diff --git a/README.md b/README.md
index 4ce84c0..445f361 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,12 @@ This repository contains the following categories split into multiple files:
 - [phishing.txt](./lists/phishing.txt): Services that engage in credential fishing.
 - [telemetry.txt](./lists/telemetry.txt): Services that collect application telemetry.
 - [tracking-other.txt](./lists/tracking-other.txt): Services that are believed to serve ads or track users, but their exact use is unknown or not categorized.
+- [securedns.txt](./lists/securedns.txt): Services that provide secure DNS resolving. Used for bypass prevention.
+- [securedns-ip4.txt](./lists/securedns-ip4.txt): Same, but IPv4 addresses.
+- [securedns-ip6.txt](./lists/securedns-ip6.txt): Same, but IPv6 addresses.
+- [p2p.txt](./lists/p2p.txt): Services that provide STUN, TURN, ICE or similar services that expose the user's IP address and enable peer to peer networking behind NAT. Used for advanced privacy protection.
+- [p2p-ip4.txt](./lists/p2p-ip4.txt): Same, but IPv4 addresses.
+- [p2p-ip6.txt](./lists/p2p-ip6.txt): Same, but IPv6 addresses.
 
 ## Contributing
 
diff --git a/lists/p2p-ip4.txt b/lists/p2p-ip4.txt
new file mode 100644
index 0000000..5ffb482
--- /dev/null
+++ b/lists/p2p-ip4.txt
@@ -0,0 +1,8 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
+
+113.32.111.126
+113.32.111.127
+203.183.172.196
+23.21.150.121
diff --git a/lists/p2p-ip6.txt b/lists/p2p-ip6.txt
new file mode 100644
index 0000000..7190d9f
--- /dev/null
+++ b/lists/p2p-ip6.txt
@@ -0,0 +1,3 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
diff --git a/lists/p2p.txt b/lists/p2p.txt
new file mode 100644
index 0000000..53821f9
--- /dev/null
+++ b/lists/p2p.txt
@@ -0,0 +1,283 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
+
+iphone-stun.strato-iphone.de
+numb.viagenie.ca
+s1.taraba.net
+s1.voipstation.jp
+s2.taraba.net
+s2.voipstation.jp
+sip1.lakedestiny.cordiaip.com
+stun.12connect.com
+stun.12voip.com
+stun.1und1.de
+stun.2talk.co.nz
+stun.2talk.com
+stun.3clogic.com
+stun.3cx.com
+stun.a-mm.tv
+stun.aa.net.uk
+stun.acrobits.cz
+stun.actionvoip.com
+stun.advfn.com
+stun.aeta-audio.com
+stun.aeta.com
+stun.alltel.com.au
+stun.altar.com.pl
+stun.annatel.net
+stun.antisip.com
+stun.arbuz.ru
+stun.avigora.com
+stun.avigora.fr
+stun.awa-shima.com
+stun.awt.be
+stun.b2b2c.ca
+stun.bahnhof.net
+stun.barracuda.com
+stun.bcs2005.net
+stun.bluesip.net
+stun.bmwgs.cz
+stun.botonakis.com
+stun.budgetphone.nl
+stun.budgetsip.com
+stun.cablenet-as.net
+stun.callromania.ro
+stun.callwithus.com
+stun.cbsys.net
+stun.chathelp.ru
+stun.cheapvoip.com
+stun.ciktel.com
+stun.cloopen.com
+stun.colouredlines.com.au
+stun.comfi.com
+stun.commpeak.com
+stun.comtube.com
