DNSBUNKER.org

DNSBUNKER is a hardened, privacy-first DNS resolver located in Germany. Designed to block ads, malware, and surveillance — with zero logs, zero compromise.

Apple Device Setup

Deploy mobile configuration for iOS/macOS securely:

Deploy Config Profile

Scan to Configure:

QR Code for Apple Config

Server Specs

IPv4 87.106.108.91 87.106.32.13
IPv6 2a01:239:295:e800::1 2a01:239:290:e700::1
Location Berlin, Germany
Uptime 99.9% (Redundant Infrastructure)

Encrypted Protocols

DoH & DoH3 https://dnsbunker.org/dns-query
DoT & QUIC dnsbunker.org

Filter Intelligence

https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/whitelist-referral-native.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/adblock/pro.plus.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/adblock/tif.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.amazon.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.apple.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.huawei.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.winoffice.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.samsung.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.tiktok.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.lgwebos.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.roku.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.vivo.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.oppo-realme.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.xiaomi.txt https://raw.githubusercontent.com/xRuffKez/NRD/refs/heads/main/lists/30-day_dga/adblock/nrd-30day-dga_adblock_part1.txt https://raw.githubusercontent.com/xRuffKez/NRD/refs/heads/main/lists/30-day_dga/adblock/nrd-30day-dga_adblock_part2.txt https://raw.githubusercontent.com/xRuffKez/NRD/refs/heads/main/lists/30-day_phishing/adblock/nrd-phishing-30day_adblock.txt

Technical Configuration

ECS (EDNS Client Subnet) Disabled
DNSSEC Validation Enabled

Security Brief

No Censorship Only Ads, Trackers & Malware are blocked
DNS Rebinding Protection Private/reserved networks rejected
No Logging Compliant with GDPR & privacy laws
Location Berlin, Germany
Redundancy High Availability with failover nodes

About Me and DNSBunker.org

Hi, I'm xRuffKez – a privacy advocate and someone who works mostly behind the scenes on the Hagezi Blocklist Project. With DNSBunker.org, my goal is to offer a free and privacy-respecting public DNS service that blocks ads, tracking, malware, scam sites, and fake shops – all powered by Hagezi's blocklists and additional lists I maintain.

I contribute to the community by creating and maintaining NRD (Newly Registered Domains) and NRD DGA (Domain Generation Algorithm) blocklists. These are designed to block malicious domains right from their creation – a critical step in stopping malware and phishing campaigns early.

I believe that online ads have evolved into a real threat to users. They are not only annoying, but often used as vectors for malware (malvertising) and invasive tracking. The internet should be a place where users are safe and in control – not constantly monitored and targeted.

My project does not censor the internet like some ISPs or institutions do – for example, via lists like the German CUII list. I strongly oppose such forms of censorship as they can violate the fundamental right to freedom of expression. DNSBunker.org is about protection – not suppression.

This project is completely non-commercial and run out of passion for helping others. I don't track users, I don’t sell data – I just want to provide a simple, fast, and secure DNS experience for everyone.

Thank you for trusting DNSBunker.org.

Privacy Policy

DNSBunker operates this public DNS resolver with a strong commitment to privacy and security. Below is a clear explanation of how DNS query data is handled.

1. No Logging of Personal Data

DNSBunker does not log any personally identifiable information (PII), including:

IP addresses of clients

Specific queries

Resolved domains

User agents or device data

DNSBunker does not use logs to track users or profile their behavior.

2. Temporary Logging on Abuse or Malfunction

Logging may be temporarily and selectively enabled in the following cases:

Detection of abuse (e.g., DNS amplification attacks, excessive query rates)

Debugging serious malfunctions or service degradation

These logs are strictly limited in scope and duration, and are only used to mitigate issues or maintain service integrity. Once the issue is resolved, any retained data is purged.

3. Anonymous Statistics

DNSBunker collects aggregated and anonymized statistics for operational and performance monitoring. This includes:

Number of queries

Query types (A, AAAA, MX, etc.)

Cache hit/miss ratios

Protocols used (DNS, DoT, DoH)

These statistics cannot be used to identify individual clients or endpoints.

4. DNSSEC Validation

DNSBunker performs full DNSSEC validation to ensure data integrity and authenticity of DNS responses.

5. Query Filtering and Security

To protect users and the internet at large, DNSBunker implements strict filtering and protection measures:

Blocks zone transfers (AXFR/IXFR)

Drops ANY type queries to prevent abuse and amplification

Rejects queries or responses involving private or reserved IP ranges (e.g., RFC1918)

Enforces per-client rate limiting

6. Contact

For questions or concerns, please contact: xruffkez@dnsbunker.org