DoH queries resolve over HTTPS for privacy, performance, and security. DoH also makes it easier to use a name server of your choice instead of the one configured for your system.
RFC 8484 - DNS Queries over HTTPS (DoH)
| Who runs it | Base URL | Working* | Comment |
|---|---|---|---|
| A | |||
| aaflalo.me | Server US: https://dns-nyc.aaflalo.me/dns-query | ✔️ | Runs on Star Brilliant's dns-over-https Checks for DNSSEC and block advertising |
| AdGuard | Default: https://dns.adguard.com/dns-query Family protection: https://dns-family.adguard.com/dns-query |
✔️ ✔️ |
Default provides ad-blocking at DNS level, while Family protection adds adult site blocking. |
| Adhole | United Kingdom : https://uk.adhole.org/dns-query Germany : https://de.adhole.org/dns-query Singapore : https://sg.adhole.org/dns-query US Central : https://us-central.adhole.org/dns-query US East : https://us-east.adhole.org/dns-query |
✔️ ✔️ ✔️ ❌ ✔️ |
Adblocking with OISD list, queries and originating IP stored for 24 hours. |
| AhaDNS | Netherland : https://doh.nl.ahadns.net/dns-query India : https://doh.in.ahadns.net/dns-query Los Angeles : https://doh.la.ahadns.net/dns-query New York : https://doh.ny.ahadns.net/dns-query Poland : https://doh.pl.ahadns.net/dns-query Italy : https://doh.it.ahadns.net/dns-query Spain : https://doh.es.ahadns.net/dns-query Norway : https://doh.no.ahadns.net/dns-query Chicago : https://doh.chi.ahadns.net/dns-query Australia : https://doh.au.ahadns.net/dns-query |
✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ |
A zero logging DNS with support for DNS-over-HTTPS (DoH) & DNS-over-TLS (DoT). Blocks ads, malware, trackers, viruses and telemetry. DNSSEC, TLS 1.3, Open Source. Uses OISD list |
| Aha DNS Blitz | Uncensored : https://blitz.ahadns.com OISD filter : https://blitz.ahadns.com/1:1 OISD & Energized Porn filter : https://blitz.ahadns.com/1:1.12 |
✔️ ✔️ ✔️ |
Customizable globally distributed DoH-only server with no logging |
| Alibaba Public DNS | https://dns.alidns.com/dns-query | ✔️ | DoH/DoT/DNS Json API, Best DoH/DoT server in China |
| Andrews & Arnold | https://dns.aa.net.uk/dns-query | ✔️ | no logging (see DNS Disclaimer) |
| alekberg | Spain: https://dnses.alekberg.net/dns-query Holland: https://dnsnl.alekberg.net/dns-query Sweden: https://dnsse.alekberg.net/dns-query |
✔️ ✔️ ✔️ |
DoH Servers in Spain, Holland and Sweden. No logging, no filtering, DNSSEC support. |
| Arapuyaril | https://dns.arapurayil.com/dns-query | ✔️ | Encrypted ad-blocking DNS resolver located in Mumbai |
| Association 42l | https://doh.42l.fr/dns-query | ✔️ | DNSSEC, not logging queries' content, uses doh-proxy and edgedns for caching. Queries proxied randomly through FFDN members' open DNS resolvers (French ISPs committing for net neutrality). |
| B | |||
| BebasDNS | Singapore Linode : https://dns.doh.my.id/dns-query | ✔️ | DNS-based ad-blocking service |
| blahdns.com | Switzerland : https://doh-ch.blahdns.com/dns-query Singapore : https://doh-sg.blahdns.com/dns-query Finland: https://doh-fi.blahdns.com/dns-query Japan: https://doh-jp.blahdns.com/dns-query Germany: https://doh-de.blahdns.com/dns-query |
✔️ ✔️ ✔️ ✔️ ✔️ |
Based on Go implementation, HAProxy + Dnsdist + Knot-resolver with DNSSEC, No ECS, No logs, Adblock |
| blockerDNS | https://example.doh.blockerdns.com/dns-query | ❓ (💰) | DNS-based ad-blocking service; One-man operation; ZERO IP and DNS query logging for DoH and DoT. Charges $2.99 per month for https DOH service |
| Blokada DNS | https://dns.blokada.org/dns-query | ✔️ | No logging. |
