DNSCrypt.nl

Free public DNSCrypt v2 server hosted in Amsterdam, The Netherlands.

For DNS traffic encryption and authentication.

Features

  • DNSSEC validation for better security
  • DNS Flag Day ready
  • Caching
  • No logs
  • No censoring and filtering
  • ED25519 and ED448 algorithm support
  • Query prefetching to reduce latency
  • Query minimization for improved privacy
  • No forwarding to external/upstream DNS servers (recursive)
  • Daily certificate rotation for forward secrecy
  • Supporting the latest DNSCrypt v2 protocol version
  • Latest Unbound recursive DNS resolver
  • Pi-hole compatible

DNSCrypt v2 server

Server namednscrypt.nl-ns0, dnscrypt.nl-ns0-ipv6
Provider name2.dnscrypt-cert.ns0.dnscrypt.nl
FQDNns0.dnscrypt.nl
IPv4 address45.76.35.212
IPv6 address2001:19f0:5001:30a:5400:ff:fe58:7140
Port443

Provider key and DNS stamps

# Provider key
4C84:FB8C:0511:5DFA:5F97:C5ED:0329:1370:C78A:BCD6:4E15:DD53:AB08:DE72:FB84:4ACA
# dnscrypt.nl-ns0
sdns://AQcAAAAAAAAADDQ1Ljc2LjM1LjIxMiBMhPuMBRFd-l-Xxe0DKRNwx4q81k4V3VOrCN5y-4RKyh8yLmRuc2NyeXB0LWNlcnQubnMwLmRuc2NyeXB0Lm5s

# dnscrypt.nl-ns0-ipv6
sdns://AQcAAAAAAAAAJlsyMDAxOjE5ZjA6NTAwMTozMGE6NTQwMDpmZjpmZTU4OjcxNDBdIEyE-4wFEV36X5fF7QMpE3DHirzWThXdU6sI3nL7hErKHzIuZG5zY3J5cHQtY2VydC5uczAuZG5zY3J5cHQubmw

Verification

Server details can be verified by checking out my Keybase public files which are PGP signed by me. Alternatively use dig as shown below.

dig A +short +dnssec ns0.dnscrypt.nl
dig TXT +short +dnssec pkey.ns0.dnscrypt.nl
dig TXT +short +dnssec pname.ns0.dnscrypt.nl
dig TXT +short +dnssec sname.ns0.dnscrypt.nl
dig TXT +short +dnssec ips.ns0.dnscrypt.nl
dig TXT +short +dnssec port.ns0.dnscrypt.nl
dig TXT +short +dnssec stamp.ipv4.ns0.dnscrypt.nl
dig TXT +short +dnssec stamp.ipv6.ns0.dnscrypt.nl

To verify that you are actually making use of the server do a DNS Leak test.

Vultr promo banner

More …

DNS Flag Day

DNSCrypt.nl is DNS Flag Day ready.

Hereby a short announcement that the dnscrypt.nl service is DNS Flag Day ready and will work without any issues later on.

dnscypt.nl passes all tests

For a detailed test result visit EDNS Compliance Tester.

The DNS server Unbound will be upgraded to version 1.9.0 on or around February 1st once they release it.

For more information visit dnsflagday.net

Upgraded server

After seeing more increase of memory usage, almost to the max, I decided to upgrade the server. It has been upgraded from Intel Broadwell 1GB memory to Intel Skylake with 2 GB memory.

I will continue upgrading it in the future if it needs to.

Enjoy!

Upgraded to DNSCrypt v2 and to Unbound.

As of today you can enjoy using “dnscrypt.nl-ns0” and “dnscrypt.nl-ns0-ipv6” with even better security and performance. The DNSCrypt server has been updated from the old v1 to the new v2 protocol. The DNS server Bind has been replaced by Unbound.

Made numerous optimizations for better security and performance. Not based on the DNSCrypt server Docker image.