You are not using Blahdns !!!

A hobby Adblock DNS project with DoH (http/2,http/3), DoT, DoQ, DNSCryptv2 and DNS over DTLS support.

No logs | No EDNS Client-Subnet | OpenNIC support | DNSSEC ready | Yggdrasil | Filtered ads, trackers, malware, prevent CNAME Cloaking

🍻 Buy me some drinks 40 USD per month to keep this project healthy.

Announcements

Our servers

Singapore πŸ‡ΈπŸ‡¬

DNS over QUIC

quic://dot-sg.blahdns.com:784

DNS-over-HTTPS & HTTP/3

IPv4-stamp:

IPv6-stamp:

DNS-over-TLS

IP address:
46.250.226.242
2407:3640:2205:1668::1

tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)

DNSCrypt v2

port: 8443

IPv4 - DNSStamp:

IPv6 - DNSStamp:

Germany πŸ‡©πŸ‡ͺ

DNS over QUIC

quic://dot-de.blahdns.com:784

DNS-over-HTTPS & HTTP/3

IPv4-stamp:

IPv6-stamp:

DNS-over-TLS

IP address:
78.46.244.143
2a01:4f8:c17:ec67::1

tls_auth_name:
port: 853, 443 (Strict SNI, without SNI will drop)

DNSCrypt v2

port: 8443

IPv4 - DNSStamp:

IPv6 - DNSStamp:

News

Thanks to these great projects, Blahdns was born.
1. knot-resolver: Go
2. Dnsdist: Go
3. HAProxy: Go
4. dns-over-https: Go

Useful tools

DNS over HTTPS (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure DNS traffic over HTTPS.
It prevents DNS hijacking and ISPs from sniffing your traffic.
You can use will Infra on Android Phone, Mozilla firefox nightly, Chrome coming soon.
DNSCrypt v2 client does support DoH, see dnscrypt configuration example on Windows, macOS, iOS (DNSCloak)

Encrypted DNS - DNS over TLS
DNS over TLS support is available on all our services through port 853 (standard port, some service may support 443).
DNS over TLS encrypts and authenticates all your DNS traffic to protect your privacy and prevent DNS hijacking and sniffing.
Client software: Stubby | Unbound

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

FAQ

  • How to fix Chrome on Android phone leaking DNS, check HERE
  • Supported TLS v1.3, 1.2
  • We drop ANY type.
  • Why you building this porject? I started this project around 2016. During that time, with my private dns, I need an easy way to filter ads and tracker, so I rent a server and learn how to achive this.
  • Why you dont like huge traffic? I'm still a student. and I run this service with my pocket money and spare time. Just as a hobby to learn somehting new. buying big server or Anti-DDOS service will cost lot.

DNS over HTTP/3 Udp over QUIC protocol
docker run -it --rm ymuski/curl-http3 curl --http3 -H 'accept: application/dns-message' -v 'https://doh-sg.blahdns.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C

Curl Dns-over-HTTPS TCP HTTP/2
curl -H 'content-type: application/dns-message' -vL -v 'https://doh-sg.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
CURL check dns over https performance
curl -kso /dev/null https://www.example.com -w "==============\n\n | dnslookup: %{time_namelookup}\n | connect: %{time_connect}\n | appconnect: %{time_appconnect}\n | pretransfer: %{time_pretransfer}\n | starttransfer: %{time_starttransfer}\n | total: %{time_total}\n | size: %{size_download}\n | HTTPCode=%{http_code}\n\n" ============== | dnslookup: 0.197889 | connect: 0.337666 | appconnect: 0.645758 | pretransfer: 0.647176 | starttransfer: 0.792285 | total: 0.792638 | size: 1256 | HTTPCode=200

kdig DNS over TLS
kdig example.org @dot-sg.blahdns.com +tls -p 443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com. -p 4443
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query example.com.
kdig @doh-sg.blahdns.com +https=doh-sg.blahdns.com/dns-query +https-get example.com.
kdig -d @dot-sg.blahdns.com +tls-ca +tls-host=dot-sg.blahdns.com example.com.

