Transparency is key. Here is exactly what powers our infrastructure.
Filters ads, trackers, and malware.
Validating, recursive resolver.
Ultra-fast persistent caching.
Final encryption layer.
The first line of defense. It inspects every incoming DNS query against our blocklists. If a match is found (e.g., an ad server), it returns a null response immediately, saving bandwidth and protecting your privacy.
A powerful, validating, recursive, and caching DNS resolver. It ensures that the DNS answers you receive are authentic (using DNSSEC) and haven't been tampered with.
We use Redis as a persistent backend cache for Unbound. This allows us to serve frequently accessed domains instantly from memory, significantly reducing latency for popular sites.
The final hop. Before any query leaves our server to reach an upstream authority (if not in cache), dnscrypt-proxy encrypts it using the DNSCrypt protocol, ensuring your ISP cannot see what you are resolving.
We utilize the following high-quality blocklists from the AdGuard Hostlists Registry to ensure comprehensive protection:
AdGuard DNS filter
HaGeZi's Normal Blocklist
AdGuard DNS Popup Hosts filter
1Hosts (Lite)
OISD Blocklist Small