Frequently Asked Questions
General
What is DNS?
DNS (Domain Name System) is often called the âphonebook of the Internet.â It translates human-readable domain names like example.com into machine-readable IP addresses like 192.0.2.1. Every time you visit a website, send an email, or use any online service, a DNS query happens behind the scenes to find the correct server address.
What is DNS.SB?
DNS.SB is a free, privacy-focused public DNS resolver service operated by xTom. We provide fast, secure, and private DNS resolution with support for traditional DNS, DNS over TLS (DoT), and DNS over HTTPS (DoH). Our servers are deployed globally to ensure low latency and high availability.
Why should I use DNS.SB instead of my ISPâs DNS?
There are several compelling reasons:
- Privacy: Your ISP can see and log every website you visit. DNS.SB does not log any DNS queries.
- Speed: Our global anycast network ensures fast response times from anywhere in the world.
- Security: We support DNSSEC validation to protect against DNS spoofing attacks.
- No censorship: We do not block or filter any domains (except for legal requirements).
- Encrypted DNS: We support DoT and DoH to prevent eavesdropping on your DNS queries.
Is DNS.SB free?
Yes, DNS.SB is completely free for personal and non-commercial use. There are no premium tiers, no ads, and no data collection.
Who operates DNS.SB?
DNS.SB is operated by xTom GmbH, a global network and infrastructure company headquartered in Germany. xTom operates a massive anycast network across 30+ locations on 6 continents.
Privacy & Security
Does DNS.SB log my DNS queries?
No. We do not store any logs of DNS queries. We cannot see which websites you visit, and we have no data to share with anyone - including governments or law enforcement. You cannot share what you do not have.
Does DNS.SB use EDNS Client Subnet (ECS)?
No. EDNS Client Subnet sends part of your IP address to authoritative DNS servers, which can compromise your privacy. DNS.SB is a privacy-centric resolver and does not send any client IP information to upstream servers.
Does DNS.SB support DNSSEC?
Yes, DNS.SB is a DNSSEC-validating resolver. DNSSEC (Domain Name System Security Extensions) provides authentication of DNS data, protecting you from cache poisoning and man-in-the-middle attacks.
What is DNS Query Name Minimisation?
DNS Query Name Minimisation (RFC 7816) reduces the amount of information sent to authoritative DNS servers. Instead of sending the full domain name to every server in the resolution chain, we only send the minimum necessary information. This enhances your privacy by limiting data exposure.
Does DNS.SB block any websites?
No, we do not implement any content filtering or blocking. DNS.SB provides neutral, unfiltered DNS resolution. We believe users should have full control over their internet experience.
DNS over TLS (DoT)
What is DNS over TLS?
DNS over TLS (DoT) encrypts DNS queries using the TLS protocol (the same encryption used for HTTPS websites). This prevents anyone on your network - including your ISP - from seeing or tampering with your DNS queries.
How do I use DNS over TLS?
You need a DoT-compatible client or operating system. We provide setup guides for:
- Android 9+ (built-in Private DNS feature)
- Linux (using systemd-resolved)
- Windows (using YogaDNS or similar)
What are the DoT server details?
| Setting | Value |
|---|---|
| Hostname | dot.sb |
| Port | 853 |
| IPv4 | 185.222.222.222, 45.11.45.11 |
| IPv6 | 2a09::, 2a11:: |
DNS over HTTPS (DoH)
What is DNS over HTTPS?
DNS over HTTPS (DoH) encrypts DNS queries using the HTTPS protocol. Like DoT, it prevents eavesdropping on your DNS traffic. DoH has the additional benefit of being indistinguishable from regular web traffic, making it harder to block.
How do I use DNS over HTTPS?
Most modern browsers support DoH natively. We provide setup guides for:
What are the DoH server URLs?
Global CDN (Recommended)
https://doh.dns.sb/dns-queryAlternative URLs:
https://doh.sb/dns-queryhttps://dns.sb/dns-query
Pure IP (for clients that donât support hostnames)
- IPv4:
https://185.222.222.222/dns-query - IPv4:
https://45.11.45.11/dns-query - IPv6:
https://[2a09::]/dns-query - IPv6:
https://[2a11::]/dns-query
Whatâs the difference between DoT and DoH?
| Feature | DNS over TLS (DoT) | DNS over HTTPS (DoH) |
|---|---|---|
| Port | 853 | 443 |
| Protocol | TLS | HTTPS |
| Visibility | Can be identified as DNS traffic | Looks like regular HTTPS traffic |
| Blocking | Easier to block | Harder to block |
| Use case | System-wide DNS | Browser or application-specific |
Both provide strong encryption and privacy. Choose based on your needs and what your device supports.