+stun.comtube.ru
+stun.cope.es
+stun.counterpath.com
+stun.counterpath.net
+stun.cryptonit.net
+stun.darioflaccovio.it
+stun.datamanagement.it
+stun.dcalling.de
+stun.decanet.fr
+stun.demos.ru
+stun.develz.org
+stun.dingaling.ca
+stun.doublerobotics.com
+stun.drogon.net
+stun.duocom.es
+stun.dus.net
+stun.e-fon.ch
+stun.easybell.de
+stun.easycall.pl
+stun.easyvoip.com
+stun.efficace-factory.com
+stun.einsundeins.com
+stun.einsundeins.de
+stun.ekiga.net
+stun.epygi.com
+stun.etoilediese.fr
+stun.eyeball.com
+stun.faktortel.com.au
+stun.freecall.com
+stun.freeswitch.org
+stun.freevoipdeal.com
+stun.fuzemeeting.com
+stun.fwdnet.net
+stun.gmx.de
+stun.gmx.net
+stun.gradwell.com
+stun.halonet.pl
+stun.hellonanu.com
+stun.hoiio.com
+stun.hosteurope.de
+stun.ideasip.com
+stun.imesh.com
+stun.infra.net
+stun.internetcalls.com
+stun.intervoip.com
+stun.ipcomms.net
+stun.ipfire.org
+stun.ippi.fr
+stun.ipshka.com
+stun.iptel.org
+stun.irian.at
+stun.it1.hr
+stun.ivao.aero
+stun.jappix.com
+stun.jumblo.com
+stun.justvoip.com
+stun.kanet.ru
+stun.kiwilink.co.nz
+stun.kundenserver.de
+stun.l.google.com
+stun.l.google.com:19302
+stun.linea7.net
+stun.linphone.org
+stun.liveo.fr
+stun.lowratevoip.com
+stun.lugosoft.com
+stun.lundimatin.fr
+stun.magnet.ie
+stun.manle.com
+stun.mgn.ru
+stun.mit.de
+stun.mitake.com.tw
+stun.miwifi.com
+stun.modulus.gr
+stun.mozcom.com
+stun.myvoiptraffic.com
+stun.mywatson.it
+stun.nas.net
+stun.neotel.co.za
+stun.netappel.com
+stun.netappel.fr
+stun.netgsm.com.tr
+stun.nextcloud.com
+stun.nfon.net
+stun.noblogs.org
+stun.noc.ams-ix.net
+stun.node4.co.uk
+stun.nonoh.net
+stun.nottingham.ac.uk
+stun.nova.is
+stun.nventure.com
+stun.on.net.mk
+stun.ooma.com
+stun.ooonet.ru
+stun.oriontelekom.rs
+stun.outland-net.de
+stun.ozekiphone.com
+stun.patlive.com
+stun.personal-voip.de
+stun.petcube.com
+stun.phone.com
+stun.phoneserve.com
+stun.pjsip.org
+stun.poivy.com
+stun.powerpbx.org
+stun.powervoip.com
+stun.ppdi.com
+stun.prizee.com
+stun.qq.com
+stun.qvod.com
+stun.rackco.com
+stun.rapidnet.de
+stun.rb-net.com
+stun.refint.net
+stun.remote-learner.net
+stun.rixtelecom.se
+stun.rockenstein.de
+stun.rolmail.net
+stun.rounds.com
+stun.rynga.com
+stun.samsungsmartcam.com
+stun.schlund.de
+stun.services.mozilla.com
+stun.sigmavoip.com
+stun.sip.us
+stun.sipdiscount.com
+stun.sipgate.net
+stun.sipgate.net:10000
+stun.siplogin.de
+stun.sipnet.net
+stun.sipnet.ru
+stun.siportal.it
+stun.sippeer.dk
+stun.siptraffic.com
+stun.skylink.ru
+stun.sma.de
+stun.smartvoip.com
+stun.smsdiscount.com
+stun.snafu.de
+stun.softjoys.com
+stun.solcon.nl
+stun.solnet.ch
+stun.sonetel.com
+stun.sonetel.net
+stun.sovtest.ru
+stun.sparvoip.de
+stun.speedy.com.ar
+stun.spokn.com
+stun.srce.hr
+stun.ssl7.net
