When you visit a website (or anything on the internet), you write the name of the site and get an answer. Somewhere (probably in a Big Tech data centre), a computer (not unlike the one you’re using) gets your request and forms a response.
To get the address to send data to, DNS resolvers take the site name and gives you the address. That’s what I’m offering. A privacy first, fast DNS resolver.
The service is best in Scandinavia, as that’s where the server physically resides.
After seeing the stats Cloudflare provided, I realized the DNS resolver I’d been using was keeping logs. This is more private.
Cloudflare’s
1.1.1.1
service is anyway greatly superior in every way (privacy, speed) to Google’s offering and especially your ISP’s service.
Reveal my ip
In my perpetual mission of increasing privacy, I’ve began hosting my own DNS resolver. It does not depend on any external resolvers.
I guarantee to not collect any data, no IP logs, no DNS queries, nada.
If your DNS / internet suddenly stops working, please remove the changes and visit this page for updates.
Service
The IP for this DNS service is 213.66.91.30.
I offer both DNS on port 53
and
DNS over TLS on port 853
. Use
DoT for better security and privacy. Using normal DNS (port 53
), middlemen can
redirect you to other sites.
Setup
This is a brief introduction on how to change DNS settings on various devices.
Mobile devices
In most operating systems, you can change DNS settings on a per network basis. Go to the Wi-Fi settings and select the connected network. In that menu, you should find the settings.
Desktop computers
I recommend installing Unbound
as a DNS server locally, which caches DNS
queries and can more securely fetch them from my server.
If you don’t want to use Unbound, set my DNS in your system’s settings.
Setting DNS settings
Search up a tutorial for doing this for your OS online (or if you’re using Linux, just open the settings. It’s more complicated in Windows…).
Next, set the IPv4 server to 213.66.91.30
(or 127.0.0.1
if you’re running
your local Unbound server). Consider setting the fallback to 1.1.1.1
, in which
case your DNS queries don’t fail if this service enters maintenance.
I currently don’t offer a IPv6 service.
This is due to my ISP not giving me one. What year are we in? 🤯
Windows
Edit the config file located at C:\Program Files\Unbound\service.conf
.
At the bottom, add the following:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 213.66.91.30@853#icelk.dev
Also, find (search in your text editor (e.g. notepad
)) the line that contains
# tls-win-cert: no
. Replace it with tls-win-cert: yes
. Notice the #
got
removed.
Now, search for and open the program Services
and restart Unbound
.
Configure the system to use the local DNS.
You should now be using my DNS service.
Unix
Install Unbound using your favourite package manager (e.g. brew
on macOS,
pacman
on Arch derivatives, apt-get
on Debian derivatives).
Edit the config file located at /etc/unbound/unbound.conf
. At the bottom, add
the following:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 213.66.91.30@853#icelk.dev
Now, you need to add trusted certificates to verify it’s me who’s responding to
your DNS queries. On Arch, replace the line containing tls-cert-bundle
with
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
, with the same
indentation. Search for how to do it for your OS.
Check this and this link for more details.
Configure the system to use the local DNS. A hint for
Arch/Gentoo users is to add nohook resolv.conf
to the end of dhcpcd.conf
and
manually add nameserver 127.0.0.1
to /etc/resolv.conf
.
For more details on how to harden this setup and allow captive portals on Linux, see my accompanying article.