Public DNS Resolvers

Personal contribution to an open and secure network

This DNS service ensures your online privacy and security by offering DNS over TLS (DoT) and DNS over HTTPS (DoH). These advanced protocols encrypt your DNS queries, preventing eavesdropping, tracking, and DNS-based attacks. Unlike traditional DNS, which sends queries in plain text, this service ensures that your browsing data stays private and secure from ISPs, hackers, and other third parties.

theo.dremaxx.de

IPv4:
85.215.153.54
IPv6:
2a01:239:251:a800::1
Status:
-
Latency:
-ms
Location:
DE

fritz.dremaxx.de

IPv4:
87.106.35.241
IPv6:
2a00:da00:f425:5800::1
Status:
-
Latency:
-ms
Location:
GB
# Terms of Use

By choosing to use my DNS servers, you acknowledge and agree to the terms and conditions described. Usage of these servers is entirely voluntary, and by doing so, you consent to the logging, data handling, and retention policies outlined in the provided documentation.
You also agree that no claims or rights can be asserted against me regarding the availability, performance, or operation of this service. I reserve the right to discontinue or modify this service at any time without prior notice.
If you do not agree with these terms, you are advised to refrain from using these DNS servers.

# Domain Query Tool
# Server Settings

In cases where the DNS servers are unable to resolve a query from the local cache, the servers rely on root hints to query the authoritative DNS hierarchy step by step, starting from the root servers. This ensures accurate and up-to-date responses while maintaining independence from external DNS providers. 

											
												options {
													...
													recursion yes;
													allow-recursion { any; };
													allow-query { any; };
													allow-query-cache { any; };
													...
												};

Why logging data?

Logging serves several purposes essential to maintaining secure and reliable DNS operations:

Troubleshooting:
Quickly identifying and resolving technical issues.
Security monitoring:
Detecting abuse, such as DDoS attacks or malicious queries.
Performance optimization:
Monitoring server performance to ensure reliability.
Abuse prevention:
Preventing misuse of our infrastructure by tracking suspicious activities.

What data is logged?

Certain categories of logs are disabled by default to prioritize privacy:

General Operations (default):
Completely disabled, no general system activity is logged.
Queries (queries):
Disabled, no logs are maintained of regular DNS requests.
Query Errors (query-errors):
Disabled, no information about failed queries is logged.

The following logs are active and include data about client IP addresses, the domains being queried, and the specific actions taken by the server. Below is an overview of the active logging categories:

Authentication Server Logs (auth_servers_log):
Logs interactions between DNS servers (e.g., trust and authentication).
DNSSEC Logs (dnssec_log):
Records related to DNSSEC (Domain Name System Security Extensions), such as signing and validation events.
Zone Transfer Logs (zone_transfers_log):
Logs information about zone file transfers between servers.
Dynamic DNS Logs (ddns_log):
Tracks updates made through Dynamic DNS.
Client Security Logs (client_security_log):
Logs related to potentially unauthorized or malicious DNS requests, including source IPs and queried domains.
Rate-Limiting Logs (rate_limiting_log):
Records requests blocked due to exceeding rate limits.
RPZ Logs (rpz_log):
Tracks queries affected by Response Policy Zones (RPZ), often used to block or redirect malicious domains.
Debug Logs (default_debug):
Detailed logs used for debugging, only activated when necessary.

Retention and rotation policy

Logs are stored in files with a maximum duration of one day (24 hours) per file.

What does this mean for you?

Logged Data:
For active logging categories, client IP addresses, the domains queried, and other technical details are logged.
Disabled Logging:
Regular DNS queries and errors are not logged (queries and query-errors are null).

Security and sharing

All logs are stored and accessible to the server administrators. They are never shared with third parties, and their use is limited to operational purposes.

# Setup Instructions

1. Access the FritzBox web interface

Open a web browser and go to http://fritz.box or http://192.168.178.1 (depending on your FritzBox model).
Log in with your administrator credentials (username and password).

2. Navigate to the DNS settings

In the main menu of the FritzBox interface, go to "Internet".
Then, click on "Account Information" or "Connection Settings" (the exact name may vary depending on the FritzBox model).
Look for an option labeled "DNS Server" or "DNS Settings".

3. Configure the DNS servers

In the DNS settings section, you will typically find an option to either "Obtain DNS server addresses automatically" or to "Use the following DNS server addresses".
Select "Use the following DNS server addresses" to manually set your DNS servers.
Enter the IP addresses of your DNS servers:

Primary DNS:
85.215.153.54
Secondary DNS:
87.106.35.241

4. Save the configuration

After entering the DNS server addresses, click "Apply" or "Save" to save the settings.
The FritzBox will apply the new DNS settings to the network.

how-to-dns-servers-fritzbox
how-to-dns-servers-fritzbox-tls

1. Install packages

										
											apt install resolvconf -y

2. Open config file

										
											nano /etc/resolvconf/resolv.conf.d/head

3. Add nameservers

										
											nameserver 85.215.153.54
											nameserver 87.106.35.241
and/or
										
											nameserver 2a01:239:251:a800::1
											nameserver 2a00:da00:f425:5800::1

4. Restart service

										
											resolvconf --enable-updates
											resolvconf -u

To use custom DNS settings on iPhone or iPad, a configuration profile is required. This profile allows you to specify DNS servers directly on the device, overriding the default settings.

MyHomeNetwork, MyWorkNetwork, ...
dremaxx.de, google.com, ...

Configure DoT Using the Private DNS Setting (Android 9 and Newer)

Android 9 (Pie) and later have built-in support for DNS-over-TLS via the Private DNS feature. This method works system-wide for both Wi-Fi and mobile data.

Steps:
  1. Open the Settings app
  2. Navigate to Network & Internet
  3. Select Private DNS
    • If you don’t see this option, it may be located under Advanced or Connections depending on your device.
  4. Choose Private DNS provider hostname
  5. Enter the hostname of the DoT provider: 
    • 													
														dns.dremaxx.de
  6. Tap Save

Your Android device will now use DNS-over-TLS for all network connections.

# Server metrics

Library License Website Repository
chart.js MIT chartjs.org GitHub - chartjs/Chart.js
bootstrap MIT getbootstrap.com GitHub - twbs/bootstrap
three.js MIT threejs.org GitHub - mrdoob/three.js
prism.js MIT prismjs.com GitHub - PrismJS/prism
mustache.js MIT mustache.github.io GitHub - janl/mustache.js
dnsclient.js MIT dremaxx.de GitHub - yannickdreher/dnsclient.js

Many thanks to everyone who is working on these projects!

My DNS servers are hosted on virtual servers from IONOS, and I can highly recommend their services.
By using the following link, you can receive a bonus when signing up for a hosting contract:
Get your service + bonus

You like the service and would like to support me?
PayPal.Me