Using DNS over TLS
We provide DNS over TLS support on standard port 853. To start using PureDNS with DNS over TLS, you can use the following address.
puredns.org
Learn how to configure DNS over TLS on your device with the setup guide below.
Using DNS over HTTPS
DNS over HTTPS support is available on standard port 443. Our DoH servers support HTTP/2 for fast lookup results and to avoid blocking from ISPs.
https://puredns.org/dns-query
Using DNS over QUIC
DNS over QUIC is known to be much faster than DNS over TLS, and is now available under port 853/UDP.
To use PureDNS with DoQ, you may want to use a client like AdGuard Home or dnsproxy.
quic://puredns.org
Using DNS over Tor
We support DNS over Tor so that users are able to query domains anonymously. Now available at
purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion
To use the PureDNS Hidden Resolver service please refer to setup guide below.
Using DNSCrypt
PureDNS can be used with DNSCrypt as a client by using DNS Stamps. Use the following DNS stamp in your DNSCrypt configuration.
sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ
You can verify the DNS stamp above using this tool provided by the official DNSCrypt team.
Using Plain DNS
While we don't recommend using unencrypted DNS (standard port 53) for your personal internet, there are some of us who want this support as part of their implementation; like using PureDNS on Routers. Use the IP addresses below to start using PureDNS.
For IPv4
3.0.86.126
3.1.94.218
For IPv6
2406:da18:ce3:9803:7106:3bbb:f9df:c955
2406:da18:ce3:9801:6aa2:5634:9873:71fe
Private DNS
Requires Android 9 or higher- Go to Settings → Network & internet → Advanced → Private DNS.
- Select the Private DNS provider hostname option.
- Enter puredns.org and click Save.
Intra
- Install Intra app from the Play Store.
- Go to Settings → DNS over HTTPS Server → Custom server URL.
- Enter https://puredns.org/dns-query and click Accept.
iOS and iPadOS
Requires iOS/iPadOS 14 or higher.Knot Resolver
- Install Knot Resolver.
- Use the following in /etc/knot-resolver/kresd.conf:
policy.add(policy.all(policy.TLS_FORWARD({
{'3.0.86.126', hostname='puredns.org'},
{'3.1.94.218', hostname='puredns.org'},
{'2406:da18:ce3:9803:7106:3bbb:f9df:c955', hostname='puredns.org'},
{'2406:da18:ce3:9801:6aa2:5634:9873:71fe', hostname='puredns.org'}
})))
Stubby
- Install Stubby.
- Use the following in stubby.yml:
round_robin_upstreams: 1
upstream_recursive_servers:
- address_data: 3.0.86.126
tls_auth_name: "puredns.org"
- address_data: 3.1.94.218
tls_auth_name: "puredns.org"
- address_data: 2406:da18:ce3:9803:7106:3bbb:f9df:c955
tls_auth_name: "puredns.org"
- address_data: 2406:da18:ce3:9801:6aa2:5634:9873:71fe
tls_auth_name: "puredns.org"
Unbound
- Install Unbound.
- Use the following in unbound.conf:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 3.0.86.126#puredns.org
forward-addr: 3.1.94.218#puredns.org
forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org
DNSCrypt
- Install DNSCrypt.
- Use the following in dnscrypt-proxy.toml:
server_names = ['PureDNS']
[static]
[static.'PureDNS']
stamp = 'sdns://AgcAAAAAAAAAAAALcHVyZWRucy5vcmcKL2Rucy1xdWVyeQ'
cloudflared
- Install cloudflared.
- Use the following in /usr/local/etc/cloudflared/config.yml:
proxy-dns: true
proxy-dns-upstream:
- https://puredns.org/dns-query
DNS over HTTPS
Windows 11- Open the Settings app.
- Go to Network & internet.
- Click on Wi-Fi (or Ethernet).
- Click on Hardware properties, or ignore this step if you clicked on Ethernet.
- Click the Edit button next to DNS server assignment.
- Select Manual.
- Enable IPv4.
- Enter 3.0.86.126 as Preferred DNS, then select On (manual template) and enter https://puredns.org/dns-query
- Enter 3.1.94.218 as Alternate DNS, then select On (manual template) and enter https://puredns.org/dns-query
- Click Save.
YogaDNS
- Install YogaDNS.
- Go to Configuration → DNS Servers → Add.
- Enter PureDNS in the User friendly name.
- For Protocol you can select DNS over HTTPS.
- Specify the URL with https://puredns.org/dns-query.
- Click Check to quickly test the server and click OK.
See more details on how to configure YogaDNS.
macOS
Requires macOS Big Sur or newer.Google Chrome
- Go to Settings.
- In the Privacy and security section, click on Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
Firefox
- Open Preferences.
- Scroll down to the Network Settings section and click on Settings.
- Scroll down and check Enable DNS over HTTPS.
- Select Custom, enter https://puredns.org/dns-query and click OK.
Microsoft Edge
- Open Settings.
- Go to the Privacy, search, and services section.
- Under Security, enable Use secure DNS to specify how to lookup the network address for websites.
- Select Choose a service provider, then enter https://puredns.org/dns-query.
Brave
- Open Settings.
- In the Privacy and security section (under Additional settings), go to Security.
- In the Advanced section, enable Use secure DNS.
- Select With: Custom, then enter https://puredns.org/dns-query.
IPv4 & IPv6
- Sign in to your router's web-based administration, usually at the following address:
http://192.168.1.1
. - Find the DNS settings inside the interface.
Change addresses (if any), with IPv4:
3.0.86.126 3.1.94.218
or with IPv6 use addresses below:
2406:da18:ce3:9803:7106:3bbb:f9df:c955 2406:da18:ce3:9801:6aa2:5634:9873:71fe
- Click Save (or similar).
pfSense
- Navigate to Services → DNS Resolver and on the tab General Settings scroll down to the Custom Options box.
- Enter the following lines:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 3.0.86.126#puredns.org
forward-addr: 3.1.94.218#puredns.org
forward-addr: 2406:da18:ce3:9803:7106:3bbb:f9df:c955#puredns.org
forward-addr: 2406:da18:ce3:9801:6aa2:5634:9873:71fe#puredns.org
MikroTik
Run the following:
/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=puredns.org address=3.0.86.126 type=A
/ip dns static add name=puredns.org address=3.1.94.218 type=A
/ip dns static add name=puredns.org address=2406:da18:ce3:9803:7106:3bbb:f9df:c955 type=AAAA
/ip dns static add name=puredns.org address=2406:da18:ce3:9801:6aa2:5634:9873:71fe type=AAAA
/ip dns set use-doh-server="https://puredns.org/dns-query" verify-doh-cert=yes
DNS over TLS
Tor usually runs on port 9050
by default. To use our hidden resolver, we recommend using the socat command.
PORT=853; socat TCP4-LISTEN:${PORT},reuseaddr,fork SOCKS4A:127.0.0.1:purednsxr4shjkobosrqf7qebwzch3e4ignfr4beq34ngr4nkp2z32id.onion:${PORT},socksport=9050
Now you can try to test it by sending a query using the kdig command.
kdig -d +tls +tls-hostname=puredns.org @127.0.0.1 -p 853 puredns.org
Buy the developer of PureDNS a coffee
If you like using PureDNS, you can buy me a coffee! Your donation will help to support the continued development of PureDNS and make it even better for everyone.
1KoVse5i4mqPsHcK4FfTfTb97S8cEFdqHu
0x19e9d42C5b2b10c3127cBDafFf1f813AaC038bcA