Encrypted DNS Server

This page was last modified: 24 Jul 2022 19:41 CE(S)T.

MegaNerd.nl is providing an encrypted DNS server (SDNS server) and anonymized DNS relay - via DNSCrypt and/or DNS over HTTPS (DoH) at chewbacca.meganerd.nl.

Why?

Most sites you visit use encryption nowadays (HTTPS), but the ancient DNS protocol doesn't encrypt communication between client and server. In other words: it is sent as plain text and anyone that sniffs your traffic can read and understand the requests you make to translate a domain(name) to an IP address. That makes DNS very vulnarable to man-in-the-middle attacks.

An encrypted DNS server encrypts and authenticates DNS queries. There are several protocols to encrypt DNS. DNSCrypt is one of them and by far the easiest to implement. One of the best ways to enable DNS encryption for yourself is to use dnscrypt-proxy. Download it for your OS and follow the instructions on that page. To further improve privacy, you could enable anonymized DNSCrypt on top of that. You can even use it together with another fantastic piece of software named Pi-hole: see this page for instructions how to do that. The server also supports DNS over HTTPS (DoH) via doh-proxy - another way to encrypt your DNS queries.

MegaNerd.nl encrypted DNS server characteristics
  • Free, No logs, no filters
  • Encrypted DNS with DNSCrypt v2 (Encrypted DNS Server)
  • Anonymized DNSCrypt relay
  • DNS over HTTPS (DoH) support (via doh-proxy)
  • Oblivious DNS over HTTPS (ODoH) target server (via doh-proxy)
  • Support for DNSSEC
  • Hosted in Amsterdam, the Netherlands - cloud based server
DNSCrypt server IPv4
  • Use meganerd in your dnscrypt-proxy configuration
  • Or use the following DNS stamp:

sdns://AQcAAAAAAAAAEjEzNi4yNDQuOTcuMTE0OjQ0MyAon-lfTOhBf_V6PzB8JAzeGSYxEaKUiTfIQblFoPWHjCUyLmRuc2NyeXB0LWNlcnQuY2hld2JhY2NhLm1lZ2FuZXJkLm5s

Anonymized DNSCrypt relay IPv4
  • Use anon-meganerd in your dnscrypt-proxy configuration
  • Or use the following DNS stamp:

sdns://gRIxMzYuMjQ0Ljk3LjExNDo0NDM

DNSCrypt server IPv6
  • Use meganerd-ipv6 in your dnscrypt-proxy configuration
  • Or use the following DNS stamp:

sdns://AQcAAAAAAAAAK1syMDAxOjE5ZjA6NTAwMTpjYmI6NTQwMDozZmY6ZmUwNzpmNzBkXTo0NDMgKJ_pX0zoQX_1ej8wfCQM3hkmMRGilIk3yEG5RaD1h4wlMi5kbnNjcnlwdC1jZXJ0LmNoZXdiYWNjYS5tZWdhbmVyZC5ubA

Anonymized DNSCrypt relay IPv6
  • Use anon-meganerd-ipv6 in your dnscrypt-proxy configuration
  • Or use the following DNS stamp:

sdns://gStbMjAwMToxOWYwOjUwMDE6Y2JiOjU0MDA6M2ZmOmZlMDc6ZjcwZF06NDQz

DNS over HTTPS (DoH) server IPv4
  • Use meganerd-doh-ipv4 in your dnscrypt-proxy configuration
  • Or use https://chewbacca.meganerd.nl/dns-query as your DoH server
  • Or use the following DNS stamp:

sdns://AgcAAAAAAAAADjEzNi4yNDQuOTcuMTE0IFPy18wOsK7U2g7ltJ0QrWD9OptayLfnLvZ654ujAK7hFWNoZXdiYWNjYS5tZWdhbmVyZC5ubAovZG5zLXF1ZXJ5

DNS over HTTPS (DoH) server IPv6
  • Use meganerd-doh-ipv6 in your dnscrypt-proxy configuration
  • Or use https://chewbacca.meganerd.nl/dns-query as your DoH server
  • Or use the following DNS stamp:

sdns://AgcAAAAAAAAAKFsyMDAxOjE5ZjA6NTAwMTpjYmI6NTQwMDowM2ZmOmZlMDc6ZjcwZF0gU_LXzA6wrtTaDuW0nRCtYP06m1rIt-cu9nrni6MAruEVY2hld2JhY2NhLm1lZ2FuZXJkLm5sCi9kbnMtcXVlcnk

Oblivious DNS over HTTPS (ODoH) server
  • Use odoh-meganerd in your configuration
  • Or use the following DNS stamp:

sdns://BQcAAAAAAAAAFWNoZXdiYWNjYS5tZWdhbmVyZC5ubAovZG5zLXF1ZXJ5