Articles Security | Blog CaptainDNS

January 2026

Illustration: Surfshark DNS (public DNS resolver) with IPv4/IPv6 endpoints, DoH, and deployment options.

January 9, 2026

Surfshark DNS: how it works, benefits, and setup

Surfshark DNS is a free public DNS resolver (IPv4/IPv6, DoH) focused on privacy. Here's when to use it, how to configure it, and what to check.

Illustration: DNS4EU, European DNS resolver with Protective/Child/NoAds variants and encrypted DNS DoH/DoT.

January 7, 2026

DNS4EU: the European DNS resolver (DoH/DoT), profiles and setup

DNS4EU is a European public DNS with 5 variants (security, kids, ad blocking, neutral) and IPv4/IPv6 + DoH/DoT addresses. Deployment and verification guide.

Illustration: Gmail address change with alias and account retention

January 6, 2026

Change your Gmail address: an option rolling out at Google

Google documents a long-awaited feature: replace your @gmail.com while keeping your account, emails, and services. Here's how to prepare.

December 2025

Illustration: NextDNS, a customizable DNS resolver (DoH/DoT), filtering and profiles.

December 26, 2025

NextDNS DNS: how it works, benefits, and setup

NextDNS is a customizable DNS resolver: DoH/DoT encryption, filtering, profiles, and logs. Here’s how to deploy it cleanly at home or in an SMB.

Illustration: 1.1.1.1 (Cloudflare), a public DNS resolver with DoH/DoT/ODoH options and a privacy focus

December 23, 2025

Cloudflare DNS (1.1.1.1): privacy, DoH/DoT, deployment

1.1.1.1 is Cloudflare's public DNS resolver. Here's how to use it properly (addresses, DoH/DoT/ODoH, tests, pitfalls) and deploy it.

Illustration: Quad9 (9.9.9.9), a secure DNS resolver with filtering and encrypted transports (DoT/DoH).

December 19, 2025

Quad9 DNS (9.9.9.9): how it works, benefits, alternatives

Quad9 (9.9.9.9) is a public DNS resolver focused on security and privacy: malware blocking, DNSSEC validation, and encrypted DoT/DoH options. Here's how to deploy it properly.

December 16, 2025

BIMI, VMC, CMC: compatibility and DNS prerequisites (Gmail, Yahoo, Apple Mail)

Putting your logo in the inbox: what you actually need to configure in DNS for BIMI, and how to choose between VMC and CMC.

Diagram showing Gmail stopping POP fetching from external accounts in 2026

December 5, 2025

Gmail ends POP fetching from other accounts in 2026: impact and action plan

Starting January 2026, Gmail will no longer continuously fetch messages from external mailboxes via POP ("Check mail from other accounts"). Impacts, timeline, and alternatives for Gmail and Google Workspace users and admins.

Diagram comparing DoH3, DoQ and DoT in a modern DNS architecture

December 1, 2025

DoH3, DoQ and DoT: everything changing by late 2025

Panorama of encrypted DNS transports at the end of 2025: performance, network impact, security, and an action plan for infra teams.

November 2025

BIMI October 2025: lps=, ABNF, SVG/SVGZ formats and headers

November 13, 2025

BIMI Draft -11 dated 9 October 2025: what's changing and how to prepare

Revision -11 formalizes Local-Part Selectors (lps=), clarifies the discovery path, reaffirms SVG/SVGZ logos and reiterates DMARC and header requirements.

DKIM2: What's new, removals, timeline and impact

November 3, 2025

DKIM2: what's new, what's changing and key dates

Everything you need to know about DKIM2 at the end of 2025: principles, new headers, coexistence with DKIM/DMARC, the IETF draft timeline and a readiness plan.

October 2025

October 29, 2025

DMARCbis: every change (and how to get ready)

DMARCbis replaces RFC 7489, drops the PSL in favor of a DNS Tree Walk, adds 'psd', 'np' and 't', removes 'pct', 'ri' and 'rf', and splits reporting into two documents. Here's what it means...

What Is ARC (Authenticated Received Chain)?

October 23, 2025

ARC: keeping trust in an email as it crosses intermediaries

ARC (Authenticated Received Chain) lets every relay forward, sign, and seal the authentication results it observed so the final server can decide whether to trust the message.