DNSCrypt

DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers.

It is available for a variety of operating systems, including Unix, Apple iOS, Linux, Android, and Microsoft Windows.

OpenDNS (now a part of Cisco) announced the first public DNS service supporting DNSCrypt on 6 December 2011, shortly followed by CloudNS Australia.

[2]: §13 The DNSCrypt protocol can also be used for access control or accounting, by accepting only a predefined set of public keys.

[2]: §13 Queries and responses are encrypted using the same algorithm and padded to a multiple of 64 bytes in order to avoid leaking packet sizes.

Over UDP, when a response would be larger than the question leading to it, a server can respond with a short packet whose TC (truncated) bit has been set.

[11] Deployment of Anonymized DNSCrypt started in October 2019, and the protocol adoption was fast, with 40 DNS relays being set up only two weeks after the public availability of client and server implementations.

dnscrypt-proxy, a DNSCrypt client running on Linux