A small hobby ads block dns project with doh, dot, dnscrypt support.

You are not using Blahdns !

Announcements

No logs | No EDNS Client-Subnet | OpenNIC TLDs | DNSSEC ready | Filtered some ads, trackers, malware

Our servers

Switzerland 🇨🇭

  • DNS-over-HTTPS

    IPv6-stamp:

    DNS-over-TLS

    IPv6 ONLY:

    tls_auth_name:
    port: 443, 853

    DNSCrypt v2

    port: 8443

    IPv6 - DNSStamp:

Japan 🇯🇵

  • DNS-over-HTTPS

    IPv4-stamp:

    IPv6-stamp:

    DNS-over-TLS

    IP:

    tls_auth_name:
    port: 853, 443 (Strict SNI, without SNI will drop)

    DNSCrypt v2

    port: 8443

    IPv4 - DNSStamp:

    IPv6 - DNSStamp:

Germany 🇩🇪

  • DNS-over-HTTPS

    IPv4-stamp:

    IPv6-stamp:

    DNS-over-TLS

    IP:

    tls_auth_name:
    port: 853, 443 (Strict SNI, without SNI will drop)

    DNSCrypt v2

    port: 8443

    IPv4 - DNSStamp:

    IPv6 - DNSStamp:

News

DNSSEC validate
1. DNSSEC validation: Go
2. Internet.nl: Go
3. DNSSEC resolver algorithm test: Go
4. Cloudflare tools: Go | Go
5. Browserleaks test: Go
6. Check my DNS: Go
7. DNS randomness: Go
8. DNS Spoofability test: Go
9. DNSTrace: Go
10. Threats search: Go
11. Whoer.net Go
12. EDNS test Go

DNS over HTTPs (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure DNS traffic over HTTPs.
It prevents DNS hijacking and ISPs from sniffing your traffic.
You can use will Infra on Android Phone, Mozilla firefox nightly, Chrome coming soon.
DNSCrypt v2 client does support DoH, see dnscrypt configuration example on Windows, Mac, Ios (DNSCloak)

Encrypted DNS - DNS over TLS
DNS over TLS support is available on all our services through port 853 (standard port, some service may support 443).
DNS over TLS encrypts and authenticates all your DNS traffic to protect your privacy and prevent DNS hijacking and sniffing.
Client software: Stubby | Unbound
How to get SPKI
Be sure you already install package apt install gnutls-bin
gnutls-cli --print-cert -p 853 108.61.201.119 | grep "pin-sha256" | head -1
OR kdig -d @108.61.201.119 +tls-ca +tls-host=dot-jp.blahdns.com blahdns.com
OR
echo | openssl s_client -connect '108.61.201.119:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
TLS1.3 support check
openssl s_client -connect 108.61.201.119:853
Will return message:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol  : TLSv1.3
Cipher    : TLS_AES_256_GCM_SHA384
For troubleshooting go HERE

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

FAQ

  • How to fix Chrome on Android phone leaking DNS, check HERE
  • Supported TLS v1.3, 1.2
  • We drop ANY type.
  • Why you building this porject? I started this project around 2016. During that time, with my private dns, I need an easy way to filter ads and tracker, so I rent a server and learn how to achive this.
  • Why you dont like huge traffic? I'm still a student. and I run this service with my pocket money and spare time. Just as a hobby to learn somehting new. buying big server or Anti-DDOS service will cost lot.

DNSSEC validation: https://dnssec.vs.uni-due.de

curl -H 'content-type: application/dns-message' -vL -v 'https://doh-jp.blahdns.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C

kdig google.com @2001:19f0:7001:1ded:5400:1ff:fe90:945b +tls -p 443

kdig google.com @108.61.201.119

https://gist.github.com/meanevo/e70ca58e361fb4d1a9d262a8f12b173a (HAProxy) https://stuff-things.net/2016/11/30/haproxy-sni/ https://pre-prod.chown.me/blog/running-dot-on-openbsd.html https://www.haproxy.com/blog/introduction-to-haproxy-acls/

  • Thanks for mikaela 10 EUR
  • Thanks for Tim 331 TWD*2