Using DNS over TLS
We provide DNS over TLS support on standard port 853. To start using PureDNS with DNS over TLS, you can use the following address.
puredns.org
Learn how to configure DNS over TLS on your device with the setup guide below.
Using DNS over HTTPS
DNS over HTTPS support is available on standard port 443. Our DoH servers support HTTP/2 for fast lookup results and to avoid blocking from ISPs.
https://puredns.org/dns-query
Using DNS over QUIC
DNS over QUIC is known to be much faster than DNS over TLS, and is now available under port 853/UDP.
To use PureDNS with DoQ, you may want to use a client like AdGuard Home or dnsproxy.
quic://puredns.org
Using DNS over Tor
We support DNS over Tor so that users are able to query domains anonymously. Now available at
purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion
To use the PureDNS Hidden Resolver service please refer to setup guide below.
Using DNSCrypt
PureDNS can be used with DNSCrypt as a client by using DNS Stamps. Use the following DNS stamp in your DNSCrypt configuration.
sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ
You can verify the DNS stamp above using this tool provided by the official DNSCrypt team.
Using Plain DNS
While we don't recommend using unencrypted DNS (standard port 53) for your personal internet, there are some of us who want this support as part of their implementation; like using PureDNS on Routers. Use the IP addresses below to start using PureDNS.
For IPv4
108.136.97.40
108.137.15.53
For IPv6
2406:da19:66f:e800:631e:350a:559d:5615
2406:da19:66f:e820:feab:18f3:4b9b:cd32
Private DNS
Requires Android 9 or higher- Go to Settings → Network & internet → Advanced → Private DNS.
- Select the Private DNS provider hostname option.
- Enter puredns.org and click Save.
Intra
- Install Intra app from the Play Store.
- Go to Settings → DNS over HTTPS Server → Custom server URL.
- Enter https://puredns.org/dns-query and click Accept.
iOS and iPadOS
Requires iOS/iPadOS 14 or higher.Knot Resolver
- Install Knot Resolver.
- Use the following in /etc/knot-resolver/kresd.conf:
policy.add(policy.all(policy.TLS_FORWARD({
{'108.136.97.40', hostname='puredns.org'},
{'108.137.15.53', hostname='puredns.org'},
{'2406:da19:66f:e800:631e:350a:559d:5615', hostname='puredns.org'},
{'2406:da19:66f:e820:feab:18f3:4b9b:cd32', hostname='puredns.org'}
})))
Stubby
- Install Stubby.
- Use the following in stubby.yml:
round_robin_upstreams: 1
upstream_recursive_servers:
- address_data: 108.136.97.40
tls_auth_name: "puredns.org"
- address_data: 108.137.15.53
tls_auth_name: "puredns.org"
- address_data: 2406:da19:66f:e800:631e:350a:559d:5615
tls_auth_name: "puredns.org"
- address_data: 2406:da19:66f:e820:feab:18f3:4b9b:cd32
tls_auth_name: "puredns.org"
Unbound
- Install Unbound.
- Use the following in unbound.conf:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 108.136.97.40#puredns.org
forward-addr: 108.137.15.53#puredns.org
forward-addr: 2406:da19:66f:e800:631e:350a:559d:5615#puredns.org
forward-addr: 2406:da19:66f:e820:feab:18f3:4b9b:cd32#puredns.org
DNSCrypt
- Install DNSCrypt.
- Use the following in dnscrypt-proxy.toml:
server_names = ['PureDNS']
[static]
[static.'PureDNS']
stamp = 'sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ'
cloudflared
- Install cloudflared.
- Use the following in /usr/local/etc/cloudflared/config.yml:
proxy-dns: true
proxy-dns-upstream:
- https://puredns.org/dns-query
DNS over HTTPS
Windows 11- Open the Settings app.
- Go to Network & internet.
- Click on Wi-Fi (or Ethernet).
- Click on Hardware properties, or ignore this step if you clicked on Ethernet.
- Click the Edit button next to DNS server assignment.
- Select Manual.
- Enable IPv4.
- Enter 108.136.97.40 as Preferred DNS, then select On (manual template) and enter https://puredns.org/dns-query
- Enter 108.137.15.53 as Alternate DNS, then select On (manual template) and enter https://puredns.org/dns-query
- Click Save.
YogaDNS
- Install YogaDNS.
- Go to Configuration → DNS Servers → Add.
- Enter PureDNS in the User friendly name.
- For Protocol you can select DNS over HTTPS.
- Specify the URL with https://puredns.org/dns-query.
- Click Check to quickly test the server and click OK.
See more details on how to configure YogaDNS.
macOS
Requires macOS Big Sur or newer.Google Chrome
- Go to Settings.
- In the Privacy and security section, click on Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
Firefox
- Open Preferences.
- Scroll down to the Network Settings section and click on Settings.
- Scroll down and check Enable DNS over HTTPS.
- Select Custom, enter https://puredns.org/dns-query and click OK.
Microsoft Edge
- Open Settings.
- Go to the Privacy, search, and services section.
- Under Security, enable Use secure DNS to specify how to lookup the network address for websites.
- Select Choose a service provider, then enter https://puredns.org/dns-query.
Brave
- Open Settings.
- In the Privacy and security section (under Additional settings), go to Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
IPv4 & IPv6
- Sign in to your router's web-based administration, usually at the following address:
http://192.168.1.1
. - Find the DNS settings inside the interface.
Change addresses (if any), with IPv4:
108.136.97.40 108.137.15.53
or with IPv6 use addresses below:
2406:da19:66f:e800:631e:350a:559d:5615 2406:da19:66f:e820:feab:18f3:4b9b:cd32
- Click Save (or similar).
pfSense
- Navigate to Services → DNS Resolver and on the tab General Settings scroll down to the Custom Options box.
- Enter the following lines:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 108.136.97.40#puredns.org
forward-addr: 108.137.15.53#puredns.org
forward-addr: 2406:da19:66f:e800:631e:350a:559d:5615#puredns.org
forward-addr: 2406:da19:66f:e820:feab:18f3:4b9b:cd32#puredns.org
MikroTik
Run the following:
/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=puredns.org address=108.136.97.40 type=A
/ip dns static add name=puredns.org address=108.137.15.53 type=A
/ip dns static add name=puredns.org address=2406:da19:66f:e800:631e:350a:559d:5615 type=AAAA
/ip dns static add name=puredns.org address=2406:da19:66f:e820:feab:18f3:4b9b:cd32 type=AAAA
/ip dns set use-doh-server="https://puredns.org/dns-query" verify-doh-cert=yes
DNS over TLS
Tor usually runs on port 9050
by default. To use our hidden resolver, we recommend using the socat command.
PORT=853; socat TCP4-LISTEN:${PORT},reuseaddr,fork SOCKS4A:127.0.0.1:purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion:${PORT},socksport=9050
Now you can try to test it by sending a query using the kdig command.
kdig -d +tls +tls-hostname=puredns.org @127.0.0.1 -p 853 puredns.org
Buy the developer of PureDNS a coffee
If you like using PureDNS, you can buy me a coffee! Your donation will help to support the continued development of PureDNS and make it even better for everyone.
1KoVse5i4mqPsHcK4FfTfTb97S8cEFdqHu
0x19e9d42C5b2b10c3127cBDafFf1f813AaC038bcA