| C | |||
| Charter | California: https://doh-01.spectrum.com/dns-query Texas: https://doh-02.spectrum.com/dns-query |
✔️ | Trial - Testing multiple platforms |
| CIRA Canadian Shield | Private: https://private.canadianshield.cira.ca/dns-query Protected: https://protected.canadianshield.cira.ca/dns-query Family: https://family.canadianshield.cira.ca/dns-query |
✔️ ✔️ ✔️ |
Supports DNSSEC, keeps DNS traffic inside Canada. Private: DNS resolution service that keeps your DNS data private from third-parties. Protected: Includes Private features and adds malware and phishing blocking. Family: Includes Protected and Private features and blocks pornographic content. |
| Cisco Umbrella (OpenDNS) | Standard: https://doh.opendns.com/dns-query FamilyShield (blocks adult content): https://doh.familyshield.opendns.com/dns-query |
✔️ ✔️ |
DNSSEC, Anycast |
| CleanBrowsing | https://doh.cleanbrowsing.org/doh/family-filter/ | ✔️ | anycast DoH server with parental control (restricts access to adult content + enforces safe search) |
| Cloudflare | https://cloudflare-dns.com/dns-query also available via Tor onion service Mozilla: https://mozilla.cloudflare-dns.com/dns-query Block Malware: https://security.cloudflare-dns.com/dns-query Block Malware and Adult Content: https://family.cloudflare-dns.com/dns-query DNS64: https://dns64.cloudflare-dns.com/dns-query |
✔️ ✔️ ✔️ ✔️ ❓ |
Supports both -04 and -13 content-types |
| Comcast | https://doh.xfinity.com/dns-query | ✔️ | Experimental, DNSSEC |
| Commons Host | https://commons.host/ | ✔️ | |
| ControlD | Unfiltered : https://freedns.controld.com/p0 Block Malware : https://freedns.controld.com/p1 Block Malware + Ads : https://freedns.controld.com/p2 Block Malware + Ads + Social : https://freedns.controld.com/p3 |
✔️ ✔️ ✔️ ✔️ |
ControlD is a fully customizable anycast DNS service that allows you to not only block annoyances like malware, tracking, ads, IoT telemetry, and more, but also unblock over 180 services through a network of proxies in over 100 cities. |
| CZ.NIC | https://odvr.nic.cz/dns-query | ✔️ | Runs on Knot Resolver (doh2), supports DNSSEC, provided by .cz TLD operator |
| D | |||
| Digitale Gesellschaft | https://dns.digitale-gesellschaft.ch/dns-query | ✔️ | No query/IP logging, no filtering, QNAME minimization, TLS 1.3, DNSSEC; https://www.digitale-gesellschaft.ch/dns/ |
| dns.flatuslifir.is | https://dns.flatuslifir.is/dns-query | ✔️ | Public adblock server that supports DoT & DoH for fun and learning, no logging, supports DNSSEC, qname-minimisation, ECS is not enabled. Located in Iceland, built on pihole, nginx, unbound, m13253/DNS-over-HTTPS |
| DNS.SB | https://doh.dns.sb/dns-query | ✔️ | DNSSEC enabled |
| dnsforge.de | https://dnsforge.de/dns-query | ✔️ | No logging. Support DNSSEC. Hosted in Germany |
| dnsHome.de | https://dns.dnshome.de/dns-query | ✔️ | DoH Server in Germany. No logging, No filtering, DNSSEC and own DNS Resolver |
| DNSlify | https://doh.dnslify.com/dns-query | ✔️ | Anycast, No Logging, Own Recursion, Strict Privacy Policy. |
| doh.li | https://doh.li/dns-query | ✔️ | Runs on dns-over-https, no logging, EDNS Client Subnet enabled, based in DigitalOcean London. DNSSEC and adblock not currently enabled. |
| dnswarden | Singapore - https://doh.asia.dnswarden.com/adblock https://doh.asia.dnswarden.com/uncensored https://doh.asia.dnswarden.com/adultfilter Germany - https://doh.eu.dnswarden.com/adblock https://doh.eu.dnswarden.com/uncensored https://doh.eu.dnswarden.com/adultfilter USA - https://doh.us.dnswarden.com/adblock https://doh.us.dnswarden.com/uncensored https://doh.us.dnswarden.com/adultfilter |
✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ |
A zero logging DNS with support for DNS-over-HTTPS (DoH), DNS-over-TLS (DoT) & Dnscrypt. Supports DNSSEC, TLS 1.3, QNAME minimization and does own Recursion. EDNS Client Subnet is disabled. Provides 3 different types of filtering options. Adblock - Blocks ads, trackers, viruses and telemetry. Adultfilter - Blocks adult content, enforces safe search and inculdes all the features from adblock. Uncensored - Unrestricted access/no filtering. For more information look here or here. |
| E | |||
| EdgyDNS | https://dns.edgy.network/dns-query | ✔️ | Adblocking |
| e-utp.net | https://dnscache.e-utp.net/dns-query | ✔️ | IPv6 only |
| F | |||
| FAELIX | https://rdns.faelix.net/ | ✔️ | No logging, based on dnsdist-doh RC querying our powerdns-recursor resolvers, multiple nodes in UK and CH, more info |
| ffmuc.net | https://doh.ffmuc.net/dns-query | ✔️ | DoH-Server of Freifunk München. No logging, no filter, DNSSEC, own recursion. More in our wiki |
| Foundation for Applied Privacy | https://doh.applied-privacy.net/query | ✔️ | No query/IP logging, no filtering, QNAME minimization, no EDNS client subnet, TLS 1.3, DNSSEC, RFC7706, RFC8198; https://applied-privacy.net/services/dns/ |
| G | |||
| https://dns.google/dns-query DNS64: https://dns64.dns.google/dns-query |
✔️ ✔️ |
Full RFC 8484 support | |
| H | |||
| Hostux.net | Uncensored DNS: https://dns.hostux.net/dns-query Adblocking DNS: https://dns.hostux.net/ads |
✔️ ✔️ |
DNSSEC, no EDNS Client-Subnet, not logging queries' content, hosted in Luxembourg. |
| Hurricane Electric (he.net) | https://ordns.he.net/dns-query | ✔️ | Also supports DoT and TLS 1.3, Now supports DNSSEC. Anycast servers. |
| J | |||
| jitender | https://jit.ddns.net/dns-query | ✔️ | DoH server - India, Oracle Cloud, Hyderabad, India, Runs with nginx, high availability, load balanced by nginx with multiple backend DNS servers. Blocks ad, analytics, trackers blocking provides a clean browsing experience. @coolquasar |
| jp.tiar.app | https://jp.tiar.app/dns-query https://jp.tiarap.org/dns-query |
✔️ | No Censorship, No Logging, No ECS, support DNSSEC in Japan |
| L | |||
| LavaDNS | USA: https://us1.dns.lavate.ch/dns-query, Finland: https://eu1.dns.lavate.ch/dns-query | ✔️ | DoH server in USA and Finland. No logging, no filtering, no ECS, DNSSEC support. |
| LibreDNS | https://doh.libredns.gr/dns-query | ✔️ | no logging, TLS 1.3, No DNSSEC |
| M | |||
| Mullvad | Non-blocking https://doh.mullvad.net/dns-query Adblocking https://adblock.doh.mullvad.net/dns-query |
✔️ ✔️ |
Public DoH server in AU, US, DE, GB, SG, and SE with QNAME minimization, audited by Assured |
| Moulticast | https://dns.moulticast.net/dns-query | ❌ | IPv6 Anycast DoH servers in Europe (more locations to come). No logging, no filtering, no ECS, DNSSEC support. |
| N | |||
| NextDNS | https://dns.nextdns.io/<config_id> Create a config ID |
✔️ | The first cloud-based private DNS service that gives you full control over what is allowed and what is blocked on the Internet. 300,000 domain resolution per month is free with non-filtering afterwards until the end of the month. Granular dashboard, Each account can create multiple configurations, which can be used for multiple devices with prefixes to track activities on the dashboard. |
| NekomimiRouter | https://dns.dns-over-https.com/dns-query | ✔️ | Runs Go implementation. Does recursion itself with no upstream servers. Toy server may fail, please report if fails |
