Skip to content


Repository files navigation


Danse is a DNS resolver which receives packets over conventional DNS(UDP) and resolves it by talking to another resolver over DNS over HTTPS(DoH) or DNS Over TLS(DoT) or DNSCrypt. DoH/DoT/DNSCrypt would reduce any snooping by ISP or any middlemen since the requests would be encrypted.

This would allow any application which doesn't support DoH/DoT/DNSCrypt still use DoH/DoT/DNSCrypt. Danse is supposed to be run locally or on a local network. There is no point running this over internet since DNS queries then wouldn't be encrypted between your device and Danse.


$ danse -config /etc/danse/config.toml

Sample config:

# Address for danse to listen on.
bind_address = ""

# Only used for resolving resolver url. No queries received by danse will be sent here. Default is
bootstrap_address = ""

# Urls for resolvers.

# Type of resolver. Can be doh or dot or dnscrypt.
type = "doh"

# Resolver URLs.
urls = ["", ""]

# Should the answers be cached according to ttl. Default is true.
cache = true

# Maximum records to cache.
max_items = 10000

# Config for logging
# Log level
log_level = "info"

# Logs all queries to stdout. Default is false.
log_queries = true

A sample config file with all the fields can be found at config.sample.toml.


  • Caching
  • Load Balance to multiple DoH providers for improved privacy
  • Option to log queries
  • Option to provide a bootstrap DNS server for resolving the given urls
  • Support for Dns Over TLS


DNS proxy for enabling any application to use DNS Over HTTPS/DNS Over TLS/DNSCrypt







No packages published