tl;dr: dnscry.pt will continue, but it has to become smaller, leaner, and more sustainable. I will no longer keep expensive or unreliable locations online at any cost. Future growth will focus on sponsored services, affordable locations, and infrastructure that does not turn the project into unpaid administrative work.
Nothing on the internet is truly free. Most of the time, you pay with your data. dnscry.pt has always been and will always be different.
I don't have any trackers on the website. No ads, no logs, and no selling of user data. The project exists because I believe privacy-respecting DNS should be available without hidden costs or shady trade-offs. But while dnscry.pt is free to use, it is not free to run.
At the moment, the project operates 164 resolvers worldwide, two management servers, web hosting, and rented network resources, including an /24 IPv4 network and a /40 IPv6 network intended for Anycast. There are some regular donations, and I am very grateful for them, but more than 95% of the costs are covered by me personally.
That is no longer sustainable.
The cost of living has increased, and providers are raising their prices too. I understand why: rent, electricity, hardware, and operations have become more expensive for them as well and they need to pass these on to their customers. But I have to draw a line somewhere. From now on, every price increase will be reviewed carefully, and services will be cancelled when they no longer make sense. Most resolvers are paid for one year in advance. When they come up for renewal, expensive locations will likely not be renewed.
The original goal was to cover as many locations around the world as possible. That goal still matters to me, but going forward, dnscry.pt will focus more on sponsored services and less on expensive or "exotic" hosting locations where servers are hard to find, costly to run, or unreliable in practice.
Running resolvers in many parts of the world creates a lot of hidden work. In some locations, there are only a few hosting providers available. Sometimes the only reasonably priced option turns out to be unreliable. For a DNS resolver, even brief interruptions can affect users. Short outages, packet loss, routing issues, broken IPv6, or inconsistent performance are immediately noticeable.
Working with providers to fix those issues is often time-consuming. Some are helpful and technically capable. Others are not. If a location constantly creates work without becoming stable, it will be removed.
IP changes are another recurring problem. Some are announced in advance. Some are not, so I need to spend time to figure out what's going on. IPv6 is especially frustrating, because many providers do not treat it with the same importance as IPv4. They handle it like a free, best-effort add-on instead of an integral part of the service. When IPv6 issues occur, they often just assign a new subnet, which of course does not solve the underlying problem, instead of investigating the root cause. This is frustrating.
Every IP change, whether IPv4 or IPv6, means manual work. The server has to be reconfigured, DNS records updated, provisioning playbooks re-run, resolver lists regenerated, the website updated, and everything tested again. If something breaks along the way, more troubleshooting follows.
Over the last months, I have lost motivation to work on dnscry.pt.
When I started the project, the technical side was the fun part: managing and automating a large number of servers, working with plain and encrypted DNS protocols, and learning about their details and quirks. But as the project grew, the administrative overhead grew with it. More invoices, more provider issues, more nonsense abuse reports, more support tickets.
That overhead now takes up too much of the time I spend on the project. I have to reduce it.
To be clear: most providers are fine. I pay the invoice, the service runs, and there is no interaction beyond that. That is exactly how it should be.
But a few providers have recently created unnecessary friction. Some tried to upsell. Some invented questionable reasons why the project supposedly violates their acceptable use or fair use policies. Some clearly do not like what dnscry.pt does. Engaging in those discussions takes time and energy I would rather spend improving the project.
There have also been fake abuse reports, including reports sent by Chinese university students, which some providers simply forwarded to me without reading them first, while demanding detailed explanations of what I was doing with the servers. In some cases, servers were suspended before I even had a chance to respond. That kind of work is exhausting, and it is not why I started dnscry.pt.
But there is one more thing that needs to change: user messages.
Recently, I have seen an increasing number of AI-generated support requests, suggestions, and complaints. If you do not take the time to write a few honest sentences yourself, I will no longer take the time to manually investigate your issue and write a personal response. I run dnscry.pt in my spare time. I do not get paid for it. In fact, I pay for it.
So the future of dnscry.pt is not about endless expansion anymore. It is about keeping the project useful, privacy-respecting, and sustainable without burning out the person maintaining it.
dnscry.pt is not going away. But it does need to become more focused. If you want to support the project, you can do so via LiberaPay or by donating to the XMR wallet.
Your support directly helps keep resolvers online -- especially in places where privacy-respecting infrastructure is expensive, rare, or difficult to maintain.