| P | |||
| pf-doh | https://doh.post-factum.tk/dns-query | ✔️ | DoH server by post-factum. Hosted in Zürich, Switzerland using Oracle Cloud, cached globally via Cloudflare. Non-logging, non-filtering, supports DNSSEC |
| Plan9-dns | New Jersey : https://hydra.plan9-ns1.com/dns-query Florida : https://draco.plan9-ns2.com/dns-query |
✔️ ✔️ |
Hosted on Vultr |
| PowerDNS | https://doh.powerdns.org | ✔️ | Based on dnsdist-doh branch |
| Q | |||
| Quad9 | Recommended: https://dns.quad9.net/dns-query Secured: https://dns9.quad9.net/dns-query Unsecured: https://dns10.quad9.net/dns-query Secured w/ECS Support: https://dns11.quad9.net/dns-query |
✔️ ✔️ ✔️ |
Secured provides: Security blocklist, DNSSEC, no EDNS Client-Subnet Unsecured provides: No security blocklist, no DNSSEC, no EDNS Client-Subnet Recommend is currently identical to secure. |
| R | |||
| RethinkDNS | Non-filtering: https://basic.rethinkdns.com/dns-query Configure custom blocklists: https://rethinkdns.com/configure |
✔️ | An open-source stub resolver running in 200+ locations world-wide on Cloudfare's network. Fast, secure, private, transparent, configurable DNS resolver. No ECS. Implements CNAME Cloaking. No-logs. code. |
| Rubyfish.cn | https://dns.rubyfish.cn/dns-query | ✔️ | East China Zone, Based on https://github.com/m13253/dns-over-https |
| S | |||
| Snopyta | https://fi.doh.dns.snopyta.org/dns-query | ✔️ | Non-logging DoH Server in Finland |
| SWITCH | https://dns.switch.ch/dns-query | ✔️ | DNSSEC validation protects from forged or manipulated DNS data from upstream servers, DNS Query Name Minimisation to improve privacy, SWITCH DNS Firewall blocks access to infected or malicious websites and redirects users to a landing page |
| T | |||
| Tiarap | https://doh.tiar.app/dns-query https://doh.tiarap.org/dns-query |
✔️ ✔️ |
Based in Singapore, No logging, block Ad/Ad-tracking/Malware, No ECS, DNSSEC |
| This.web.id | https://doh.this.web.id/dns-query | ✔️ | Based in Indonesia |
| TWNIC | https://dns.twnic.tw/dns-query | ✔️ | No source IP logging. Operated by Quad101 project, according to this announcement |
| U | |||
| Usable Privacy | https://adfree.usableprivacy.net/dns-query | ✔️ | Public non-logging DNS server with advertising and tracker filtering, use AdAway and Peter Lowe's list |
| W | |||
| WeDNS | Non-blocking : https://dns.wevpn.com/dns-query Ad and malware blocking : https://dns-weblock.wevpn.com/dns-query | ✔️ ✔️ |
Run on WeVPN infrastructure, freely available for public use. |
| Others | |||
| @jedisct1 | https://doh.crypto.sx/dns-query | ✔️ | a server which runs another project called doh-proxy, written in Rust. |
| @matthewgall - mydns.network | https://freedom.mydns.network/dns-query (no blocking, using unbound) https://adblock.mydns.network/dns-query (adblock, using unbound) |
✔️ ✔️ |
freedom DNSSEC / no logging / DDoS protected / anycast adblock DNSSEC / no logging / DDoS protected / anycast / blocks adverts, phishing and malware / updated daily |
| @null31 | https://ibuki.cgnat.net/dns-query | ✔️ | Based in Brazil / doh-server (nginx - dnsdist - unbound) / dot-server (dnsdist - unbound) / DNSSEC / QNAME minimization / Uncensored / no logging, no ECS, hosted on Oracle Cloud VPS by null31. |
| @publicarray dns.seby.io | https://doh-2.seby.io/dns-query https://doh.seby.io:8443/dns-query |
✔️ ✔️ |
Australian server that runs @m13253's Go implementation, Unbound with DNSSEC, No ECS, and No logs |
*: Tested via curl --doh-url <RESOLVER_URI> http://google.com.
