Blahdns -- a hobby adblock DNS resolver support HTTP/3, DoH, DoT, DoQ, DNSCryptv2

News

Domain Name

                  DNSCrypt v2
                  
                      Simple DNSCrypt (Windows)
                    
                      dnscrypt-proxy (macOS, Linux)
                    
                      DNSCloak (iOS)
                    
                  DNS-over-TLS
                  
                      Stubby (Linux, Windows, macOS)
                    
                      Nebulo (DoT, DoH) -- Android
                    
                      Unbound
                    
                  DNS-over-HTTPS
                  
                      Nebulo (DoT, DoH) -- Android
                    
                      Simple DNSCrypt (Windows)
                    
                      dnscrypt-proxy (macOS, Linux)
                    
                      DNSCloak (iOS)
                    
                      Intra (Android)
                    
                      Mozilla Firefox (v66 above)

Thanks to these great projects, Blahdns was born.
1. knot-resolver: Go
2. Dnsdist: Go
3. HAProxy: Go
4. dns-over-https: Go

Useful tools

DNS leaks check Mullavad || Bash.ws
DNSSEC validation: Go
Internet.nl: Go
DNSSEC resolver algorithm test: Go
Cloudflare tools: Go | Go
Check my DNS: Go
DNS randomness: Go
DNS Spoofability test: Go
DNSTrace: Go
Threats search: Go
EDNS test Go
Cloudflare SNI Test Go .. You should have DNSSEC + TLS1.3 section in Green color.
DNS Check Go

Browser or Device privacy leaks test

1. Browserleaks: Go
2. Device leak: Go
3. Creepy JS: Go
4. Webbkoll: Go
5. Hardenize Report: Go
6. STARTTLS check: Go
7. SSL Test: Go
8. DKIM, SPF, SpamAssassin Email Validator Go
9. LiquidWeb (DNS) Go
10. BunnyCDN Diagnostic report Go

DNS over HTTPS (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure DNS traffic over HTTPS.
It prevents DNS hijacking and ISPs from sniffing your traffic.
You can use will Infra on Android Phone, Mozilla firefox nightly, Chrome coming soon.
DNSCrypt v2 client does support DoH, see dnscrypt configuration example on Windows, macOS, iOS (DNSCloak)

Encrypted DNS - DNS over TLS
DNS over TLS support is available on all our services through port 853 (standard port, some service may support 443).
DNS over TLS encrypts and authenticates all your DNS traffic to protect your privacy and prevent DNS hijacking and sniffing.
Client software: Stubby | Unbound

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

FAQ

How to fix Chrome on Android phone leaking DNS, check HERE
Supported TLS v1.3, 1.2
We drop ANY type.
Why you building this porject? I started this project around 2016. During that time, with my private dns, I need an easy way to filter ads and tracker, so I rent a server and learn how to achive this.
Why you dont like huge traffic? I'm still a student. and I run this service with my pocket money and spare time. Just as a hobby to learn somehting new. buying big server or Anti-DDOS service will cost lot.

DNS over HTTP/3 Udp over QUIC protocol
docker run -it --rm ymuski/curl-http3 curl --http3 -H 'accept: application/dns-message' -v 'https://doh-sg.blahdns.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C

Curl Dns-over-HTTPS TCP HTTP/2
curl -H 'content-type: application/dns-message' -vL -v 'https://doh-sg.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
CURL check dns over https performance
curl -kso /dev/null https://www.example.com -w "==============\n\n | dnslookup: %{time_namelookup}\n | connect: %{time_connect}\n | appconnect: %{time_appconnect}\n | pretransfer: %{time_pretransfer}\n | starttransfer: %{time_starttransfer}\n | total: %{time_total}\n | size: %{size_download}\n | HTTPCode=%{http_code}\n\n" ============== | dnslookup: 0.197889 | connect: 0.337666 | appconnect: 0.645758 | pretransfer: 0.647176 | starttransfer: 0.792285 | total: 0.792638 | size: 1256 | HTTPCode=200

kdig DNS over TLS
kdig example.org @dot-sg.blahdns.com +tls -p 443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com. -p 4443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com.
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query +https-get example.com.
kdig -d @dot-sg.blahdns.com +tls-ca +tls-host=dot-sg.blahdns.com example.com.

