Server Configuration
Full transparency about the deployed DNS infrastructure.
The resolvers are operated with BIND9 from the Internet Systems Consortium (ISC) โ the reference implementation of the DNS protocol. This page shows the production configuration: recursion behaviour, root hints and the full logging setup.
Recursive Resolver
Resolution via the DNS hierarchy starting from the root servers, without an upstream provider.
DNSSEC Validation
Signatures are validated; answers only when the chain of trust is intact.
No Query Log
Regular DNS queries and query errors are not logged.
24h Log Rotation
Active log categories are rotated daily and kept only briefly.
01 ยท Resolution
Recursion & Root Hints
When a query cannot be answered from the local cache, the resolvers query the DNS hierarchy step by step โ starting at the root servers. This keeps answers independent of external DNS providers and always up to date.
Excerpt from named.conf
1<!doctype html>
2<html lang="en" data-bs-theme="dark">
3<head>
4 <meta charset="UTF-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1">
6 <!-- Blocking on purpose: applies the saved color scheme before first
7 paint. External file (not inline) so the CSP can stay script-src
8 'self' without 'unsafe-inline'. -->
9 <script src="/theme-init.js"></script>
10 <meta name="theme-color" content="#0d0d0d">
11 <meta name="robots" content="index,follow">
12 <meta name="author" content="Yannick Dreher">
13 <link rel="icon" href="/favicon.ico?v=2" sizes="any">
14 <title>Public DNS Resolvers โ Secure & Private DNS</title>
15 <meta name="description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering. Setup guides for Linux, Windows, FRITZ!Box, Unifi, iPhone, Android.">
16 <link rel="canonical" href="https://www.dremaxx.de/">
17 <meta property="og:title" content="Public DNS Resolvers" />
18 <meta property="og:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
19 <meta property="og:url" content="https://www.dremaxx.de/" />
20 <meta property="og:type" content="website" />
21 <meta property="og:site_name" content="dremaxx" />
22 <meta property="og:image" content="https://www.dremaxx.de/images/og-default.jpg" />
23 <meta name="twitter:card" content="summary_large_image" />
24 <meta name="twitter:title" content="Public DNS Resolvers" />
25 <meta name="twitter:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
26 <meta name="twitter:image" content="https://www.dremaxx.de/images/og-default.jpg" />
27 <link rel="preconnect" href="https://fonts.googleapis.com">
28 <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
29 <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;700&display=swap">
30 <script defer src="https://cloud.umami.is/script.js" data-website-id="869b31dd-c4aa-45cf-91cd-f89ee7608306"></script>
31 <style>
32 /* Boot spinner: hides #root until React has committed its first
33 render so users never see the prerendered DOM flash and get
34 replaced. The prerendered snapshot is taken AFTER `app-ready`
35 is set, so SEO content is also fully visible to crawlers. */
36 #root { opacity: 0; transition: opacity 0.15s ease-in; }
37 body.app-ready #root { opacity: 1; }
38 #app-boot-spinner {
39 position: fixed; inset: 0;
40 display: flex; align-items: center; justify-content: center;
41 background: #0d0d0d;
42 z-index: 9999;
43 transition: opacity 0.2s ease-out;
44 }
45 body.app-ready #app-boot-spinner { opacity: 0; pointer-events: none; }
46 #app-boot-spinner::after {
47 content: '';
48 width: 2.5rem; height: 2.5rem;
49 border: 3px solid rgba(255,255,255,0.15);
50 border-top-color: #6ea8fe;
51 border-radius: 50%;
52 animation: app-boot-spin 0.8s linear infinite;
53 }
54 @keyframes app-boot-spin { to { transform: rotate(360deg); } }
55 @media (prefers-reduced-motion: reduce) {
56 #app-boot-spinner::after { animation: none; }
