diff --git a/.gitignore b/.gitignore
index d9315494..c78d500d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,7 +39,7 @@ src/test/check_getdns_ev
 src/test/scratchpad
 src/test/scratchpad.c
 src/tools/getdns_query
-src/tools/stubby
+src/stubby
 doc/*.3
 src/getdns/getdns.h
 *.log
diff --git a/.gitmodules b/.gitmodules
index a79d3846..aa84f96e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,7 @@
 	path = src/jsmn
 	url = https://github.com/getdnsapi/jsmn.git
 	branch = getdns
+[submodule "stubby"]
+	path = stubby
+	url = https://github.com/getdnsapi/stubby.git
+	branch = master
diff --git a/Makefile.in b/Makefile.in
index 22350b55..5c46db2b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,7 +44,7 @@ libdir = @libdir@
 srcdir = @srcdir@
 INSTALL = @INSTALL@
 
-all : default @GETDNS_QUERY@ @STUBBY@
+all : default @GETDNS_QUERY@
 
 everything: default
 	cd src/test && $(MAKE)
@@ -52,7 +52,10 @@ everything: default
 default:
 	cd src && $(MAKE) $@
 
-install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
+install-lib:
+	cd src && $(MAKE) install
+
+install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
 	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@@ -66,8 +69,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
 	$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
 	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
 	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
-	cd src && $(MAKE) $@
-	cd doc && $(MAKE) $@
+	cd doc && $(MAKE) install
 	@echo "***"
 	@echo "***  !!! IMPORTANT !!!!  libgetdns needs a DNSSEC trust anchor!"
 	@echo "***"
@@ -86,7 +88,7 @@ install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_S
 	@echo "***  at package installation time from the post-install script."
 	@echo "***"
 
-uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
+uninstall: @UNINSTALL_GETDNS_QUERY@
 	rm -rf $(DESTDIR)$(docdir)
 	cd doc && $(MAKE) $@
 	cd src && $(MAKE) $@
@@ -103,8 +105,8 @@ test: default
 getdns_query: default
 	cd src/tools && $(MAKE) $@
 
-stubby: getdns_query
-	cd src/tools && $(MAKE) $@
+stubby:
+	cd src && $(MAKE) $@
 
 scratchpad: default
 	cd src/test && $(MAKE) $@
@@ -112,17 +114,17 @@ scratchpad: default
 pad: scratchpad
 	src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
 
-install-getdns_query: getdns_query
+install-getdns_query: install-lib
 	cd src/tools && $(MAKE) $@
 
 uninstall-getdns_query:
 	cd src/tools && $(MAKE) $@
 
-install-stubby: getdns_query
-	cd src/tools && $(MAKE) $@
+install-stubby:
+	cd src && $(MAKE) $@
 
 uninstall-stubby:
-	cd src/tools && $(MAKE) $@
+	cd src && $(MAKE) $@
 
 clean:
 	cd src && $(MAKE) $@
@@ -190,7 +192,6 @@ $(distdir):
 	mkdir -p $(distdir)/src
 	mkdir -p $(distdir)/src/getdns
 	mkdir -p $(distdir)/src/test
-	mkdir -p $(distdir)/src/test/jsmn
 	mkdir -p $(distdir)/src/extension
 	mkdir -p $(distdir)/src/compat
 	mkdir -p $(distdir)/src/util
@@ -201,6 +202,8 @@ $(distdir):
 	mkdir -p $(distdir)/systemd
 	mkdir -p $(distdir)/spec
 	mkdir -p $(distdir)/spec/example
+	mkdir -p $(distdir)/stubby
+	mkdir -p $(distdir)/stubby/src
 	cp $(srcdir)/configure.ac $(distdir)
 	cp $(srcdir)/configure $(distdir)
 	cp $(srcdir)/AUTHORS $(distdir)
@@ -245,8 +248,11 @@ $(distdir):
 	cp $(srcdir)/systemd/stubby.* $(distdir)/systemd
 	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
 	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
-	cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools
-	cp $(srcdir)/src/tools/stubby-setdns-macos.sh $(distdir)/src/tools
+	cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
+	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
+	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
+	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
+	cp $(srcdir)/stubby/README.md $(distdir)/stubby
 	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn
diff --git a/configure.ac b/configure.ac
index 7c445a27..a48577e4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1009,17 +1009,17 @@ AC_SUBST(GETDNS_QUERY)
 AC_SUBST(INSTALL_GETDNS_QUERY)
 AC_SUBST(UNINSTALL_GETDNS_QUERY)
 
-AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
-	[Do not compile and install stubby, the (stub) resolver daemon]),
-	[], [withval="yes"])
-if test x_$withval = x_no; then
-	STUBBY=""
-	INSTALL_STUBBY=""
-	UNINSTALL_STUBBY=""
-else
+AC_ARG_WITH(stubby, AS_HELP_STRING([--with-stubby],
+	[Compile and install stubby, the (stub) resolver daemon]),
+	[], [withval="no"])
+if test x_$withval = x_yes; then
 	STUBBY="stubby"
 	INSTALL_STUBBY="install-stubby"
 	UNINSTALL_STUBBY="uninstall-stubby"
+else
+	STUBBY=""
+	INSTALL_STUBBY=""
+	UNINSTALL_STUBBY=""
 fi
 AC_SUBST(STUBBY)
 AC_SUBST(INSTALL_STUBBY)
diff --git a/src/Makefile.in b/src/Makefile.in
index 2342e250..22056063 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -35,16 +35,23 @@ libversion = @GETDNS_LIBVERSION@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
+sbindir = @sbindir@
 libdir = @libdir@
 includedir = @includedir@
+sysconfdir = @sysconfdir@
+localstatedir = @localstatedir@
+runstatedir = @runstatedir@
+stubbyconfdir = $(sysconfdir)/stubby
 have_libevent = @have_libevent@
 have_libuv = @have_libuv@
 have_libev = @have_libev@
 # datarootdir is here to please some checkers
 datarootdir=@datarootdir@
 INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
 
 srcdir = @srcdir@
+stubbysrcdir = $(srcdir)/../stubby
 LIBTOOL = ../libtool
 
 CC=@CC@
@@ -75,6 +82,8 @@ GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
 	str2wire.lo
 
+PROGRAMS=@STUBBY@
+
 LIBOBJDIR=
 LIBOBJS=@LIBOBJS@
 COMPAT_OBJ=$(LIBOBJS:.o=.lo)
@@ -97,7 +106,7 @@ NON_C99_OBJS=context.lo libuv.lo
 
 default: all
 
-all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
+all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)
 
 $(GETDNS_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
@@ -123,25 +132,35 @@ context.lo:
 libuv.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
 
-install:	libgetdns.la
+install-headers: getdns/getdns.h getdns/getdns_extra.h
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
 	$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
 	$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
+	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
+	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
+	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
+
+uninstall-headers:
+	rm -rf $(DESTDIR)$(includedir)/getdns
+
+install-libs: libgetdns.la
 	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
 	$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
-	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
-
+	if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
+	if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
+	if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
 	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
 
-uninstall:
-	rm -rf $(DESTDIR)$(includedir)/getdns
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
+uninstall-libs:
 	if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
 	if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
 	if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
+	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
+
+install: install-libs install-headers @INSTALL_STUBBY@
+
+uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs
 
 libgetdns_ext_event.la: libgetdns.la libevent.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
@@ -163,8 +182,24 @@ test: default
 getdns_query: default
 	cd tools && $(MAKE) $@
 
-stubby:	getdns_query
-	cd tools && $(MAKE) $@
+stubby.lo: $(stubbysrcdir)/src/stubby.c
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@
+
+stubby: stubby.lo libgetdns.la 
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
+
+install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
+	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
+	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
+	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
+	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
+	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
+	test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
+		$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
+
+uninstall-stubby:
+	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
+	rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
 
 scratchpad: default
 	cd test && $(MAKE) $@
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index 7e291603..3cba9659 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -68,8 +68,8 @@ $(ALL_OBJS):
 getdns_query: getdns_query.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
 
-stubby: getdns_query.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
+stubby:
+	cd .. && $(MAKE) $@
 
 install-getdns_query: getdns_query
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
@@ -78,15 +78,14 @@ install-getdns_query: getdns_query
 uninstall-getdns_query:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query
 
