Home
Articles
APIs
Kvarn
DNS
httPWM

When you visit a website (or anything on the internet), you write the name of the site and get an answer. Somewhere (probably in a Big Tech data centre), a computer (not unlike the one you’re using) gets your request and forms a response.

To get the address to send data to, DNS resolvers take the site name and gives you the address. That’s what I’m offering. A privacy first, fast DNS resolver.

The service is best in Scandinavia, as that’s where the server physically resides.

After seeing the stats Cloudflare provided, I realized the DNS resolver I’d been using was keeping logs. This is more private.

Cloudflare’s 1.1.1.1 service is anyway greatly superior in every way (privacy, speed) to Google’s offering and especially your ISP’s service.

Checking status...
Tools

Reveal my ip

In my perpetual mission of increasing privacy, I’ve began hosting my own DNS resolver. It does not depend on any external resolvers.

I guarantee to not collect any data, no IP logs, no DNS queries, nada.

If your DNS / internet suddenly stops working, please remove the changes and visit this page for updates.

Service

The IP for this DNS service is 213.66.91.30.

I offer both DNS on port 53 and DNS over TLS on port 853. Use DoT for better security and privacy. Using normal DNS (port 53), middlemen can redirect you to other sites.

Setup

This is a brief introduction on how to change DNS settings on various devices.

Mobile devices

In most operating systems, you can change DNS settings on a per network basis. Go to the Wi-Fi settings and select the connected network. In that menu, you should find the settings.

Desktop computers

I recommend installing Unbound as a DNS server locally, which caches DNS queries and can more securely fetch them from my server.

If you don’t want to use Unbound, set my DNS in your system’s settings.

Setting DNS settings

Search up a tutorial for doing this for your OS online (or if you’re using Linux, just open the settings. It’s more complicated in Windows…).

Next, set the IPv4 server to 213.66.91.30 (or 127.0.0.1 if you’re running your local Unbound server). Consider setting the fallback to 1.1.1.1, in which case your DNS queries don’t fail if this service enters maintenance.

I currently don’t offer a IPv6 service.

This is due to my ISP not giving me one. What year are we in? 🤯

Windows

Install Unbound.

Edit the config file located at C:\Program Files\Unbound\service.conf.

At the bottom, add the following:

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 213.66.91.30@853#icelk.dev

Also, find (search in your text editor (e.g. notepad)) the line that contains # tls-win-cert: no. Replace it with tls-win-cert: yes. Notice the # got removed.

Now, search for and open the program Services and restart Unbound.

Configure the system to use the local DNS.

You should now be using my DNS service.

Unix

Install Unbound using your favourite package manager (e.g. brew on macOS, pacman on Arch derivatives, apt-get on Debian derivatives).

Edit the config file located at /etc/unbound/unbound.conf. At the bottom, add the following:

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 213.66.91.30@853#icelk.dev

Now, you need to add trusted certificates to verify it’s me who’s responding to your DNS queries. On Arch, replace the line containing tls-cert-bundle with tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt, with the same indentation. Search for how to do it for your OS.

Check this and this link for more details.

Configure the system to use the local DNS. A hint for Arch/Gentoo users is to add nohook resolv.conf to the end of dhcpcd.conf and manually add nameserver 127.0.0.1 to /etc/resolv.conf.

For more details on how to harden this setup and allow captive portals on Linux, see my accompanying article.