57 #root, #app-boot-spinner { transition: none; }
58 }
59 </style>
60 <script type="application/ld+json">
61 {
62 "@context": "https://schema.org",
63 "@type": "WebSite",
64 "name": "dremaxx Public DNS",
65 "url": "https://www.dremaxx.de/",
66 "description": "Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering.",
67 "potentialAction": {
68 "@type": "SearchAction",
69 "target": "https://www.dremaxx.de/tools/dns-lookup-tool?query={search_term_string}",
70 "query-input": "required name=search_term_string"
71 }
72 }
73 </script>
74 <script type="application/ld+json">
75 {
76 "@context": "https://schema.org",
77 "@type": "Organization",
78 "name": "dremaxx",
79 "url": "https://www.dremaxx.de/",
80 "logo": "https://www.dremaxx.de/images/og-default.jpg",
81 "founder": {
82 "@type": "Person",
83 "name": "Yannick Dreher"
84 },
85 "contactPoint": {
86 "@type": "ContactPoint",
87 "contactType": "customer support",
88 "email": "yannick.dreher@dremaxx.de",
89 "availableLanguage": ["de", "en"]
90 }
91 }
92 </script>
93 <script type="module" crossorigin src="/assets/index-z6YeAWhM.js"></script>
94 <link rel="modulepreload" crossorigin href="/assets/bootstrap-ejjj_R1q.js">
95 <link rel="modulepreload" crossorigin href="/assets/syntax-BdR-FTXz.js">
96 <link rel="modulepreload" crossorigin href="/assets/chartjs-ChiAxujM.js">
97 <link rel="modulepreload" crossorigin href="/assets/dnsclient-B8YA4OOU.js">
98 <link rel="stylesheet" crossorigin href="/assets/bootstrap-2DYGx4PL.css">
99 <link rel="stylesheet" crossorigin href="/assets/index-kFfImSyS.css">
100</head>
101<body>
102 <div id="app-boot-spinner" role="status" aria-label="Loading"></div>
103 <div id="root"></div>
104</body>
105</html>Active root hints
1<!doctype html>
2<html lang="en" data-bs-theme="dark">
3<head>
4 <meta charset="UTF-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1">
6 <!-- Blocking on purpose: applies the saved color scheme before first
7 paint. External file (not inline) so the CSP can stay script-src
8 'self' without 'unsafe-inline'. -->
9 <script src="/theme-init.js"></script>
10 <meta name="theme-color" content="#0d0d0d">
11 <meta name="robots" content="index,follow">
12 <meta name="author" content="Yannick Dreher">
13 <link rel="icon" href="/favicon.ico?v=2" sizes="any">
14 <title>Public DNS Resolvers โ Secure & Private DNS</title>
15 <meta name="description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering. Setup guides for Linux, Windows, FRITZ!Box, Unifi, iPhone, Android.">
16 <link rel="canonical" href="https://www.dremaxx.de/">
17 <meta property="og:title" content="Public DNS Resolvers" />
18 <meta property="og:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
19 <meta property="og:url" content="https://www.dremaxx.de/" />
20 <meta property="og:type" content="website" />
21 <meta property="og:site_name" content="dremaxx" />
22 <meta property="og:image" content="https://www.dremaxx.de/images/og-default.jpg" />
23 <meta name="twitter:card" content="summary_large_image" />
24 <meta name="twitter:title" content="Public DNS Resolvers" />
25 <meta name="twitter:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
26 <meta name="twitter:image" content="https://www.dremaxx.de/images/og-default.jpg" />
27 <link rel="preconnect" href="https://fonts.googleapis.com">
28 <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
29 <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;700&display=swap">
30 <script defer src="https://cloud.umami.is/script.js" data-website-id="869b31dd-c4aa-45cf-91cd-f89ee7608306"></script>
31 <style>
32 /* Boot spinner: hides #root until React has committed its first
33 render so users never see the prerendered DOM flash and get
34 replaced. The prerendered snapshot is taken AFTER `app-ready`
35 is set, so SEO content is also fully visible to crawlers. */
