Using DNS over TLS at DNS.SB
What is DNS over TLS
DNS over TLS (DoT) is a security protocol for encrypting and authenticating communications between DNS clients and servers. The goal of the protocol is to provide privacy and integrity for DNS queries and responses, by encrypting the query and response payloads and by providing authentication of the DNS server's identity. DNS over TLS is designed to operate over port 853, which is separate from the traditional DNS port (53). This allows it to be easily deployed in parallel with an existing DNS infrastructure, while providing an additional layer of security.
Our DoT Servers
No Logging, DNSSEC enabled
Hostname for TLS Authentication
dot.sbTLS Port
853
IPv4
185.222.222.22245.11.45.11IPv6
2a09::2a11::When using IPv6 address, you must use specific hostname dot.sb
IPv6 with Full Address
2a09:0000:0000:0000:0000:0000:0000:00002a11:0000:0000:0000:0000:0000:0000:0000PEM / CRT File
dns.sb.crt (opens in a new tab)
SPKI Pin
0Ot+uUBCfWZkE2GFQQcIpR9GmuhWioGEl+K11FhNmHk=You can generate and verify SPKI PIN with the following command:
echo | openssl s_client -connect 185.222.222.222:853 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64Example Configurations
Unbound
unbound.conf (opens in a new tab)