-install-stubby: getdns_query
-	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
-	$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
+install-stubby:
+	cd .. && $(MAKE) $@
 
 uninstall-stubby:
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
+	cd .. && $(MAKE) $@
 
 clean:
-	rm -f *.o *.lo $(PROGRAMS) stubby
+	rm -f *.o *.lo $(PROGRAMS)
 	rm -rf .libs
 
 distclean : clean
diff --git a/src/tools/stubby-setdns-macos.sh b/src/tools/stubby-setdns-macos.sh
deleted file mode 100755
index 90f1e45f..00000000
--- a/src/tools/stubby-setdns-macos.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/bash
-#
-# Copyright (c) 2017, Verisign, Inc., NLnet Labs
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-# * Redistributions of source code must retain the above copyright
-#   notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the names of the copyright holders nor the
-#   names of its contributors may be used to endorse or promote products
-#   derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-# Stubby helper file to set DNS servers on macOS.
-# Note - this script doesn't detect or handle network events, simply changes the 
-# current resolvers
-# Must run as root.
-
-usage () {
-    echo
-    echo "Update the system DNS resolvers so that Stubby is used for all DNS"
-    echo "queries on macOS. (Stubby must already be running)"
-    echo "This must be run as root."
-    echo
-    echo "Usage: $0 options"
-    echo
-    echo "Supported options:"
-    echo "  -r Reset DNS resolvers to the default ones (e.g. from DHCP)"
-    echo "  -l List the current DNS settings for all interfaces"
-    echo "  -h Show this help."
-}
-
-RESET=0
-LIST=0
-SERVERS="127.0.0.1 ::1"
-OS_X=`uname -a | grep -c 'Darwin'`
-
-while getopts ":rlh" opt; do
-    case $opt in
-        r  ) RESET=1 ;;
-        l  ) LIST=1 ;;
-        h  ) usage
-             exit 1 ;;
-        \? ) usage
-             exit 1 ;;
-    esac
-done
-
-
-if [[ $OS_X -eq 0 ]]; then
-    echo "Sorry - This script only works on macOS and you are on a different OS."
-    exit 1
-fi
-
-if [[ $LIST -eq 1 ]]; then
-    echo "** Current DNS settings **"
-    networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
-        RESULT=`networksetup -getdnsservers "$x"`
-        RESULT=`echo $RESULT`
-        printf '%-30s %s\n' "$x:" "$RESULT"
-    done
-    exit 1
-fi
-
-if [ "$USER" != "root" ]; then
-    echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'"
-    exit 1
-fi
-
-if [[ $RESET -eq 1 ]]; then
-    SERVERS="empty"
-    echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service."
-else
-    echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running."
-fi
-
-### Set the DNS settings via networksetup ###
-networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
-    networksetup -setdnsservers "$x" $SERVERS
-done
-
diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf
deleted file mode 100644
index 56fffaff..00000000
--- a/src/tools/stubby.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-{ resolution_type: GETDNS_RESOLUTION_STUB
-, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
-, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
-, tls_query_padding_blocksize: 256
-, edns_client_subnet_private : 1
-, listen_addresses: [ 127.0.0.1, 0::1 ]
-, idle_timeout: 10000
-, round_robin_upstreams: 1
-, upstream_recursive_servers:
-  [ { address_data: 145.100.185.15
-    , tls_auth_name: "dnsovertls.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
-      } ] 
-    },
-    { address_data: 145.100.185.16
-    , tls_auth_name: "dnsovertls1.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
-      } ] 
-    },
-    { address_data: 185.49.141.37
-    , tls_auth_name: "getdnsapi.net"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
-      } ]
-    },
-    { address_data: 2001:610:1:40ba:145:100:185:15
-    , tls_auth_name: "dnsovertls.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
-      } ] 
-    },
-    { address_data: 2001:610:1:40ba:145:100:185:16
-    , tls_auth_name: "dnsovertls1.sinodun.com"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
-      } ] 
-    },
-    { address_data: 2a04:b900:0:100::37
-    , tls_auth_name: "getdnsapi.net"
-    , tls_pubkey_pinset:
-      [ { digest: "sha256"
-        , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
-      } ]
-    },
-    { address_data: 89.233.43.71 
-    , tls_auth_name: "unicast.censurfridns.dk"
-    },
-    { address_data: 2a01:3a0:53:53::
-    , tls_auth_name: "unicast.censurfridns.dk"
-    }
-  ]
-}
diff --git a/stubby b/stubby
new file mode 160000
index 00000000..ac0be7b0
--- /dev/null
+++ b/stubby
@@ -0,0 +1 @@
+Subproject commit ac0be7b0549a32fc5e9e7ef11e2d120edda61368