+stun.stunprotocol.org
+stun.stunprotocol.prg
+stun.symform.com
+stun.symplicity.com
+stun.sysadminman.net
+stun.t-online.de
+stun.tagan.ru
+stun.tatneft.ru
+stun.teachercreated.com
+stun.tel.lu
+stun.telbo.com
+stun.telefacil.com
+stun.tis-dialog.ru
+stun.tng.de
+stun.twt.it
+stun.u-blox.com
+stun.ucallweconn.net
+stun.ucsb.edu
+stun.ucw.cz
+stun.uls.co.za
+stun.unseen.is
+stun.usfamily.net
+stun.veoh.com
+stun.vidyo.com
+stun.vipgroup.net
+stun.virtual-call.com
+stun.viva.gr
+stun.vivox.com
+stun.vline.com
+stun.vo.lu
+stun.vodafone.ro
+stun.voicetrading.com
+stun.voip.aebc.com
+stun.voip.blackberry.com
+stun.voip.eutelia.it
+stun.voiparound.com
+stun.voipblast.com
+stun.voipbuster.com
+stun.voipbusterpro.com
+stun.voipcheap.co.uk
+stun.voipcheap.com
+stun.voipdiscount.com
+stun.voipfibre.com
+stun.voipgain.com
+stun.voipgate.com
+stun.voipinfocenter.com
+stun.voipplanet.nl
+stun.voippro.com
+stun.voipraider.com
+stun.voipstunt.com
+stun.voipwise.com
+stun.voipzoom.com
+stun.vopium.com
+stun.voxgratia.org
+stun.voxox.com
+stun.voys.nl
+stun.voztele.com
+stun.vyke.com
+stun.webcalldirect.com
+stun.whoi.edu
+stun.wifirst.net
+stun.wtfismyip.com
+stun.wwdl.net
+stun.xs4all.nl
+stun.xten.com
+stun.xtratelecom.es
+stun.yesss.at
+stun.zadarma.com
+stun.zadv.com
+stun.zoiper.com
+stun01.sipphone.com
+stun1.faktortel.com.au
+stun1.l.google.com
+stun1.voiceeclipse.net
+stun2.l.google.com
+stun3.l.google.com
+stun4.l.google.com
+stunserver.org
diff --git a/lists/securedns-ip4.txt b/lists/securedns-ip4.txt
new file mode 100644
index 0000000..ccfa601
--- /dev/null
+++ b/lists/securedns-ip4.txt
@@ -0,0 +1,89 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
+
+# Resolved from securedns.txt
+# `for domain in $(cat list.txt); do dig +short $domain A; echo "# $domain"; done`
+# Plus, manually editing
+1.0.0.1 # cloudflare-dns.com
+1.0.0.2 # security.cloudflare-dns.com
+1.0.0.3 # family.cloudflare-dns.com
+1.1.1.1 # cloudflare-dns.com
+1.1.1.2 # security.cloudflare-dns.com
+1.1.1.3 # family.cloudflare-dns.com
+# 104.16.0.0/12 (-104.31) is all CloudFlare
+116.202.176.26 # doh.libredns.gr
+130.59.31.248 # dns.switch.ch
+130.59.31.251 # dns.switch.ch
+136.144.215.158 # doh.powerdns.org
+139.59.48.222 # doh.captnemo.in
+146.112.41.2 # doh.opendns.com
+146.112.41.3 # doh.familyshield.opendns.com
+149.112.112.10 # dns10.quad9.net
+149.112.112.11 # dns11.quad9.net
+149.112.112.112 # dns.quad9.net
+149.112.112.9 # dns9.quad9.net
+149.112.121.10 # private.canadianshield.cira.ca
+149.112.121.20 # protected.canadianshield.cira.ca
+149.112.121.30 # family.canadianshield.cira.ca
+149.112.122.10 # private.canadianshield.cira.ca
+149.112.122.20 # protected.canadianshield.cira.ca
+149.112.122.30 # family.canadianshield.cira.ca
