A better Internet with privacy-respecting and fast DNS Resolver

Use our DNS over HTTPS/TLS/QUIC/Tor features to encrypt name resolution.

Get Started DNS for Family

Available on all devices and networks.

Liputan6 logo

Using DNS over TLS

We provide DNS over TLS support on standard port 853. To start using PureDNS with DNS over TLS, you can use the following address.

puredns.org

Learn how to configure DNS over TLS on your device with the setup guide below.

Using DNS over HTTPS

DNS over HTTPS support is available on standard port 443. Our DoH servers support HTTP/2 for fast lookup results and to avoid blocking from ISPs.

https://puredns.org/dns-query

Using DNS over QUIC

DNS over QUIC is known to be much faster than DNS over TLS, and is now available under port 853/UDP.

To use PureDNS with DoQ, you may want to use a client like AdGuard Home or dnsproxy.

quic://puredns.org

Using DNS over Tor

We support DNS over Tor so that users are able to query domains anonymously. Now available at

purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion

To use the PureDNS Hidden Resolver service please refer to setup guide below.

Using DNSCrypt

PureDNS can be used with DNSCrypt as a client by using DNS Stamps. Use the following DNS stamp in your DNSCrypt configuration.

sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ

You can verify the DNS stamp above using this tool provided by the official DNSCrypt team.

Using Plain DNS

While we don't recommend using unencrypted DNS (standard port 53) for your personal internet, there are some of us who want this support as part of their implementation; like using PureDNS on Routers. Use the IP addresses below to start using PureDNS.

For IPv4
3.0.86.126
3.1.94.218
For IPv6
2406:da18:ce3:9803:7106:3bbb:f9df:c955
2406:da18:ce3:9801:6aa2:5634:9873:71fe

Private DNS

Requires Android 9 or higher
  1. Go to SettingsNetwork & internetAdvancedPrivate DNS.
  2. Select the Private DNS provider hostname option.
  3. Enter puredns.org and click Save.

Intra

Get Intra app on the Google Play

  1. Install Intra app from the Play Store.
  2. Go to SettingsDNS over HTTPS ServerCustom server URL.
  3. Enter https://puredns.org/dns-query and click Accept.

iOS and iPadOS

Requires iOS/iPadOS 14 or higher.
  1. Download our Apple Configuration Profile to enable Encrypted DNS feature.
  2. You can download configuration for DoH and/or DoT.
  3. Go to Settings → General → VPN & Device Mangement
  4. Tap the Downloaded Profile.
  5. Tap Install in the upper-right corner, then follow the onscreen instructions.

DNSCloak

Get DNSCloak app on the App Store

  1. Install DNSCloak app from the App Store.
  2. Search puredns using search bar.
  3. Tap puredns-doh and puredns-doh-ipv6.
  4. Tap Use this server.

Knot Resolver

  1. Install Knot Resolver.
  2. Use the following in /etc/knot-resolver/kresd.conf:
policy.add(policy.all(policy.TLS_FORWARD({
  {'3.0.86.126', hostname='puredns.org'},
  {'3.1.94.218', hostname='puredns.org'},
  {'2406:da18:ce3:9803:7106:3bbb:f9df:c955', hostname='puredns.org'},
  {'2406:da18:ce3:9801:6aa2:5634:9873:71fe', hostname='puredns.org'}
})))

Stubby

  1. Install Stubby.
  2. Use the following in stubby.yml:
round_robin_upstreams: 1
  upstream_recursive_servers:
  - address_data: 3.0.86.126
  tls_auth_name: "puredns.org"
  - address_data: 3.1.94.218
  tls_auth_name: "puredns.org"
  - address_data: 2406:da18:ce3:9803:7106:3bbb:f9df:c955
  tls_auth_name: "puredns.org"
  - address_data: 2406:da18:ce3:9801:6aa2:5634:9873:71fe
  tls_auth_name: "puredns.org"

Unbound

  1. Install Unbound.
  2. Use the following in unbound.conf:
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 3.0.86.126#puredns.org
  forward-addr: 3.1.94.218#puredns.org
  forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
  forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org

DNSCrypt

  1. Install DNSCrypt.
  2. Use the following in dnscrypt-proxy.toml:
server_names = ['PureDNS']

[static]
  [static.'PureDNS']
  stamp = 'sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ'

cloudflared

  1. Install cloudflared.
  2. Use the following in /usr/local/etc/cloudflared/config.yml:
proxy-dns: true
proxy-dns-upstream:
  - https://puredns.org/dns-query

Encrypted DNS

Requires Windows 10 or higher.
  1. Open Windows Powershell as Administrator.
  2. Run the following to add PureDNS to the list of known servers.