36 #root { opacity: 0; transition: opacity 0.15s ease-in; }
37 body.app-ready #root { opacity: 1; }
38 #app-boot-spinner {
39 position: fixed; inset: 0;
40 display: flex; align-items: center; justify-content: center;
41 background: #0d0d0d;
42 z-index: 9999;
43 transition: opacity 0.2s ease-out;
44 }
45 body.app-ready #app-boot-spinner { opacity: 0; pointer-events: none; }
46 #app-boot-spinner::after {
47 content: '';
48 width: 2.5rem; height: 2.5rem;
49 border: 3px solid rgba(255,255,255,0.15);
50 border-top-color: #6ea8fe;
51 border-radius: 50%;
52 animation: app-boot-spin 0.8s linear infinite;
53 }
54 @keyframes app-boot-spin { to { transform: rotate(360deg); } }
55 @media (prefers-reduced-motion: reduce) {
56 #app-boot-spinner::after { animation: none; }
57 #root, #app-boot-spinner { transition: none; }
58 }
59 </style>
60 <script type="application/ld+json">
61 {
62 "@context": "https://schema.org",
63 "@type": "WebSite",
64 "name": "dremaxx Public DNS",
65 "url": "https://www.dremaxx.de/",
66 "description": "Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering.",
67 "potentialAction": {
68 "@type": "SearchAction",
69 "target": "https://www.dremaxx.de/tools/dns-lookup-tool?query={search_term_string}",
70 "query-input": "required name=search_term_string"
71 }
72 }
73 </script>
74 <script type="application/ld+json">
75 {
76 "@context": "https://schema.org",
77 "@type": "Organization",
78 "name": "dremaxx",
79 "url": "https://www.dremaxx.de/",
80 "logo": "https://www.dremaxx.de/images/og-default.jpg",
81 "founder": {
82 "@type": "Person",
83 "name": "Yannick Dreher"
84 },
85 "contactPoint": {
86 "@type": "ContactPoint",
87 "contactType": "customer support",
88 "email": "yannick.dreher@dremaxx.de",
89 "availableLanguage": ["de", "en"]
90 }
91 }
92 </script>
93 <script type="module" crossorigin src="/assets/index-z6YeAWhM.js"></script>
94 <link rel="modulepreload" crossorigin href="/assets/bootstrap-ejjj_R1q.js">
95 <link rel="modulepreload" crossorigin href="/assets/syntax-BdR-FTXz.js">
96 <link rel="modulepreload" crossorigin href="/assets/chartjs-ChiAxujM.js">
97 <link rel="modulepreload" crossorigin href="/assets/dnsclient-B8YA4OOU.js">
98 <link rel="stylesheet" crossorigin href="/assets/bootstrap-2DYGx4PL.css">
99 <link rel="stylesheet" crossorigin href="/assets/index-kFfImSyS.css">
100</head>
101<body>
102 <div id="app-boot-spinner" role="status" aria-label="Loading"></div>
103 <div id="root"></div>
104</body>
105</html>02 ยท Observability
Logging strategy
Logging is solely for the reliable and secure operation of the resolvers. Personal queries of individual users are deliberately not logged.
Troubleshooting
Quickly narrow down technical issues during live operation.
Security monitoring
Detect abuse such as DDoS patterns or scans.
Performance
Keep an eye on load, latencies and cache behaviour.
Abuse prevention
Detect suspicious activity and block it specifically.
Categories at a glance
Authentication
enabledauth_servers_logTrust and authentication events between DNS servers.
DNSSEC
enableddnssec_logSignature, validation and key events around DNSSEC.
Zone Transfers
enabledzone_transfers_logAXFR/IXFR transfers between master and slave servers.
Dynamic DNS
enabledddns_logUpdates via the Dynamic DNS update protocol.
Client Security
enabledclient_security_logSuspicious or unauthorised DNS queries including source IP.
Rate Limiting
enabledrate_limiting_logQueries throttled or dropped due to rate limits.
RPZ
enabledrpz_logHits in Response Policy Zones, e.g. for block or redirect rules.
Debug
enableddefault_debugDetailed debug output, only temporarily enabled when needed.
General
disableddefaultGeneral system activity โ deliberately disabled.
Queries
disabledqueriesRegular DNS queries โ no logging.
Query Errors
disabledquery-errorsFailed queries โ no logging.