+159.69.198.101 # doh-de.blahdns.com
+168.235.81.167 # dns-nyc.aaflalo.me
+172.104.13.242 # commons.host
+172.104.93.80 # jp.tiar.app
+172.65.3.223 # adblock.mydns.network
+174.138.29.175 # doh.tiar.app
+174.68.248.77 # dohdot.coxlab.net
+176.103.130.130 # dns.adguard.com
+176.103.130.131 # dns.adguard.com
+176.103.130.132 # dns-family.adguard.com
+176.103.130.134 # dns-family.adguard.com
+176.56.236.175 # dns.aaflalo.me
+176.9.1.117 # dnsforge.de
+176.9.93.198 # dnsforge.de
+178.62.214.105 # jcdns.fun
+185.134.196.54 # rdns.faelix.net
+185.134.197.54 # rdns.faelix.net
+185.213.26.187 # doh.eastus.pi-dns.com
+185.216.27.142 # doh.42l.fr
+185.228.168.10 # doh.cleanbrowsing.org
+185.228.168.168 # doh.cleanbrowsing.org
+185.233.106.232 # dns.dnshome.de
+185.233.107.4 # dns.dnshome.de
+185.235.81.1 # doh.dnslify.com
+185.26.126.37 # dns.hostux.net
+185.43.135.1 # odvr.nic.cz
+185.95.218.42 # dns.digitale-gesellschaft.ch
+185.95.218.43 # dns.digitale-gesellschaft.ch
+210.17.9.228 # dns.twnic.tw
+217.169.20.22 # dns.aa.net.uk
+217.169.20.23 # dns.aa.net.uk
+35.198.2.76 # ibuki.cgnat.net
+35.230.160.38 # doh.blockerdns.com
+35.237.220.84 # doh.blockerdns.com
+45.32.55.94 # doh-jp.blahdns.com
+45.67.219.208 # doh.westus.pi-dns.com
+45.76.113.31 # doh.seby.io
+45.77.180.10 # dns.containerpi.com
+45.90.28.0 # dns.nextdns.io
+45.90.30.0 # dns.nextdns.io
+46.101.66.244 # doh.li
+46.227.200.54 # rdns.faelix.net
+46.227.200.55 # rdns.faelix.net
+46.239.223.80 # dns.flatuslifir.is
+51.158.147.50 # resolver-eu.lelux.fi
+8.8.4.4 # dns.google
+8.8.8.8 # dns.google
+85.5.93.230 # ibksturm.synology.me
+88.198.91.187 # doh.centraleu.pi-dns.com
+9.9.9.10 # dns10.quad9.net
+9.9.9.11 # dns11.quad9.net
+9.9.9.9 # dns.quad9.net
+9.9.9.9 # dns9.quad9.net
+94.130.106.88 # doh.applied-privacy.net
+95.216.181.228 # doh.northeu.pi-dns.com
+95.216.212.177 # doh-fi.blahdns.com
+95.216.229.153 # fi.doh.dns.snopyta.org
+96.113.151.149 # doh.xfinity.com
diff --git a/lists/securedns-ip6.txt b/lists/securedns-ip6.txt
new file mode 100644
index 0000000..5bfb5cd
--- /dev/null
+++ b/lists/securedns-ip6.txt
@@ -0,0 +1,77 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
+
+# Resolved from securedns.txt
+# `for domain in $(cat list.txt); do dig +short $domain AAAA; echo "# $domain"; done`
+# Plus, manually editing
+2001:148f:fffe::1 # odvr.nic.cz
+2001:19f0:7001:3259:5400:2ff:fe71:bc9 # doh-jp.blahdns.com
+2001:19f0:7001:5554:5400:2ff:fe57:3077 # dns.containerpi.com
+2001:4860:4860::8844 # dns.google
+2001:4860:4860::8888 # dns.google
+2001:4b98:dc2:43:216:3eff:fe86:1d28 # dns.hostux.net
+2001:558:fe21:6b:96:113:151:149 # doh.xfinity.com
+2001:620:0:ff::2 # dns.switch.ch
+2001:620:0:ff::3 # dns.switch.ch
