# What is DoT

DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. (Wikipedia (opens new window))

# Our DoT Servers

# Hostname for TLS Authentication


Note: The old hostname dns.sb will be deprecated soon.

# TLS Port

  • 853

# IPv4


Note: The old address will be deprecated soon.

# IPv6

  • 2a09::
  • 2a11::

Note: The old address 2a09::1 will be deprecated soon. When using IPv6 address, you must use specific hostname dot.sb

# IPv6 with Full Address

  • 2a09:0000:0000:0000:0000:0000:0000:0000
  • 2a11:0000:0000:0000:0000:0000:0000:0000

No Logging, DNSSEC enabled

# SPKI Pin


# Example Configurations

# Unbound

unbound.conf (opens new window)

# How to set DNS.SB DoT Server