| Base | Source | Comment |
|---|---|---|
| Docker | https://github.com/satishweb/docker-doh | Complete Docker stack using Star Brilliant's dns-over-https and Docker Flow Proxy |
| Docker | https://github.com/coolquasar/dnsproxy | Complete DoH, DoT, and DoQ stack in docker based on Adguard home dnsproxy project. Could host DoH, DoT and DoQ quickly in a cloud server, and run respective clients in local Docker env. It has been tested in Raspberry PI as well |
| Name | Version | Comments |
|---|---|---|
| Firefox | 62 | Firefox DNS-over-HTTPS |
| Bromite | 67.0.3396.88 | How to enable DoH |
| curl | 7.62.0 | See DOH-implementation |
| OkHttp | 3.11 | See Providers |
| curl-doh | n/a | basic stand-alone DoH client that uses curl |
| Chrome | 66 | https://bugs.chromium.org/p/chromium/issues/detail?id=799753 |
| Name | Author/Organization | Comments |
|---|---|---|
| coredns | Cloudflare | CoreDNS is a DNS server/forwarder, written in Go from the Cloud Native Computing Foundation. |
| doh-proxy | tools for DoH | |
| dns2doh | Daniel | tool for generating DOH responses and questions. |
| doh-proxy | Frank Denis | server-side proxy in rust |
| DoH | NotMikeDEV | A single PHP file to add DoH forwarder on any PHP-capable server |
| doh-cf-workers | tina-hello | A single JS file to forward DoH to DoH on Cloudflare Workers |
| doh-gcf | tina-hello | A single C# file to forward DoH to DoH/Do53 on Google Cloud Function |
| doh-php-client | Daniel Cid | can be used to test and run DoH requests via PHP applications. |
| doh-js-client | Peter Lai | client-side implementation of DoH, can be used in nodejs backend. |
| jDnsProxy | Travis Burtrum | DNS proxy and cache, implementing DNS-over-TLS, DNS-over-HTTPS, and Serve-Stale |
| dns-over-https | Star Brilliant | server-side and client-side implementation, written in Golang |
| dnsdist | PowerDNS | supports doh, see https://dnsdist.org/guides/dns-over-https.html |
| dnss | Alberto Bertogli | daemon written in Go which acts as a proxy (the most common use case), and as a server (in case you want end-to-end control). |
| nss-tls | Dima Krasner | a daemon that makes gethostbyname(), getaddrinfo(), etc. happen through DoH, without any change to applications, thus transparently migrating all applications that don't use their own resolver (like some browsers) from DNS to DoH. |
| dealdoh | Maxime Elomari | a middleware to proxy DoH requests to different DNS upstreams, written in PHP. |
| Encrypted-DNS | Siujoeng Lau | DNS-over-HTTPS forwarder written in Python |
| RouteDNS | Frank Olbricht | a flexible stub resolver, proxy, and router with support for DoH, DoT, and plain DNS written in Go. |
| h2odoh | Max Kostikov | an implementation with H2O HTTP/2 server using embedded mruby. |
| Encrypted DNS Server | Frank Denis | can serve DNSCrypt and DoH traffic simultaneously, written in Rust. |
| dnscrypt-proxy | Frank Denis | dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. |
| quart-doh | Matthieu Treussart | HTTP/2 server who serves a DOH proxy written in Python, with Quart Python web microframework. |
| EasyDoH | ElevenPaths | a simple add-on for Firefox that allows one to easily activate DNS over HTTPS and its working mode with just one click. |
| dohjs | BYU IMAAL | Client DoH JavaScript library for accessing DNS information from web applications. Can be tested at dohjs.org |
| serverless-dns | RethinkDNS | Host your own RethinkDNS instance on Cloudflare Worker, support customizable filter from URL parameter |
| Technitium DNS Server | Technitium | A FOSS, cross-platform DNS Server written in C# that can consume as well as host DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) services. |
| kdig | CZ.NIC | Utility that sends one or more DNS queries to a nameserver. Each query can have individual settings, or it can be specified globally via common settings, which must precede query specification. This utility supports DoH. |