+2001:678:888:69:c45d:2738:c3f2:1878 # dns.flatuslifir.is
+2001:8b0::2022 # dns.aa.net.uk
+2001:8b0::2023 # dns.aa.net.uk
+2001:bc8:2db9:100::853 # resolver-eu.lelux.fi
+2001:c50:ffff:1:101:101:101:101 # dns.twnic.tw
+2400:6180:0:d0::5f73:4001 # doh.tiar.app
+2400:8902::f03c:91ff:feda:c514 # jp.tiar.app
+2604:180:f3::42 # dns-nyc.aaflalo.me
+2604:a880:1:20::51:f001 # dns.dnsoverhttps.net
+# 2606:4700::/32 is all CloudFlare
+2606:4700:4700::1001 # cloudflare-dns.com
+2606:4700:4700::1002 # security.cloudflare-dns.com
+2606:4700:4700::1003 # family.cloudflare-dns.com
+2606:4700:4700::1111 # cloudflare-dns.com
+2606:4700:4700::1112 # security.cloudflare-dns.com
+2606:4700:4700::1113 # family.cloudflare-dns.com
+2620:10a:80bb::10 # private.canadianshield.cira.ca
+2620:10a:80bb::20 # protected.canadianshield.cira.ca
+2620:10a:80bb::30 # family.canadianshield.cira.ca
+2620:10a:80bc::10 # private.canadianshield.cira.ca
+2620:10a:80bc::20 # protected.canadianshield.cira.ca
+2620:10a:80bc::30 # family.canadianshield.cira.ca
+2620:119:fc::2 # doh.opendns.com
+2620:119:fc::3 # doh.familyshield.opendns.com
+2620:fe::10 # dns10.quad9.net
+2620:fe::11 # dns11.quad9.net
+2620:fe::9 # dns.quad9.net
+2620:fe::9 # dns9.quad9.net
+2620:fe::fe # dns.quad9.net
+2620:fe::fe:10 # dns10.quad9.net
+2620:fe::fe:11 # dns11.quad9.net
+2620:fe::fe:9 # dns9.quad9.net
+2a00:5a60::ad1:ff # dns.adguard.com
+2a00:5a60::ad2:ff # dns.adguard.com
+2a00:5a60::bad1:ff # dns-family.adguard.com
+2a00:5a60::bad2:ff # dns-family.adguard.com
+2a00:d880:5:bf0::7c93 # dns.aaflalo.me
+2a01:4f8:141:316d::117 # dnsforge.de
+2a01:4f8:151:34aa::198 # dnsforge.de
+2a01:4f8:1c0c:8233::1 # doh.centraleu.pi-dns.com
+2a01:4f8:1c1c:6b4b::1 # doh-de.blahdns.com
+2a01:4f8:c0c:83ed::1 # doh.applied-privacy.net
+2a01:4f9:2a:1919::21 # fi.doh.dns.snopyta.org
+2a01:4f9:c010:43ce::1 # doh-fi.blahdns.com
+2a01:4f9:c01f:4::abcd # doh.northeu.pi-dns.com
+2a01:7c8:d002:1ef:5054:ff:fe40:3703 # doh.powerdns.org
+2a01:9e00::54 # rdns.faelix.net
+2a01:9e00::55 # rdns.faelix.net
+2a01:9e01::54 # rdns.faelix.net
+2a01:9e01::55 # rdns.faelix.net
+2a02:1205:5055:de60:b26e:bfff:fe1d:e19b # ibksturm.synology.me # ibuki.cgnat.net # jcdns.fun
+2a03:4000:24:361::6e73:32 # dns.dnshome.de
+2a03:4000:24:688::6e73:31 # dns.dnshome.de
+2a04:bdc7:100:70::abcd # doh.westus.pi-dns.com
+2a05:fc84::42 # dns.digitale-gesellschaft.ch
+2a05:fc84::43 # dns.digitale-gesellschaft.ch
+2a07:a8c0:: # dns.nextdns.io
+2a07:a8c1:: # dns.nextdns.io
+2a0d:4d00:81::1 # doh.dnslify.com
+2a0d:5600:33:3::abcd # doh.eastus.pi-dns.com
+libredns.gr. # doh.libredns.gr
diff --git a/lists/securedns.txt b/lists/securedns.txt
new file mode 100644
index 0000000..59569c6
--- /dev/null
+++ b/lists/securedns.txt
@@ -0,0 +1,71 @@
