Ad-free. Private. Secure.
DNSBunker is a high-availability, hardened DNS resolver specifically engineered to safeguard your digital sovereignty. Experience a cleaner web through intelligent ad-blocking, integrated malware protection, and a strict zero-log policy by design.
DNS over HTTPS (DoH & DoH3)
Ideal for modern browsers and mobile devices. These protocols use an encrypted tunnel that blends seamlessly into standard HTTPS web traffic, making it harder to block or throttle.
https://dnsbunker.org/dns-query
h3://dnsbunker.org/dns-query
Next-Gen Protocols (DoT & DoQ)
Leverage DNS over TLS for robust system-wide encryption or DNS over QUIC for the fastest and most resilient connection technology available today.
dnsbunker.org
quic://dnsbunker.org
DNS Stamps for Automated Configuration
These encrypted "Stamps" contain all the necessary metadata to connect supported tools to DNSBunker fully automatically.
sdns://AgMAAAAAAAAADjE1Mi41My4yMDcuMTkxAA1kbnNidW5rZXIub3JnCi9kbnMtcXVlcnk
sdns://AwMAAAAAAAAADjE1Mi41My4yMDcuMTkxAA1kbnNidW5rZXIub3Jn
sdns://BAMAAAAAAAAADjE1Mi41My4yMDcuMTkxAA1kbnNidW5rZXIub3Jn
sdns://AgMAAAAAAAAADjE1Mi41My4yMDcuMTkxILJfLzaWf3OU8Jk3iFszP6o1bXGf6s84zOnwNVAA8-F0DWRuc2J1bmtlci5vcmcKL2Rucy1xdWVyeQ
IP Addresses
Following Addresses belong to DNSBunker.
Unencrypted DNS over 53 (Legacy) is NOT supported without using encrypted DNS!
These IPs above only accept Legacy DNS (53) to establish encrypted DNS and for fallbacks!
152.53.207.191
2a00:11c0:5f:362c::
Device Configuration Guide
Setting up DNSBunker is straightforward. Select your operating system below to enhance your network security instantly.
Navigate to Settings > Network & Internet > Private DNS. Enter our hostname there to enable system-wide encryption for all your apps.
dnsbunker.org
Windows 11 supports DoH natively. For older versions or advanced features, we highly recommend using YogaDNS for easy setup.
DoH-URL:https://dnsbunker.org/dns-query
Install our encrypted configuration profile to ensure your DNS queries never leave your device unencrypted.
Download Config ProfileAdvanced Security & Strict Validation
DNSBunker employs uncompromising security mechanisms to protect you from modern threats like data manipulation and local network attacks.
We strictly enforce DNSSEC verification. This guarantees that the DNS responses you receive are authentic and haven't been tampered with. Domains with a broken signature chain are rejected as REFUSED to protect the user.
To guard against "DNS Rebinding" attacks, our server filters responses that point to private IP ranges. If a public domain attempts to redirect to your local home network, the request is automatically REFUSED.
Advertisements, trackers, and malicious domains are neutralized at the source. Our resolver responds with NXDOMAIN in these cases, stopping the connection before any data is even transferred.
Filter Intelligence & Community
Our blocklists are powered by high-quality sources and updated every 10 minutes to ensure protection against the latest online threats.
Is a website not loading correctly, or have you found an unblocked ad domain? Your feedback improves the filters for the entire community.
Report an Issue on GitHubInfrastructure & Privacy
We do not store your IP address or your browsing history. DNSBunker is fully GDPR-compliant and designed for maximum anonymity.
Our servers in Nuremberg operate under the world's strictest data protection laws and offer excellent performance across Europe.
ECS is ignored to keep your location private. QNAME Minimization ensures that only the minimum necessary information is shared with upstream servers.
Special Domain Policies
Certain services are intentionally disabled (NXDOMAIN) to prevent tracking and maintain control over your system behavior:
Digital Sovereignty
Protect your data and support the movement for an independent web.