    Add-DnsClientDohServerAddress -ServerAddress 3.0.86.126 -DohTemplate https://puredns.org/dns-query 
    Add-DnsClientDohServerAddress -ServerAddress 3.1.94.218 -DohTemplate https://puredns.org/dns-query
  3. Open Settings.
  4. Navigate to Network & internetStatus.
  5. Click on Properties.
  6. Click Edit under DNS settings.
  7. Select the Manual option, and then specify Preferred DNS and Alternate DNS IP addresses with 3.0.86.126 for Primary and 3.1.94.218 for Alternate.
  8. Select Encrypted only (DNS over HTTPS) for both.

YogaDNS

  1. Install YogaDNS.
  2. Go to ConfigurationDNS ServersAdd.
  3. Enter PureDNS in the User friendly name.
  4. For Protocol you can select DNS over HTTPS.
  5. Specify the URL with https://puredns.org/dns-query.
  6. Click Check to quickly test the server and click OK.

See more details on how to configure YogaDNS.

macOS

Requires macOS Big Sur or newer.
  1. Download our Apple Configuration Profile to enable Encrypted DNS feature.
  2. You can download configuration for DoH and/or DoT.
  3. Open the downloaded .mobileconfig file.
  4. Open System Preferences.
  5. Go to Profiles.
  6. Click Install.

Google Chrome

  1. Go to Settings.
  2. In the Privacy and security section, click on Security.
  3. In the Advanced section, enable Use secure DNS.
  4. Select With: Custom, then enter https://puredns.org/dns-query.

Firefox

  1. Open Preferences.
  2. Scroll down to the Network Settings section and click on Settings.
  3. Scroll down and check Enable DNS over HTTPS.
  4. Select Custom, enter https://puredns.org/dns-query and click OK.

Microsoft Edge

  1. Open Settings.
  2. Go to the Privacy, search, and services section.
  3. Under Security, enable Use secure DNS to specify how to lookup the network address for websites.
  4. Select Choose a service provider, then enter https://puredns.org/dns-query.

Brave

  1. Open Settings.
  2. In the Privacy and security section (under Additional settings), go to Security.
  3. In the Advanced section, enable Use secure DNS.
  4. Select With: Custom, then enter https://puredns.org/dns-query.

IPv4 & IPv6

  1. Sign in to your router's web-based administration, usually at the following address: http://192.168.1.1.
  2. Find the DNS settings inside the interface.
  3. Change addresses (if any), with IPv4:

    3.0.86.126
    3.1.94.218

    or with IPv6 use addresses below:

    2406:da18:ce3:9803:7106:3bbb:f9df:c955
    2406:da18:ce3:9801:6aa2:5634:9873:71fe
  4. Click Save (or similar).

pfSense

  1. Navigate to ServicesDNS Resolver and on the tab General Settings scroll down to the Custom Options box.
  2. Enter the following lines:
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 3.0.86.126#puredns.org
  forward-addr: 3.1.94.218#puredns.org
  forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
  forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org

MikroTik

Run the following:

/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=puredns.org address=3.0.86.126 type=A
/ip dns static add name=puredns.org address=3.1.94.218 type=A
/ip dns static add name=puredns.org address=2406:da18:ce3:9803:7106:3bbb:f9df:c955 type=AAAA
/ip dns static add name=puredns.org address=2406:da18:ce3:9801:6aa2:5634:9873:71fe type=AAAA
/ip dns set use-doh-server="https://puredns.org/dns-query" verify-doh-cert=yes

DNS over TLS

Tor usually runs on port 9050 by default. To use our hidden resolver, we recommend using the socat command.

PORT=853; socat TCP4-LISTEN:${PORT},reuseaddr,fork SOCKS4A:127.0.0.1:purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion:${PORT},socksport=9050

Now you can try to test it by sending a query using the kdig command.

kdig -d +tls +tls-hostname=puredns.org @127.0.0.1 -p 853 puredns.org

Support the Development

You can use our service free of charge, but if you happen to think to help make PureDNS even better, please donate via the following links.

Saweria Patreon