https://github.com/t145/white-bear

DoH, DoT, DNSCrypt, & DoQ provider whitelists and blacklists.
https://github.com/t145/white-bear

blacklist dns-over-https dns-over-quic dns-over-tcp dns-over-tls dnssec whitelist

Last synced: 6 months ago
JSON representation

DoH, DoT, DNSCrypt, & DoQ provider whitelists and blacklists.

• Host: GitHub
• URL: https://github.com/t145/white-bear
• Owner: T145
• License: agpl-3.0
• Created: 2022-05-22T22:22:17.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2022-06-15T22:49:08.000Z (over 3 years ago)
• Last Synced: 2025-02-05T23:02:59.324Z (8 months ago)
• Topics: blacklist, dns-over-https, dns-over-quic, dns-over-tcp, dns-over-tls, dnssec, whitelist
• Homepage:
• Size: 46.9 KB
• Stars: 4
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          


  

  
🏊🏿‍♀️ Delve | 📸 Demystify | 🛑 Deny

  


  
DoH, DoT, DNSCrypt, & DoQ provider whitelists and blacklists.

  
A spiritual successor to dohservers and TheGreatWall.

  


  

  

  

    

  



## 🖋️ Details

> There may be discovered exceptions and this section could be modified in the future.

[TheGreatWall's description](https://github.com/Sekhan/TheGreatWall#what-is-dns-over-https-doh-=) and [AdGuard's article on DoQ](https://adguard.com/en/blog/dns-over-quic.html) provide great overviews for DNS blacklisting and whitelisting.

When deciding whether or not to block a specific encrypted DNS provider domain, it's important to read their policies. Some have actually engineered services that focus on privacy and value the encryption provided by the technology, while others use it to harvest more information on their users.

Regardless of policy, however, it's safe to assume that *all* DoH (DNS-over-HTTPS) providers should be blocked due to [security considerations](https://datatracker.ietf.org/doc/html/rfc8484#section-9). This stems from the fact that HTTPS is **not** a transport layer protocol.

It's recommended to use `data/v2/doh.csv` as a blacklist and all other lists as a whitelist.

### List References

- https://dnsprivacy.org/test_servers/#stubby-configuration

  - https://raw.githubusercontent.com/getdnsapi/stubby/develop/stubby.yml.example

- https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

- https://kb.adguard.com/en/general/dns-providers

### TODO

- https://github.com/bebasid/bebasdns

- https://github.com/pengelana/blocklist/wiki/DNS-over-HTTPS-(DoH)