Networking - DNS - Stubby

Stubby is an open-source DNS stub resolver which supports DNS over TLS by default and therefore it will only send DNS requests encrypted.

NOTE: A stub resolver is a small DNS client on the end-user’s computer that receives DNS requests from applications such as Firefox and forwards requests to a recursive resolver like 1.1.1.1 or 8.8.8.8.

There are other stub resolvers that also support DNS over HTTPS, such as cloudflared, but Stubby is very easy to use.

Stubby uses only DNS-over-TLS to provide privacy, it does not implement DNSCrypt. DNSCrypt is a method of authenticating communications between a DNS client and a DNS resolver; using cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with (the messages are still sent over UDP).


References

https://dnsprivacy.org/wiki/display/DP/About+Stubby