Service Endpoints
DNS-over-HTTPS (DoH): https://dns.practicallyunhackable.com/dns-query
DNS-over-TLS (DoT): dns.practicallyunhackable.com (port 853)
IP Address: 128.254.206.25
Why Encrypted DNS?
Traditional DNS queries are plaintext, exposing your browsing activity to ISPs and network observers. DoH and DoT encrypt DNS traffic, protecting privacy and preventing manipulation.
DoH uses HTTPS (port 443) and blends with web traffic. DoT uses dedicated port 853, easier to configure system-wide.
Quick Setup
Browsers
Firefox: Settings → Privacy & Security → DNS over HTTPS → Max Protection → Custom → https://dns.practicallyunhackable.com/dns-query
Chrome/Edge: Settings → Privacy and security → Security → Use secure DNS → Custom → https://dns.practicallyunhackable.com/dns-query
Android 9+
Settings → Network & Internet → Private DNS → Private DNS provider hostname → dns.practicallyunhackable.com
Linux (systemd-resolved)
Edit /etc/systemd/resolved.conf:
DNS=128.254.206.25
DNSOverTLS=yesThen: sudo systemctl restart systemd-resolved
iOS 14+
Install DNSecure or DNSCloak, configure with our DoH or DoT endpoint.
Windows 11
Use browser configuration (recommended) or install DNSCrypt-Proxy for system-wide DoH.
macOS
Configure DoH in Safari/Chrome, or install DNSCrypt-Proxy for system-wide support.
Technical Specifications
DoH: RFC 8484, HTTP/2 over TLS 1.3, port 443
DoT: RFC 7858, TLS 1.3, port 853, DANE/TLSA validated
Features: Unbound resolver, DNSSEC validation, post-quantum cryptography, IPv6 support, no logging
Which One?
Use DoT for: Android, Linux, network-wide configs, dedicated encrypted DNS
Use DoH for: Browsers, when port 853 is blocked, iOS apps, traffic camouflage
Verification
Test at Cloudflare DNS checker or DNS Leak Test
Privacy Commitment
Zero logging. No query storage, tracking, or sharing. Research project, no commercial use. Services provided as-is for privacy-conscious users.