Server Information
What are the DNS server IP addresses?
IPv4
185.222.222.222
45.11.45.11IPv6
2a09::
2a11::Yes, we really have the shortest IPv6 addresses in the world!
If your device requires full IPv6 addresses:
2a09:0000:0000:0000:0000:0000:0000:0000
2a11:0000:0000:0000:0000:0000:0000:0000Does DNS.SB support IPv6?
Yes, DNS.SB has full IPv6 support. All our servers are dual-stack and can be accessed via both IPv4 and IPv6.
Where are DNS.SB servers located?
DNS.SB operates on xTomâs global anycast network with presence in 30+ locations across 6 continents, including:
- Europe: Germany, Netherlands, United Kingdom, Estonia
- North America: United States (multiple locations), Canada
- Asia: Japan, Hong Kong, Singapore, South Korea, India
- Oceania: Australia
- And moreâŚ
Your queries are automatically routed to the nearest server for optimal performance.
What ports does DNS.SB use?
| Protocol | Port |
|---|---|
| Standard DNS (UDP/TCP) | 53 |
| DNS over TLS (DoT) | 853 |
| DNS over HTTPS (DoH) | 443 |
Usage & Troubleshooting
How do I verify that Iâm using DNS.SB?
Visit dns.sb and check the banner at the top of the page. If youâre using our service, it will show a confirmation message.
How do I set up DNS.SB on my device?
We provide detailed setup guides for various platforms:
Regular DNS:
DNS over TLS:
DNS over HTTPS:
Some websites donât load after switching to DNS.SB. Why?
This is usually not caused by DNS.SB. Possible reasons include:
- DNS cache: Your device may still have old DNS records cached. Try flushing your DNS cache.
- Browser cache: Clear your browser cache and cookies.
- VPN or proxy: Some VPNs override DNS settings. Check your VPN configuration.
- Firewall: Some firewalls block non-standard DNS traffic. Ensure ports 53, 853, and 443 are not blocked.
If issues persist, please contact us.
Can I use DNS.SB for my business?
DNS.SB is designed for personal and non-commercial use. For commercial or enterprise use cases with SLA requirements, please contact us to discuss your needs.
Can you build a custom DNS service for my organization?
Yes! If you need a dedicated DNS infrastructure, custom filtering rules, branded DNS service, or any other tailored DNS solution for your organization, weâd be happy to help. Please visit our contact page to get in touch with us and discuss your requirements.
Is there a rate limit?
We do not impose strict rate limits for normal usage. However, we reserve the right to block IPs that generate excessive traffic that degrades service for other users. If youâre building an application that requires high query volumes, please contact us first.
Technical Details
Does DNS.SB support DNS64?
Currently, DNS.SB does not provide DNS64 service. We may add this feature in the future.
What software does DNS.SB use?
We use industry-standard DNS resolver software with custom optimizations for performance and privacy. The specific software stack is not publicly disclosed for security reasons.
Can I use DNS.SB as an upstream resolver for my own DNS server?
Yes, you can configure your local DNS server (such as Pi-hole, AdGuard Home, or Unbound) to use DNS.SB as an upstream resolver. We recommend using DoT or DoH for the upstream connection to maintain privacy.
Does DNS.SB support DNS-over-QUIC (DoQ)?
DNS.SB currently supports HTTP/3 for our DNS-over-HTTPS service, which uses QUIC as the transport layer. This provides many of the same benefits as DoQ, including faster connection establishment and improved performance.
Whatâs the difference between DoH with HTTP/3 and DoQ?
| Feature | DoH with HTTP/3 | DNS-over-QUIC (DoQ) |
|---|---|---|
| Protocol layers | HTTP/3 + QUIC | QUIC only (no HTTP) |
| Port | 443 | 853 |
| Overhead | HTTP headers included | Minimal, DNS directly over QUIC |
| Traffic visibility | Looks like regular HTTPS | Can be identified as DNS |
| Specification | RFC 8484 + RFC 9114 | RFC 9250 |
Both use QUIC transport and benefit from 0-RTT connection resumption, connection migration, and improved performance over lossy networks. DoH3 is better for privacy (blends with web traffic), while DoQ is more efficient (no HTTP overhead).
We are evaluating native DoQ support for the future.
Support & Contact
How do I report an issue?
You can reach us through:
- Email: admin (at) dns.sb
- GitHub: github.com/dns-sb
- Mastodon: @DNS@c.im