Recommended Secure DNS Solutions on Various Platforms - neverending.org

I’ve done a lot of research into securing and encrypting DNS on all the platforms I have: Linux, Android, iOS, and Windows. I’ll make this short as to my recommendations for each platform.

Linux

On my Linux machines, I use dnscrypt-proxy as a system-wide proxy server.

Android

On my Android phone, After much experimentation, I recommend Nebulo, as being best balance of reliable, flexible, and less battery-draining. It supports DNS-over-HTTPS and DNS-over-TLS.

Cloudflare’s 1.1.1.1 is good alternative for a set-it-and-forget-it approach.

For devices that can handle more battery drain (for example, a tablet), I recommend using Cloudflare’s 1.1.1.1 with WARP enabled, as it secures all traffic at least past your ISP using the Wireguard protocol.

iOS

For iOS, I recommend DNSCloak, which supports the DNSCrypt protocol.

Windows

On Windows, I recommend Simple DNSCrypt, which supports DNSCrypt.

Which DNS Provider to Choose?

As a general rule, I prefer pointing my DNS clients towards Quad9, as it’s an independent, non-profit, non-logging, malware-domain filtering service. I believe Quad9’s privacy policy is good, and their malware-domain filtering seems better than Cloudflare’s and Cleanbrowsing’s, from various sources, i.e. DNS Malware Filtering Compared: Quad9 VS Cloudflare VS DNS Filter VS OpenDNS / Cisco Umbrella. Quad9 has also been responsive when I reported false positives in their filtering service.

If you are using Cloudflare’s DNS service, I highly recommend pointing your client towards its malware-filtering service. I do this for devices running 1.1.1.1 with WARP.

Technical: Which DNS Protocol to use?

If you are using a client that allows multiple protocols, this is my preference order

DNSCrypt
DNS-over-HTTPS (DoH)
DNS-over-TLS (DoT)

DNSCrypt is a simpler, more efficient protocol than the other two. From my experience, DNS-over-HTTPS is less likely to encounter traffic issues.