Our Infrastructure
The UK DNS Privacy Project operates a highly secure, redundant, and privacy-focused recursive DNS infrastructure. Our system is designed to ensure fast, reliable, and private DNS resolution for users while supporting modern encryption standards like DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ).
At the core of our infrastructure, we use four geographically distributed recursive DNS clusters:
-
London:
resolver-1.dnsprivacy.org.ukandns1.dnsprivacy.org.ukclusters. -
Manchester:
resolver-2.dnsprivacy.org.ukandns2.dnsprivacy.org.ukclusters.
Traffic to each of these clusters is balanced via BGP (Border Gateway Protocol), ensuring high availability and load distribution. Each location features both resolvers and a primary name servers with distinct logging policies to maintain privacy while providing necessary operational data.
Our management layer connects to both geographic clusters and includes several critical components:
- redis: Distributes configuration changes to all clusters, ensuring consistent behavior across the infrastructure
- dnstap: Collects aggregated query statistics from resolvers and detailed query information from primary name servers
- database: Stores configuration and metrics for analysis and monitoring
- web: Hosts our public website and API services
Logging
Our privacy-focused approach employs different logging policies based on server type:
- Resolver servers (resolver-1, resolver-2) never log individual queries, only maintaining aggregate statistics about query volumes and types to ensure service quality.
- Primary name servers (ns1, ns2) log the requested DNS names and record types for operational security and troubleshooting.