Our Infrastructure ​
The UK DNS Privacy Project operates a highly secure, redundant, and privacy-focused recursive DNS infrastructure. Our system is designed to ensure fast, reliable, and private DNS resolution for users while supporting modern encryption standards like DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ).
At the core of our infrastructure, we use two geographically distributed recursive DNS clusters:
- London: resolver-1.dnsprivacy.org.uk
- Manchester: resolver-2.dnsprivacy.org.uk
Traffic within each of these clusters is balanced via BGP (Border Gateway Protocol) and a round-robin DNS configuration, ensuring high availability and load distribution. Each resolver runs a load balancer that terminates SSL, and forwards requests to a high-performance recursive caching DNS server.
The recursive resolvers then interact with root servers, TLD (Top-Level Domain) servers, and authoritative DNS servers to resolve queries in a secure and efficient manner.
How it works ​
Our recursive DNS servers never log queries, ensuring complete privacy and security for users. Each query follows this resolution path:
- A user queries a domain (e.g., example.com).
- The request is directed to either resolver-1 (London) or resolver-2 (Manchester) for redundancy.
- Queries pass through a load balancer, which provides failover protection, rate-limiting, and protocol-aware filtering.
- The recursive resolver:
- Queries root servers to find the responsible TLD servers.
- Queries TLD servers to locate the authoritative name server.
- Queries authoritative name servers to retrieve the final IP address.
- The response is validated using DNSSEC to ensure authenticity and prevent DNS spoofing.
- If the query was sent using DoH, DoT, or DoQ, the response is fully encrypted.