Do Blahdns block CNAME Cloaking? Yes, click here to read more.

We do block Sentry, Rollbar, Bugsnag --

Thanks Matteo Bosso**sco for 5 USD
Thanks Adam C** for 10 USD
Thanks Jash** P for 5 USD
Thanks A Bran**ts for 10 USD
Thanks Lawrence Le**g for 20 USD
Thanks A Bran**ts for 30 USD
Thanks for Simon On** for 5 USD
Thanks A Br**dts for 5 USD
Thanks And**w Kriz for 10 USD
Thanks Etienne Gut*** for 15.66 USD
Thanks Alexander S** for 50 EUR
Thanks Gabrie** Nichole Di*** for 20 USD
Thanks Chxx Kxx ** for 10 USD
Thanks Ch*** Buiter for 5 USD
Thanks Daniel de*** for 35 USD
Thanks Rolf Schw*** for 5 USD
Thanks Si*** Öner for 5 USD
Thanks Poxx Kw*** for 5 USD
Thanks Antonius Sian*** for 250 TWD
Thanks Yo** J** Lim for 3.88 SGD
Thanks Alex *** for 5 USD
Thanks to Johannes P*** 5 USD
Thanks to Jordi San*** 14.04 USD
Thanks to Mark McCr*** for 12.08 EUR
Thanks to Kristian Ny*** for 52 EUR
Thanks to dt Boris Gren*** for 10 EUR
Thanks to dt ans*** for 12 USD
Thanks to Andries Lou*** for 1000 TWD
Thanks to Andries Lou*** for 807 TWD
Thanks to Yann Fa*** for 25 USD(LTC)
Thanks to Daniel De*** for 10 USD
Thanks to Christoph Be*** for 5 USD
Thanks to Etienne Gu*** for 30 EUR
Thanks to Michael Ka*** for 3.33 EUR
Thanks to Adam Sr*** for 13 USD
Thanks to Tobiax R*** for 5 EUR
Thanks to Pekka de G*** for 15 USD
Thanks to Loren Pe*** for 3 USD
Thanks to Adam S*** for 2 USD
Thanks to Slawomir M*** for 5 USD
Thanks to Giuseppe Ma*** for 5 USD
Thanks to Austin Sa*** for 25 USD
Thanks to Jonni Rau*** for 25 USD
Thanks to Regin Ja*** for 50 EUR
Thanks to Kristian Ny*** Jen*** for 5 USD and 10 EUR
Thanks to Martin Lohr*** for 10 EUR
Thanks to Ferdinand Mu*** for 3 USD
Thanks to Mars*** for 5 USD
Thanks to Lawerence Le*** for 20 AUD
Thanks to 優樹*** for 3 USD
Thanks to Ardi Ka*** for 5 SGD
Thanks to Kung J*** for 3 USD
Thanks to Braian Kap*** for 9 USD
Thanks to Lorenzo O*** for 20 USD
Thanks to Felix Hung*** for 3 USD
Thanks to Marco G*** for 10 USD
Thanks to mik*** for 10 EUR
Thanks to Tim *** for 20 TWD

How to get strict SPKI

Method 1

Be sure you already install package apt install gnutls-bin
gnutls-cli --print-cert -p 853 dot-jp.blahdns.com | grep "pin-sha256" | head -1

Method 2

kdig -d @dot-jp.blahdns.com +tls-ca +tls-host=dot-jp.blahdns.com blahdns.com

You are not using Blahdns !!!

Announcements

Our servers

Singapore 🇸🇬

DNS over QUIC

DNS-over-HTTPS & HTTP/3

DNS-over-TLS

DNSCrypt v2

Germany 🇩🇪

DNS over QUIC

DNS-over-HTTPS & HTTP/3

DNS-over-TLS

DNSCrypt v2

News

DNSCrypt v2

DNS-over-TLS

DNS-over-HTTPS

FAQ

How to get strict SPKI