The Web is hostile! Get Bunkerized!
Block Ads, Trackers, Scam, Malware and various other nasty stuff at their source without breaking your Experience!
DNS over HTTPS (DoH & DoH3)
Ideal for modern browsers and mobile devices. These protocols use an encrypted tunnel that blends seamlessly into standard HTTPS web traffic, making it harder to block or throttle.
https://dnsbunker.org/dns-query
h3://dnsbunker.org/dns-query
Next-Gen Protocols (DoT & DoQ)
Leverage DNS over TLS for robust system-wide encryption or DNS over QUIC for the fastest and most resilient connection technology available today.
dnsbunker.org
quic://dnsbunker.org
DNS Stamps for Automated Configuration
These encrypted "Stamps" contain all the necessary metadata to connect supported tools to DNSBunker fully automatically.
sdns://AgMAAAAAAAAADjE1OS4xOTUuNDkuMjM5AA1kbnNidW5rZXIub3JnCi9kbnMtcXVlcnk
sdns://AwMAAAAAAAAADjE1OS4xOTUuNDkuMjM5AA1kbnNidW5rZXIub3Jn
sdns://BAMAAAAAAAAADjE1OS4xOTUuNDkuMjM5AA1kbnNidW5rZXIub3Jn
IP Addresses
Unencrypted DNS over 53 (Legacy) is NOT supported!
159.195.49.239
2a0a:4cc0:c1:b958::
Device Configuration Guide
Setting up DNSBunker is straightforward. Select your operating system below to enhance your network security instantly.
Navigate to Settings > Network & Internet > Private DNS. Enter our hostname there to enable system-wide encryption for all your apps.
dnsbunker.org
Windows 11 supports DoH natively. For older versions or advanced features, we highly recommend using YogaDNS for easy setup.
DoH-URL:https://dnsbunker.org/dns-query
Install our encrypted configuration profile to ensure your DNS queries never leave your device unencrypted.
Download Config ProfileCreate Custom Profile
Advanced Security & Strict Validation
DNSBunker employs uncompromising security mechanisms to protect you from modern threats like data manipulation and local network attacks.
We strictly enforce DNSSEC verification. This guarantees that the DNS responses you receive are authentic and haven't been tampered with. Domains with a broken signature chain are rejected as REFUSED to protect the user.
To guard against "DNS Rebinding" attacks, our server filters responses that point to private IP ranges. If a public domain attempts to redirect to your local home network, the request is automatically REFUSED.
Advertisements, trackers, and malicious domains are neutralized at the source. Our resolver responds with NXDOMAIN in these cases, stopping the connection before any data is even transferred.
Filter Intelligence & Community
Our blocklists are powered by high-quality sources and updated every 10 minutes to ensure protection against the latest online threats.
Is a website not loading correctly, or have you found an unblocked ad domain?
Your feedback improves the filters for the entire community.
Report an Issue on GitHub
Is DNSBunker too strict for your purpose?
Check out Hagezi DNS Resolvers, which are also applying strict privacy and security focused policies!
Infrastructure & Privacy
We do not store your IP address or your browsing history. DNSBunker is fully GDPR-compliant and designed for maximum anonymity.
Our servers in Nuremberg operate under the world's strictest data protection laws and offer excellent performance across Europe.
QNAME Minimization ensures that only the minimum necessary information is shared with upstream servers.
Special Domain Policies
Certain services are intentionally disabled (NXDOMAIN) to prevent tracking and maintain control over your system behavior:
Digital Sovereignty
Selfhosting your own DNS Stack is ALWAYS better for your Digital Security and Privacy!
Please consider using AdGuard Home or Pi-hole with Unbound!
Protect your data and support the movement for an independent web.
