Public DNS Forwarding Servers

theo.dremaxx.de

IPv4: 85.215.153.54
IPv6: 2a01:239:251:a800::1
Location: Germany

fritz.dremaxx.de

IPv4: 87.106.35.241
IPv6: 2a00:da00:f425:5800::1
Location: Great Britain

Terms of Use


By choosing to use my DNS servers, you acknowledge and agree to the terms and conditions described. Usage of these servers is entirely voluntary, and by doing so, you consent to the logging, data handling, and retention policies outlined in the provided documentation.
You also agree that no claims or rights can be asserted against me regarding the availability, performance, or operation of this service. I reserve the right to discontinue or modify this service at any time without prior notice.
If you do not agree with these terms, you are advised to refrain from using these DNS servers.

Server Settings

In cases where the DNS servers are unable to resolve a query from the local cache, the query will be forwarded to an external DNS resolver, specifically Quad9.
Please note the following:

No control over external service:
I have no control over the operation, performance, or security measures of Quad9's DNS service. Therefore, I cannot provide any guarantees about the availability, accuracy, or speed of their service.
Data handling by Quad9:
Once the query is forwarded to Quad9, it is handled by their infrastructure, and their privacy and data handling policies apply. I am not responsible for any misuse, logging, or data retention practices conducted by Quad9.
Transparency:
I encourage you to review Quad9's Privacy Policy to understand how they handle your data and queries.

By using my DNS service, you acknowledge that any query forwarded to Quad9 is subject to their terms of service and privacy policy.

										
											options {
											  ...
											  forwarders port 853 {
												9.9.9.9 tls quad9-tls;
												149.112.112.112 tls quad9-tls;
											  };
											  ...
											};
										
									

Why logging data?

Logging serves several purposes essential to maintaining secure and reliable DNS operations:

Troubleshooting:
Quickly identifying and resolving technical issues.
Security monitoring:
Detecting abuse, such as DDoS attacks or malicious queries.
Performance optimization:
Monitoring server performance to ensure reliability.
Abuse prevention:
Preventing misuse of our infrastructure by tracking suspicious activities.


What data is logged?

Certain categories of logs are disabled by default to prioritize privacy:

General Operations (default):
Completely disabled, no general system activity is logged.
Queries (queries):
Disabled, no logs are maintained of regular DNS requests.
Query Errors (query-errors):
Disabled, no information about failed queries is logged.

The following logs are active and include data about client IP addresses, the domains being queried, and the specific actions taken by the server. Below is an overview of the active logging categories:

Authentication Server Logs (auth_servers_log):
Logs interactions between DNS servers (e.g., trust and authentication).
DNSSEC Logs (dnssec_log):
Records related to DNSSEC (Domain Name System Security Extensions), such as signing and validation events.
Zone Transfer Logs (zone_transfers_log):
Logs information about zone file transfers between servers.
Dynamic DNS Logs (ddns_log):
Tracks updates made through Dynamic DNS.
Client Security Logs (client_security_log):
Logs related to potentially unauthorized or malicious DNS requests, including source IPs and queried domains.
Rate-Limiting Logs (rate_limiting_log):
Records requests blocked due to exceeding rate limits.
RPZ Logs (rpz_log):
Tracks queries affected by Response Policy Zones (RPZ), often used to block or redirect malicious domains.
Debug Logs (default_debug):
Detailed logs used for debugging, only activated when necessary.


Retention and rotation policy

Logs are stored in files with a maximum duration of one day (24 hours) per file.


What does this mean for you?

Logged Data:
For active logging categories, client IP addresses, the domains queried, and other technical details are logged.
Disabled Logging:
Regular DNS queries and errors are not logged (queries and query-errors are null).


Security and sharing

All logs are stored and accessible to the server administrators. They are never shared with third parties, and their use is limited to operational purposes.

										
											logging {
											  ...
											  channel default_syslog {
												print-time yes;
												print-category yes;
												print-severity yes;
												syslog daemon;
												severity info;
											  };
											  ...
											  category default { null; };
											  category config { default_syslog; };
											  category dispatch { default_syslog; };
											  category network { default_syslog; };
											  category general { default_syslog; };
											  category zoneload { default_syslog; };
											  category resolver { default_syslog; };
											  category cname { default_syslog; };
											  category lame-servers { default_syslog; };
											  category edns-disabled { default_syslog; };
											  category dnssec { default_syslog; };
											  category notify { default_syslog; };
											  category xfer-in { default_syslog; };
											  category xfer-out { default_syslog; };
											  category update{ default_syslog; };
											  category update-security { default_syslog; };
											  category client { default_syslog; };
											  category security { default_syslog; };
											  category rate-limit { default_syslog; };
											  category spill { default_syslog; };
											  category database { default_syslog; };
											  category rpz { default_syslog; };
											  category dnstap { default_syslog; };
											  category trust-anchor-telemetry { default_syslog; };
											  category queries { null; };
											  category query-errors { null; };
											};
										
									

Setup Instructions

  1. Access the FritzBox web interface

    Open a web browser and go to http://fritz.box or http://192.168.178.1 (depending on your FritzBox model).
    Log in with your administrator credentials (username and password).

  2. Navigate to the DNS settings

    In the main menu of the FritzBox interface, go to "Internet".
    Then, click on "Account Information" or "Connection Settings" (the exact name may vary depending on the FritzBox model).
    Look for an option labeled "DNS Server" or "DNS Settings".

  3. Configure the DNS servers

    In the DNS settings section, you will typically find an option to either "Obtain DNS server addresses automatically" or to "Use the following DNS server addresses".
    Select "Use the following DNS server addresses" to manually set your DNS servers.
    Enter the IP addresses of your DNS servers:

    Primary DNS:
    85.215.153.54
    Secondary DNS:
    87.106.35.241

  4. Save the configuration

    After entering the DNS server addresses, click "Apply" or "Save" to save the settings.
    The FritzBox will apply the new DNS settings to the network.

how-to-dns-servers-fritzbox
how-to-dns-servers-fritzbox-tls

  1. Install packages
    									
    										apt-get install resolvconf -y
    									
    								
  2. Open config file
    									
    										nano /etc/resolvconf/resolv.conf.d/head
    									
    								
  3. Add nameservers
    									
    										nameserver 85.215.153.54
    										nameserver 87.106.35.241
    									
    								
    and/or
    									
    										nameserver 2a01:239:251:a800::1
    										nameserver 2a00:da00:f425:5800::1
    									
    								
  4. Restart service
    resolvconf --enable-updates
    resolvconf -u