Do Blahdns block CNAME Cloaking? Yes, click here to read more.


We do block Sentry, Rollbar, Bugsnag --
  • Thanks Matteo Bosso**sco for 5 USD
  • Thanks Adam C** for 10 USD
  • Thanks Jash** P for 5 USD
  • Thanks A Bran**ts for 10 USD
  • Thanks Lawrence Le**g for 20 USD
  • Thanks A Bran**ts for 30 USD
  • Thanks for Simon On** for 5 USD
  • Thanks A Br**dts for 5 USD
  • Thanks And**w Kriz for 10 USD
  • Thanks Etienne Gut*** for 15.66 USD
  • Thanks Alexander S** for 50 EUR
  • Thanks Gabrie** Nichole Di*** for 20 USD
  • Thanks Chxx Kxx ** for 10 USD
  • Thanks Ch*** Buiter for 5 USD
  • Thanks Daniel de*** for 35 USD
  • Thanks Rolf Schw*** for 5 USD
  • Thanks Si*** Γ–ner for 5 USD
  • Thanks Poxx Kw*** for 5 USD
  • Thanks Antonius Sian*** for 250 TWD
  • Thanks Yo** J** Lim for 3.88 SGD
  • Thanks Alex *** for 5 USD
  • Thanks to Johannes P*** 5 USD
  • Thanks to Jordi San*** 14.04 USD
  • Thanks to Mark McCr*** for 12.08 EUR
  • Thanks to Kristian Ny*** for 52 EUR
  • Thanks to dt Boris Gren*** for 10 EUR
  • Thanks to dt ans*** for 12 USD
  • Thanks to Andries Lou*** for 1000 TWD
  • Thanks to Andries Lou*** for 807 TWD
  • Thanks to Yann Fa*** for 25 USD(LTC)
  • Thanks to Daniel De*** for 10 USD
  • Thanks to Christoph Be*** for 5 USD
  • Thanks to Etienne Gu*** for 30 EUR
  • Thanks to Michael Ka*** for 3.33 EUR
  • Thanks to Adam Sr*** for 13 USD
  • Thanks to Tobiax R*** for 5 EUR
  • Thanks to Pekka de G*** for 15 USD
  • Thanks to Loren Pe*** for 3 USD
  • Thanks to Adam S*** for 2 USD
  • Thanks to Slawomir M*** for 5 USD
  • Thanks to Giuseppe Ma*** for 5 USD
  • Thanks to Austin Sa*** for 25 USD
  • Thanks to Jonni Rau*** for 25 USD
  • Thanks to Regin Ja*** for 50 EUR
  • Thanks to Kristian Ny*** Jen*** for 5 USD and 10 EUR
  • Thanks to Martin Lohr*** for 10 EUR
  • Thanks to Ferdinand Mu*** for 3 USD
  • Thanks to Mars*** for 5 USD
  • Thanks to Lawerence Le*** for 20 AUD
  • Thanks to ε„ͺζ¨Ή*** for 3 USD
  • Thanks to Ardi Ka*** for 5 SGD
  • Thanks to Kung J*** for 3 USD
  • Thanks to Braian Kap*** for 9 USD
  • Thanks to Lorenzo O*** for 20 USD
  • Thanks to Felix Hung*** for 3 USD
  • Thanks to Marco G*** for 10 USD
  • Thanks to mik*** for 10 EUR
  • Thanks to Tim *** for 20 TWD

How to get strict SPKI

Method 1

Be sure you already install package apt install gnutls-bin
gnutls-cli --print-cert -p 853 dot-jp.blahdns.com | grep "pin-sha256" | head -1

Method 2

kdig -d @dot-jp.blahdns.com +tls-ca +tls-host=dot-jp.blahdns.com blahdns.com