You can set the DNS Servers setting to a list of servers that you would like to use. By default, only the first server in the list will be used, unless it fails or does not meet other configured requirements.

DNS servers are configured using an URL scheme, the format is:

protocol://ip:port?parameter=value&parameter=value

These are the possible values:

Protocols

• dot: DNS-over-TLS (recommended)
• dns: plain DNS
• tcp: plain DNS over TCP

IP

DNS Server configurations must use the server IP address instead of its hostname. Using a domain is not possible because there is no guarantee that there is another DNS Server available to resolve that domain.

Port

You must specify the server port if non-standard.

The standard ports are:

• dot: 853
• dns: 53
• tcp: 53

Parameters

A DNS server configuration URL might have one or more the the following parameters configured.

• name: Give your DNS server a name that is used for messages and logs.
• verify: Domain name to verify for dot servers, required and only valid for dot servers.
• blockedif: How to detect if the name server blocks a query. Different name servers handle blocked responses differently.
• empty: Server replies with NXDomain status, but without any other record in any section.
• refused: Server replies with Refused status.
• zeroip: Server replies with an IP address, but it is zero (ie. 0.0.0.0 for IPv4).

Common Server Settings

Here are some common DNS Servers. Please note that we do not recommend using IPv6 as the vast address space leads to increased trackability.

Quad9

Quad9 is a public DNS service that provides malware protection and is run by a non-profit.

Malware Protection:

dot://9.9.9.9:853?verify=dns.quad9.net&name=Quad9&blockedif=empty
dot://149.112.112.112:853?verify=dns.quad9.net&name=Quad9&blockedif=empty

Malware Protection, IPv6:

dot://[2620:fe::fe]:853?verify=dns.quad9.net&name=Quad9&blockedif=empty
dot://[2620:fe::9]:853?verify=dns.quad9.net&name=Quad9&blockedif=empty

AdGuard

AdGuard offers a freemium public DNS service that also blocks ads.

Ad Blocking:
dot://94.140.14.14:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip
dot://94.140.15.15:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip

Ad Blocking, IPv6:
dot://[2a10:50c0::ad1:ff]:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip
dot://[2a10:50c0::ad2:ff]?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip

Ad Blocking, Family Protection:
dot://94.140.14.15:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip
dot://94.140.15.16:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip

Ad Blocking, Familty Protection, IPv6:
dot://[2a10:50c0::bad1:ff]:853?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip
dot://[2a10:50c0::bad2:ff]?verify=dns.adguard.com&name=AdGuard&blockedif=zeroip

Foundation for Applied Privacy (encrypted DNS)

The Foundation for Applied Privacy is a small non-profit that also runs a public DNS service.

No Filtering:
dot://146.255.56.98:853?verify=dot1.applied-privacy.net&name=AppliedPrivacy

No Filtering, IPv6:
dot://[2a02:1b8:10:234::2]:853?verify=dot1.applied-privacy.net&name=AppliedPrivacy

Cloudflare

Cloudflare is a behemoth of the Internet. Next to its commercial offerings, it also provices a public DNS service.

Malware Protection:
dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip
dot://1.0.0.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip

Malware Protection, IPv6:
dot://[2606:4700:4700::1112]:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip
dot://[2606:4700:4700::1002]:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip

Malware and Family Protection:
dot://1.1.1.3:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip
dot://1.0.0.3:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip

Malware and Family Protection, IPv6:
dot://[2606:4700:4700::1113]:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip
dot://[2606:4700:4700::1003]:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip

Community Suggested Server Settings

Needs are different, that is why we list settings suggested by the community down below. Is something missing or out of date? Make a report or create a pull request.

BlahDNS

Malware Protection, Ad Blocking

🇨🇭 Switzerland:
dot://45.91.92.121:853?verify=dot-ch.blahdns.com&name=BlahDNSch&blockedif=zeroip

🇯🇵 Japan:
dot://139.162.112.47:853?verify=dot-jp.blahdns.com&name=BlahDNSjp&blockedif=zeroip

🇸🇬 Singapore:
dot://192.53.175.149:853?verify=dot-sg.blahdns.com&name=BlahDNSsg&blockedif=zeroip

🇩🇪 Germany:
dot://78.46.244.143:853?verify=dot-de.blahdns.com&name=BlahDNSde&blockedif=zeroip

🇫🇮 Finland:
dot://95.216.212.177:853?verify=dot-fi.blahdns.com&name=BlahDNSfi&blockedif=zeroip

LibreDNS

No Filtering:
dot://116.202.176.26:853?verify=dot.libredns.gr&name=LibreDNS

Malware Protection, Ad & Tracker Blocking
dot://116.202.176.26:854?verify=dot.libredns.gr&name=LibreDNS&blockedif=zeroip

NextDNS

dot://45.90.28.144?verify=43ab19.dns.nextdns.io&name=NextDNS&blockedif=zeroip

Snopyta

No Filtering:
dot://95.216.24.230:853?verify=fi.dot.dns.snopyta.org&name=SnopytaDNS

No Filtering, IPv6:
dot://[2a01:4f9:2a:1919::9301]:853?verify=fi.dot.dns.snopyta.org&name=SnopytaDNS

Community Requested Server Settings

In contrast to the settings mentioned above, we do not recommend to use these servers. These providers are known to excessively collect user data. But as needs are different, we also list these settings requested by the community.

Google Public DNS

Use at your own risk:

No Filtering:
dot://8.8.8.8:853?verify=dns.google&name=GoogleDNS&blockedif=zeroip
dot://8.8.4.4:853?verify=dns.google&name=GoogleDNS&blockedif=zeroip

No Filtering, IPv6:
dot://[2001:4860:4860::8888]?verify=dns.google&name=GoogleDNS&blockedif=zeroip
dot://[2001:4860:4860::8844]?verify=dns.google&name=GoogleDNS&blockedif=zeroip

Key Terms:

• DNS Configuration
,
• Networking
,
• Open Source Software