A hobby Adblock DNS project with DoH (http/2,http/3), DoT, DoQ, DNSCryptv2 and DNS over DTLS support.
No logs | No EDNS Client-Subnet | OpenNIC support | DNSSEC ready | Yggdrasil | Filtered ads, trackers, malware, prevent CNAME Cloaking
quic://dot-sg.blahdns.com:784
IPv4-stamp:
IPv6-stamp:
IP address:
46.250.226.242
2407:3640:2205:1668::1
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
quic://dot-de.blahdns.com:784
IPv4-stamp:
IPv6-stamp:
IP address:
78.46.244.143
2a01:4f8:c17:ec67::1
tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)
IPv4 - DNSStamp:
IPv6 - DNSStamp:
DNS over HTTPS (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure DNS traffic over HTTPS.
It prevents DNS hijacking and ISPs from sniffing your traffic.
You can use will Infra on Android Phone, Mozilla firefox nightly, Chrome coming soon.
DNSCrypt v2 client does support DoH, see dnscrypt
configuration example
on Windows, macOS, iOS (DNSCloak)
Encrypted DNS - DNS over TLS
DNS over TLS support is available on all our services through port 853 (standard port, some service may support 443).
DNS over TLS encrypts and authenticates all your DNS traffic to protect your privacy and prevent DNS hijacking and sniffing.
Client software: Stubby | Unbound
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
DNS over HTTP/3 Udp over QUIC protocol
docker run -it --rm ymuski/curl-http3 curl --http3 -H 'accept: application/dns-message' -v 'https://doh-sg.blahdns.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
Curl Dns-over-HTTPS TCP HTTP/2
curl -H 'content-type: application/dns-message' -vL -v 'https://doh-sg.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
CURL check dns over https performance
curl -kso /dev/null https://www.example.com -w "==============\n\n
| dnslookup: %{time_namelookup}\n
| connect: %{time_connect}\n
| appconnect: %{time_appconnect}\n
| pretransfer: %{time_pretransfer}\n
| starttransfer: %{time_starttransfer}\n
| total: %{time_total}\n
| size: %{size_download}\n
| HTTPCode=%{http_code}\n\n"
==============
| dnslookup: 0.197889
| connect: 0.337666
| appconnect: 0.645758
| pretransfer: 0.647176
| starttransfer: 0.792285
| total: 0.792638
| size: 1256
| HTTPCode=200
kdig DNS over TLS
kdig example.org @dot-sg.blahdns.com +tls -p 443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com. -p 4443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com.
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query +https-get example.com.
kdig -d @dot-sg.blahdns.com +tls-ca +tls-host=dot-sg.blahdns.com example.com.
Do Blahdns block CNAME Cloaking? Yes, click here to read more.
Method 1
Be sure you already install package apt install gnutls-bin
gnutls-cli --print-cert -p 853 dot-jp.blahdns.com | grep "pin-sha256" | head -1
Method 2
kdig -d @dot-jp.blahdns.com +tls-ca +tls-host=dot-jp.blahdns.com blahdns.com