbound has some built in metrics that allow me to see that lately [as of 2022-06-30] the servers are doing about 10 million queries per day (that's about 116 queries per second), but that is all I know. There is no record of who connects to these servers, or what names they resolve to IP addresses.


Pretty much everything you do with your Internet-connected device requires a DNS lookup [or many lookups] to function. DNS turns names like dnscrypt.ca in to IP addresses like Unfortunately, DNS is almost always unencrypted. As a result, it might be possible for someone to know what DNS names you are requesting, and ultimately what services you are using (even if you are connecting to an encrypted service). DNSCrypt is a way to encrypt your DNS queries, hiding them from prying eyes.