dnscrypt.ca ... Free Canadian based encrypted DNS service with DNSSEC validation for your pleasure.


If you prefer you can simply follow the RSS feed.


Sorry folks, Unbound barfed on Server #2 this afternoon and name resolution was down until I was able to get Unbound back up again.


Made some changes to the web site, including adding a new table on the main page which shows a bunch of important attributes of each server. Also made a post at snork.ca about an SEO goof who emailed me regarding putting ads on dnscrypt.ca.


My bad... I had screwed up my stamps and when the certs renewed, connections started to fail and a couple of the DoH entries got pulled from the public resolver list. Everything is back up, though I do still have a request in to clean up more of the stamps.


Sorry folks, I was out of town and server #2 went down Friday evening around 8pm. Fortunately when the key rotation script ran again at 11:30pm it killed the dead listener and brought up a new one.


Woke up to find name resolution mostly dead. Turns out server #1 was reporting that its disk was full, even though it was 82% free. A reboot fixed that. Also found that both servers had runaway instances of the key rotation script that were not exiting. I killed the useless ones and name resolution seemed fine again. Lastly, I had some trouble opening the web site, with an OCSP error from my Firefox based browser [but not my Chrome based browser]. This seemed to solve itself fairly quickly without any real explanation as to why it was barfing. Downtime should have been minimal, and of course I'll be monitoring in case any of the problems return.


The web site was down from about 1pm to 7pm Eastern today thanks to a power outage at home. The resolvers are at ULayer and were unaffected.


For some reason server #2 was having problems resolving some domains including www.kijiji.ca and www.amazon.ca. I found that both amazon and kijiji use dynect.net, which is owned by Oracle. dnsviz and intodns both show problems with dynect, including servers that are not responding. I restarted Unbound on server #2 and it is now able to resolve those names again but it doesn't much explain what has happened at dynect.


The IPv4 dnscrypt listener on server #2 barfed this evening and I had to kill the process and start the key rotation script over again. It is possible that there may have been some people who were unable to connect to that service until their dnscrypt client re-established its connection to that server. IPv6 and DoH were unaffected. I believe the downtime was a matter of less than 10 minutes.

Older News

Curious eh? Well, have a look at the 2021 News.