...

...

DNS over TLS
Introduction to DNS.SB DoT

Using DNS over TLS at DNS.SB

What is DNS over TLS

DNS over TLS (DoT) is a security protocol for encrypting and authenticating communications between DNS clients and servers. The goal of the protocol is to provide privacy and integrity for DNS queries and responses, by encrypting the query and response payloads and by providing authentication of the DNS server's identity. DNS over TLS is designed to operate over port 853, which is separate from the traditional DNS port (53). This allows it to be easily deployed in parallel with an existing DNS infrastructure, while providing an additional layer of security.

Our DoT Servers

No Logging, DNSSEC enabled

Hostname for TLS Authentication

dot.sb

TLS Port

  • 853

IPv4

185.222.222.222
45.11.45.11

IPv6

2a09::
2a11::

IPv6 with Full Address

2a09:0000:0000:0000:0000:0000:0000:0000
2a11:0000:0000:0000:0000:0000:0000:0000

PEM / CRT File

dns.sb.crt (opens in a new tab)

SPKI Pin

amEjS6OJ74LvhMNJBxN3HXxOMSWAriaFoyMQn/Nb5FU=

You can generate and verify SPKI PIN with the following command:

echo | openssl s_client -connect 185.222.222.222:853 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64

Example Configurations

Unbound

unbound.conf (opens in a new tab)

How to set DNS.SB DoT Server