Active logging configuration
1<!doctype html>
2<html lang="en" data-bs-theme="dark">
3<head>
4 <meta charset="UTF-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1">
6 <!-- Blocking on purpose: applies the saved color scheme before first
7 paint. External file (not inline) so the CSP can stay script-src
8 'self' without 'unsafe-inline'. -->
9 <script src="/theme-init.js"></script>
10 <meta name="theme-color" content="#0d0d0d">
11 <meta name="robots" content="index,follow">
12 <meta name="author" content="Yannick Dreher">
13 <link rel="icon" href="/favicon.ico?v=2" sizes="any">
14 <title>Public DNS Resolvers โ Secure & Private DNS</title>
15 <meta name="description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering. Setup guides for Linux, Windows, FRITZ!Box, Unifi, iPhone, Android.">
16 <link rel="canonical" href="https://www.dremaxx.de/">
17 <meta property="og:title" content="Public DNS Resolvers" />
18 <meta property="og:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
19 <meta property="og:url" content="https://www.dremaxx.de/" />
20 <meta property="og:type" content="website" />
21 <meta property="og:site_name" content="dremaxx" />
22 <meta property="og:image" content="https://www.dremaxx.de/images/og-default.jpg" />
23 <meta name="twitter:card" content="summary_large_image" />
24 <meta name="twitter:title" content="Public DNS Resolvers" />
25 <meta name="twitter:description" content="Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering." />
26 <meta name="twitter:image" content="https://www.dremaxx.de/images/og-default.jpg" />
27 <link rel="preconnect" href="https://fonts.googleapis.com">
28 <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
29 <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;700&display=swap">
30 <script defer src="https://cloud.umami.is/script.js" data-website-id="869b31dd-c4aa-45cf-91cd-f89ee7608306"></script>
31 <style>
32 /* Boot spinner: hides #root until React has committed its first
33 render so users never see the prerendered DOM flash and get
34 replaced. The prerendered snapshot is taken AFTER `app-ready`
35 is set, so SEO content is also fully visible to crawlers. */
36 #root { opacity: 0; transition: opacity 0.15s ease-in; }
37 body.app-ready #root { opacity: 1; }
38 #app-boot-spinner {
39 position: fixed; inset: 0;
40 display: flex; align-items: center; justify-content: center;
41 background: #0d0d0d;
42 z-index: 9999;
43 transition: opacity 0.2s ease-out;
44 }
45 body.app-ready #app-boot-spinner { opacity: 0; pointer-events: none; }
46 #app-boot-spinner::after {
47 content: '';
48 width: 2.5rem; height: 2.5rem;
49 border: 3px solid rgba(255,255,255,0.15);
50 border-top-color: #6ea8fe;
51 border-radius: 50%;
52 animation: app-boot-spin 0.8s linear infinite;
53 }
54 @keyframes app-boot-spin { to { transform: rotate(360deg); } }
55 @media (prefers-reduced-motion: reduce) {
56 #app-boot-spinner::after { animation: none; }
57 #root, #app-boot-spinner { transition: none; }
58 }
59 </style>
60 <script type="application/ld+json">
61 {
62 "@context": "https://schema.org",
63 "@type": "WebSite",
64 "name": "dremaxx Public DNS",
65 "url": "https://www.dremaxx.de/",
66 "description": "Open DNS resolvers with DNS-over-TLS and DNS-over-HTTPS. No logging, no filtering.",
67 "potentialAction": {
68 "@type": "SearchAction",
69 "target": "https://www.dremaxx.de/tools/dns-lookup-tool?query={search_term_string}",
70 "query-input": "required name=search_term_string"
71 }
72 }
73 </script>
74 <script type="application/ld+json">
75 {
76 "@context": "https://schema.org",
77 "@type": "Organization",
78 "name": "dremaxx",
79 "url": "https://www.dremaxx.de/",
80 "logo": "https://www.dremaxx.de/images/og-default.jpg",
81 "founder": {
82 "@type": "Person",
83 "name": "Yannick Dreher"
84 },
85 "contactPoint": {
86 "@type": "ContactPoint",
87 "contactType": "customer support",
88 "email": "yannick.dreher@dremaxx.de",
89 "availableLanguage": ["de", "en"]
90 }
91 }
92 </script>
93 <script type="module" crossorigin src="/assets/index-z6YeAWhM.js"></script>
94 <link rel="modulepreload" crossorigin href="/assets/bootstrap-ejjj_R1q.js">
95 <link rel="modulepreload" crossorigin href="/assets/syntax-BdR-FTXz.js">
96 <link rel="modulepreload" crossorigin href="/assets/chartjs-ChiAxujM.js">
97 <link rel="modulepreload" crossorigin href="/assets/dnsclient-B8YA4OOU.js">
98 <link rel="stylesheet" crossorigin href="/assets/bootstrap-2DYGx4PL.css">
99 <link rel="stylesheet" crossorigin href="/assets/index-kFfImSyS.css">
100</head>
101<body>
102 <div id="app-boot-spinner" role="status" aria-label="Loading"></div>
103 <div id="root"></div>
104</body>
105</html>03 ยท Retention
Retention & Sharing
Rotation
Active log files are rotated after a maximum of 24 hours. Old files are kept briefly for error analysis and then deleted.
Access & sharing
Logs are only accessible to server administrators. They are not shared with third parties; usage is limited to proper operation.