Add Encrypted DNS providers table

[nitrohorse]

Description

Resolves: #1077
Resolves: #1068
Resolves: #1070

[netlify]

Deploy preview for privacytools-io ready!

Built with commit 115c893

https://deploy-preview-1097--privacytools-io.netlify.com

[netlify]

Deploy preview for privacytools-io ready!

Built with commit 9f661d8

https://deploy-preview-1097--privacytools-io.netlify.com

[Mikaela]

I love it, but have just a few change suggestions

[Mikaela]

I remembered ambiguosiity in filtering and wonder if it should be addressed more clearly.

[Mikaela]

Sorry, I forgot to look at the code and preview after my previous comments, I think this will be great 👍

However reading the table I spotted that DNSCrypt is twice misspelled as DNScrypt which makes it seem a bit unclear to me.

[Mikaela]

Feedback from friends:

---

I find the term "DNS provider" slightly confusing as it's rather overloaded. Not sure if I can come up with a better one that doesn't sound like technical mumbo-jumbo.

I really think there ought to be a paragraph about how DNS resolvers are different service from authoritative DNS hosts. And perhaps something about setting up your own as that's really easy, especially if you have *wrt device for a router already.

We have issues for the later already, #1055 and privacytoolsio/guides.privacytools.io#9

---

The sorting is weird, if you sort by Protocol, it's alphabetic and DoH, DoT should rank higher than just DoH. When sorted by filtering, ? should rank the same as N.

I don't know if that is easy to fix?

Edit:

with the protocols you could maybe get the len() of the CSV
and then do alpha as a secondary sort

[ghbjklhv1]

I understand the initiative, but it doesn't make sense under the current state of DNS.
Here are some notes:

---

Only 2 support DNS-Over TOR: Only Cloudflare and Foundation for Applied Privacy use TOR.
None use I2p: None of the recommendations use, i2p.
Maybe not a huge issue, but I would like to see more of this.
Only OpenNic has a larger list of TLDs:
Only OpenNic supports uncommon TLDs like .bit.
https://www.wikipedia.org/wiki/OpenNIC#OpenNIC_namespaces

---

In my opinion, the current state of DNS sucks.

IMO, we need to inform them by adding tabs like supports i2p, Supports TOR, Uses Free Software, and Supports NameCoin. Preferably, requiring them to at least use/support one of these.

---

Edit: Why isn't OpenNic listed?

[ghbjklhv1]

What might be a better idea is to instead have a sortable table of no logging OpenNic Servers.
Basically anybody can host a OpenNic server, so it is very democratic. :)

[Mikaela]

Only 2 support DNS-Over TOR: Only Cloudflare and Foundation for Applied Privacy use TOR.

And the two that do support DNS over Tor mean two different things by it (https://github.com/privacytoolsIO/privacytools.io/pull/1097/#discussion_r311923362) and the original DNS over Tor would mean

DNSPort [address:]port|auto [isolation flags]
    If non-zero, open this port to listen for UDP DNS requests, and resolve them anonymously. This port only handles A, AAAA, and PTR
    requests---it doesn’t handle arbitrary DNS request types. Set the port to "auto" to have Tor pick a port for you. This directive
    can be specified multiple times to bind to multiple addresses/ports. See SocksPort for an explanation of isolation flags. (Default:
    0)

from man torrc.

None use I2p: None of the recommendations use, i2p.

Do you have any recommendations that support DNS over I2P? I am not aware of any and I think Nitrohorse would have suggested them if he knew.

Only OpenNic has a larger list of TLDs:
Only OpenNic supports uncommon TLDs like .bit.
https://www.wikipedia.org/wiki/OpenNIC#OpenNIC_namespaces

This is a separate issue, but do those have valid SSL certitificates or are they all plain text? We are already recommending OpenNIC on the top of the page though.

In my opinion, the current state of DNS sucks.

I guess there is always room for improvement.

IMO, we need to inform them by adding tabs like supports i2p, Supports TOR, Uses Free Software, and Supports NameCoin. Preferably, requiring them to at least use/support one of these.

I don't see additional value of them.

Edit: Why isn't OpenNic listed?

Because it's already listed. https://www.privacytools.io/providers/dns/#dns

What might be a better idea is to instead have a sortable table of 'no logging' OpenNic Servers.
Basically anybody can host a OpenNic server, so it is very democratic. :)

OpenNIC doesn't fullfil our requirement of supporting DNS over TLS or DNS over HTTPS, I have opened an issue at opennic/opennic-web#68. OpenNIC servers are also already listed at https://servers.opennic.org/ (see also the previous link).

[nitrohorse]

IMO, we need to inform them by adding tabs like supports i2p, Supports TOR, Uses Free Software, and Supports NameCoin

Thanks for the suggestions, @ghbjklhv1! I don't think a table with this criteria should override this table. Rather be in addition to possibly (or in the future add additional columns)? We'll need to iterate over and clarify DNS-over-Tor/I2P + NameCoin support more (I'm still learning), and I think having this table for encrypted ICANN DNS resolvers that support DoH/DoT/DNSCrypt is valuable for PTIO users now (and also a good launching point for enhancing the DNS page overall).

[nitrohorse]

I am not sure if the source_code file needs updating in this case as you already linked sources everywhere.

Ah, good catch -- I don't mind; I think it'll be useful to add 👍

[Mikaela]

I have some small comments, but am impatient to get this merged. How about you @blacklight447-ptio ?

[blacklight447]

I'm fine with the merge, on the cloudflare thing, most critisms seem to be mostly speculation. I dislike them for captchaing tor users, but they do seem to improve the situation by design alt SVC onions. They also do a lot of other good stuff like rolling out encrypted sni.

[Mikaela]

👍