01 // General_Info
> Is this service really free?
Yes. DNSDOH.ART is a project dedicated to internet privacy. We do not sell data, show ads, or charge fees.
> Do I need to install an app?
For most devices (Android 9+, iOS 14+, Windows 11, macOS), No. You can use the native "Private DNS" or "Secure DNS" settings in your OS - our setup guide covers every platform step by step. An app is only needed for very old devices or if you specifically want DNS-over-QUIC.
> Will this slow down my internet?
Usually, it makes it faster. By blocking heavy ad scripts and tracking pixels, websites render quicker. Our average resolution time is under 15ms.
> Are there any usage limits?
A fair-use rate limit of 300 queries per second per IP (with a burst allowance of 800) protects the service from abuse - far beyond what any household or small office generates. Flooding triggers a temporary 30-minute ban, escalating for repeat offenders; the rules are spelled out in the terms of service.
02 // Privacy_Logs
> Do you log my browsing history?
Never. We operate with a strict no-logs policy. Logs are disabled at the server daemon level (Unbound/AdGuard). We do not record IPs or queries. The technical details are in our privacy policy.
> Can my ISP still see what I visit?
We encrypt your DNS lookups so your ISP cannot see which domain you are looking up. However, they can still see the IP addresses you connect to, and the TLS handshake can reveal hostnames until ECH becomes widespread. The protocols page has an honest breakdown of what encrypted DNS does and does not hide.
> Is this the same as a VPN?
No. A VPN tunnels all of your traffic through another server and hides your IP; encrypted DNS protects only the lookup step. They solve different problems and combine well: encrypted DNS for everyday privacy and ad-blocking at zero speed cost, a VPN when you need to hide your IP or location entirely. Worth knowing: a VPN can still leak your DNS - the guide on whether your VPN leaks DNS shows how to check.
> Can it get around ISP or country DNS blocks?
Often, yes. A lot of ISP- and country-level blocking is done at the DNS layer - your provider simply refuses to resolve certain domains. Because DNSDOH.ART resolves names independently over an encrypted channel, those DNS-level blocks no longer apply and the sites resolve normally. This only bypasses DNS-based blocking, though - it can't get around blocks enforced at the IP level or by deep packet inspection.
> What do you block?
We block ads, trackers, malware and phishing using a few established public blocklists: the AdGuard DNS filter, OISD, a PhishTank/OpenPhish phishing list, and URLHaus for malware. The complete filtering stack is documented on the infrastructure page.
03 // Tech_Specs
> What's the difference: DoH vs DoT vs DoQ?
- [DoH] HTTPS, port 443 -> best for browsers & restricted networks
- [DoT] TLS, port 853 -> built into Android ("Private DNS") & routers
- [DoQ] QUIC, port 853/UDP -> fastest, needs a DoQ-capable client
- [H3] DoH over HTTP/3 -> automatic upgrade, stealth + speed
Full architecture, benchmarks, and trade-offs are on the protocols page.
> Do you support DNSSEC?
Yes. Our backend Unbound resolver performs full DNSSEC validation. This prevents DNS spoofing and cache poisoning attacks by verifying the digital signatures of DNS records. Note that DNSSEC (authenticity) and encryption (privacy) solve different problems - the protocols page explains the difference, and the guide on what DNSSEC is goes deeper.
> Why does the server location show [Country]?
GeoIP databases (MaxMind and similar) map an IP address to the network's registration country, which often differs from where the server physically runs. So a lookup tool may label
194.180.189.33 with an unexpected country - the latency you measure is the truth; the map label is a guess. You can inspect your real route on the IP & fingerprint page.
> Do you support HTTP/3 (DoH3)?
Yes. Our DoH endpoint advertises HTTP/3 via the
Alt-Svc header, so modern browsers and clients upgrade automatically - no configuration needed. See the HTTP/3 section on the protocols page for how it works.
> Do you support IPv6?
Not yet. The resolver currently runs on IPv4 only (
194.180.189.33). On normal dual-stack connections you won't notice any difference - your device reaches us over IPv4 and still receives AAAA (IPv6) records in the answers. IPv6-only networks are not supported yet.
04 // Diagnostics
> How do I verify it's working?
Visit our DNS Leak Test page. You should see servers from our encrypted upstreams - typically Cloudflare or Quad9 - and not your ISP's DNS. The test can't literally show "DNSDOH.ART": we forward your queries upstream over encrypted channels, so the responding servers belong to those upstream networks. If you want to understand what the test is actually measuring, see how the DNS leak test works.
> How do I uninstall / turn it off?
Simply go back to the settings where you entered our address - the same screens shown in the setup guide - and switch the mode back to "Automatic" or "Off". If you installed an iOS Profile, go to Settings > General > VPN & Device Management and delete the profile.
> Private DNS stopped working on public Wi-Fi.
Hotel, school, and corporate networks often block port 853, which Android's Private DNS (DoT) uses - the device then shows "couldn't connect". On such networks, use DoH in your browser instead (it rides port 443 and is rarely blocked), or temporarily set Private DNS back to Automatic. The setup guide shows both options.
> A website is broken (False Positive).
Rarely, a site may break if it depends on an ad-tracker. You can temporarily switch your DNS to Automatic/ISP to access it. Please report the domain via the Secure Contact in the footer below so we can whitelist it.