+# Copyright by Intel-Data Authors
+# Managed by Safing at https://github.com/safing/intel-data
+# License: CC-BY-SA-4.0
+
+# From https://github.com/curl/curl/wiki/DNS-over-HTTPS
+adblock.mydns.network
+cloudflare-dns.com
+commons.host
+dns-family.adguard.com
+dns-nyc.aaflalo.me
+dns.aa.net.uk
+dns.aaflalo.me
+dns.adguard.com
+dns.containerpi.com
+dns.digitale-gesellschaft.ch
+dns.dns-over-https.com
+dns.dnshome.de
+dns.dnsoverhttps.net
+dns.flatuslifir.is
+dns.google
+dns.hostux.net
+dns.nextdns.io
+dns.quad9.net
+dns.switch.ch
+dns.twnic.tw
+dns10.quad9.net
+dns11.quad9.net
+dns9.quad9.net
+dnsforge.de
+doh-de.blahdns.com
+doh-fi.blahdns.com
+doh-jp.blahdns.com
+doh.42l.fr
+doh.applied-privacy.net
+doh.armadillodns.net
+doh.blockerdns.com
+doh.captnemo.in
+doh.centraleu.pi-dns.com
+doh.cleanbrowsing.org
+doh.crypto.sx
+doh.dns.sb
+doh.dnslify.com
+doh.eastus.pi-dns.com
+doh.familyshield.opendns.com
+doh.ffmuc.net
+doh.li
+doh.libredns.gr
+doh.northeu.pi-dns.com
+doh.opendns.com
+doh.powerdns.org
+doh.seby.io
+doh.tiar.app
+doh.tiarap.org
+doh.westus.pi-dns.com
+doh.xfinity.com
+dohdot.coxlab.net
+family.canadianshield.cira.ca
+family.cloudflare-dns.com
+fi.doh.dns.snopyta.org
+ibksturm.synology.me
+ibuki.cgnat.net
+jcdns.fun
+jp.tiar.app
+jp.tiarap.org
+mozilla.cloudflare-dns.com
+odvr.nic.cz
+private.canadianshield.cira.ca
+protected.canadianshield.cira.ca
+rdns.faelix.net
+resolver-eu.lelux.fi
+security.cloudflare-dns.com
diff --git a/lists/sources.yml b/lists/sources.yml
index 64856b3..4c6f546 100644
--- a/lists/sources.yml
+++ b/lists/sources.yml
@@ -515,3 +515,23 @@ sources:
     website: "https://github.com/mkb2091/blockconvert"
     contribute: "https://github.com/mkb2091/blockconvert/issues"
     license: "GPL-3.0"
+
+  - name: "Safing Special List: Secure DNS Resolvers"
+    id: "17-DNS"
+    description: "Services that provide secure DNS resolvers that could be used to bypass the Portmaster."
+    url: "https://raw.githubusercontent.com/safing/intel-data/master/lists/securedns.txt"
+    type: "Domain"
+    parser: "domainlist"
+    website: "https://github.com/safing/intel-data"
+    contribute: "https://github.com/safing/intel-data"
+    license: "CC-BY-SA-4.0"
+
+  - name: "Safing Special List: P2P Assistive Infrastructure"
+    id: "17-P2P"
+    description: "Services that provide STUN, TURN, ICE or similar services that expose the user's IP address and enable peer to peer networking behind NAT. Used for advanced privacy protection."
+    url: "https://raw.githubusercontent.com/safing/intel-data/master/lists/p2p.txt"
+    type: "Domain"
+    parser: "domainlist"
+    website: "https://github.com/safing/intel-data"
+    contribute: "https://github.com/safing/intel-data"
+    license: "CC-BY-SA-4.0"