All Systems Operational

Transparency Report

We operate an open infrastructure stack. Below is the detailed technical breakdown of how we protect, filter, and secure your DNS queries.

Security & Privacy Pipeline

Flow: Left → Right
01 FIREWALL

nftables

Kernel-level packet filtering. Blocks malicious IPs and rate-limits abusers before they reach our stack.

50 qps Rate Limiting
4,600+ Blocked Ranges
Auto Bot Detection
02 FILTERING

AdGuard Home

Stateless content filtering. Acting as a pure DNS firewall to block ads and trackers without local caching.

Adware & Tracking
Malware Blocking
No-Cache (Stateless)
03 ORCHESTRATION

Unbound DNS

Recursive logic engine. Orchestrates query flow and manages the persistent Redis cache via high-speed Unix sockets.

Logic Controller
Unix Socket IPC
QNAME Minimization
04 CACHING

Redis Cache

In-memory key-value store. Serves cached DNS responses in sub-millisecond latency using direct socket memory.

Zero-Latency Socket
Persistent Memory
Volatile-LRU Policy
05 UPSTREAM

DNSCrypt-Proxy

Secure upstream transport. Encrypts queries and enforces DNSSEC validation with root servers.

DNSSEC Enforcement
X25519 Encryption
No-Log Servers

Active IP Blocklists (nftables kernel-level)

We strictly block these sources at the network edge. This lists reflects our current dns-guard configuration.

Enabled Threat Feeds Active
FireHOL Level 1
The "Gold Standard" of IP blocklists. 100% malicious history.
Essential
Spamhaus DROP + EDROP
Hijacked networks used solely by professional cybercrime gangs.
Essential
BotScout + Blocklist.de
Aggregated list of SSH brute-forcers and web scrapers.
Bots
Feodo Tracker
C2 servers for banking trojans (Dridex, Emotet, Trickbot).
Malware
ET Compromised
Emerging Threats list of hosts known to be infected.
Malware
DShield (SANS ISC)
Top attacking subnets reported by the global sensor network.
Attacks
GreenSnow
Real-time compilation of brute-force and port scan attacks.
Scanners
dns-bot-guard
Local heuristics engine. Auto-bans flooders & DDoS attempts.
Local

DNS Filter Lists (AdGuard Home)

Domain-based blocklists that filter ads, trackers, malware, and phishing at the DNS level. These work after traffic passes the firewall.

Filter Source Live Sync
HaGeZi's Threat Intelligence
Critical security feed. Blocks Malware, Cryptojacking, and C2 Botnets.
filter_44.txt
Phishing Army
Dedicated protection against phishing and fraud domains.
filter_30.txt
OISD Blocklist Big
Massive database of ads and trackers with low false positives.
filter_24.txt
AdGuard Popup Filter
Specifically targets annoyance popups and new window triggers.
filter_59.txt
AdGuard DNS Filter
The baseline standard for blocking ads & general trackers.
filter_1.txt
HaGeZi's Normal Blocklist
Balanced protection. Cleans the Internet without breaking sites.
filter_34.txt
OISD Blocklist Small
High-speed, essential blocking for maximum stability.
filter_5.txt

Rate Limiting & Fair Use

150
Queries/Second
Universal Per-IP Limit. Raised to support aggressive pre-fetching on all devices (Fiber, 5G, Wi-Fi 6/7).
500
Burst Allowance
Deep packet buffer. Our Ingress Hook technology absorbs instant page-load spikes without dropping packets.
60m
Auto-Unban
Intelligent forgiveness. If a violation occurs, the block is temporary and reputation resets automatically.