Using DNS over TLS
We provide DNS over TLS support on standard port 853. To start using PureDNS with DNS over TLS, you can use the following address.
puredns.org
Learn how to configure DNS over TLS on your device with the setup guide below.
Using DNS over HTTPS
DNS over HTTPS support is available on standard port 443. Our DoH servers support HTTP/2 for fast lookup results and to avoid blocking from ISPs.
https://puredns.org/dns-query
Using DNS over QUIC
DNS over QUIC is known to be much faster than DNS over TLS, and is now available under port 853/UDP.
To use PureDNS with DoQ, you may want to use a client like AdGuard Home or dnsproxy.
quic://puredns.org
Using DNS over Tor
We support DNS over Tor so that users are able to query domains anonymously. Now available at
purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion
To use the PureDNS Hidden Resolver service please refer to setup guide below.
Using DNSCrypt
PureDNS can be used with DNSCrypt as a client by using DNS Stamps. Use the following DNS stamp in your DNSCrypt configuration.
sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ
You can verify the DNS stamp above using this tool provided by the official DNSCrypt team.
Using Plain DNS
While we don't recommend using unencrypted DNS (standard port 53) for your personal internet, there are some of us who want this support as part of their implementation; like using PureDNS on Routers. Use the IP addresses below to start using PureDNS.
For IPv4
3.0.86.126
3.1.94.218
For IPv6
2406:da18:ce3:9803:7106:3bbb:f9df:c955
2406:da18:ce3:9801:6aa2:5634:9873:71fe
Private DNS
Requires Android 9 or higher- Go to Settings → Network & internet → Advanced → Private DNS.
- Select the Private DNS provider hostname option.
- Enter puredns.org and click Save.
Intra
- Install Intra app from the Play Store.
- Go to Settings → DNS over HTTPS Server → Custom server URL.
- Enter https://puredns.org/dns-query and click Accept.
iOS and iPadOS
Requires iOS/iPadOS 14 or higher.- Download our Apple Configuration Profile to enable Encrypted DNS feature.
- You can download configuration for DoH and/or DoT.
- Go to Settings → General → VPN & Device Mangement
- Tap the Downloaded Profile.
- Tap Install in the upper-right corner, then follow the onscreen instructions.
DNSCloak
- Install DNSCloak app from the App Store.
- Search puredns using search bar.
- Tap puredns-doh and puredns-doh-ipv6.
- Tap Use this server.
Knot Resolver
- Install Knot Resolver.
- Use the following in /etc/knot-resolver/kresd.conf:
policy.add(policy.all(policy.TLS_FORWARD({
{'3.0.86.126', hostname='puredns.org'},
{'3.1.94.218', hostname='puredns.org'},
{'2406:da18:ce3:9803:7106:3bbb:f9df:c955', hostname='puredns.org'},
{'2406:da18:ce3:9801:6aa2:5634:9873:71fe', hostname='puredns.org'}
})))
Stubby
- Install Stubby.
- Use the following in stubby.yml:
round_robin_upstreams: 1
upstream_recursive_servers:
- address_data: 3.0.86.126
tls_auth_name: "puredns.org"
- address_data: 3.1.94.218
tls_auth_name: "puredns.org"
- address_data: 2406:da18:ce3:9803:7106:3bbb:f9df:c955
tls_auth_name: "puredns.org"
- address_data: 2406:da18:ce3:9801:6aa2:5634:9873:71fe
tls_auth_name: "puredns.org"
Unbound
- Install Unbound.
- Use the following in unbound.conf:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 3.0.86.126#puredns.org
forward-addr: 3.1.94.218#puredns.org
forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org
DNSCrypt
- Install DNSCrypt.
- Use the following in dnscrypt-proxy.toml:
server_names = ['PureDNS']
[static]
[static.'PureDNS']
stamp = 'sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ'
cloudflared
- Install cloudflared.
- Use the following in /usr/local/etc/cloudflared/config.yml:
proxy-dns: true
proxy-dns-upstream:
- https://puredns.org/dns-query
Encrypted DNS
Requires Windows 10 or higher.- Open Windows Powershell as Administrator.
Run the following to add PureDNS to the list of known servers.
Add-DnsClientDohServerAddress -ServerAddress 3.0.86.126 -DohTemplate https://puredns.org/dns-query Add-DnsClientDohServerAddress -ServerAddress 3.1.94.218 -DohTemplate https://puredns.org/dns-query
- Open Settings.
- Navigate to Network & internet → Status.
- Click on Properties.
- Click Edit under DNS settings.
- Select the Manual option, and then specify Preferred DNS and Alternate DNS IP addresses with 3.0.86.126 for Primary and 3.1.94.218 for Alternate.
- Select Encrypted only (DNS over HTTPS) for both.
YogaDNS
- Install YogaDNS.
- Go to Configuration → DNS Servers → Add.
- Enter PureDNS in the User friendly name.
- For Protocol you can select DNS over HTTPS.
- Specify the URL with https://puredns.org/dns-query.
- Click Check to quickly test the server and click OK.
See more details on how to configure YogaDNS.
macOS
Requires macOS Big Sur or newer.Google Chrome
- Go to Settings.
- In the Privacy and security section, click on Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
Firefox
- Open Preferences.
- Scroll down to the Network Settings section and click on Settings.
- Scroll down and check Enable DNS over HTTPS.
- Select Custom, enter https://puredns.org/dns-query and click OK.
Microsoft Edge
- Open Settings.
- Go to the Privacy, search, and services section.
- Under Security, enable Use secure DNS to specify how to lookup the network address for websites.
- Select Choose a service provider, then enter https://puredns.org/dns-query.
Brave
- Open Settings.
- In the Privacy and security section (under Additional settings), go to Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
IPv4 & IPv6
- Sign in to your router's web-based administration, usually at the following address:
http://192.168.1.1
. - Find the DNS settings inside the interface.
Change addresses (if any), with IPv4:
3.0.86.126 3.1.94.218
or with IPv6 use addresses below:
2406:da18:ce3:9803:7106:3bbb:f9df:c955 2406:da18:ce3:9801:6aa2:5634:9873:71fe
- Click Save (or similar).
pfSense
- Navigate to Services → DNS Resolver and on the tab General Settings scroll down to the Custom Options box.
- Enter the following lines:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 3.0.86.126#puredns.org
forward-addr: 3.1.94.218#puredns.org
forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org
MikroTik
Run the following:
/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=puredns.org address=3.0.86.126 type=A
/ip dns static add name=puredns.org address=3.1.94.218 type=A
/ip dns static add name=puredns.org address=2406:da18:ce3:9803:7106:3bbb:f9df:c955 type=AAAA
/ip dns static add name=puredns.org address=2406:da18:ce3:9801:6aa2:5634:9873:71fe type=AAAA
/ip dns set use-doh-server="https://puredns.org/dns-query" verify-doh-cert=yes
DNS over TLS
Tor usually runs on port 9050
by default. To use our hidden resolver, we recommend using the socat command.
PORT=853; socat TCP4-LISTEN:${PORT},reuseaddr,fork SOCKS4A:127.0.0.1:purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion:${PORT},socksport=9050
Now you can try to test it by sending a query using the kdig command.
kdig -d +tls +tls-hostname=puredns.org @127.0.0.1 -p 853 puredns.org