Australian DNS resolver

Location: Sydney, Australia

Features

• Privacy Focused
• No Censorship
• No Logging
• DNSSEC validation
• Build on open source technologies
• DNS Rebind protection. See the config for the currently filtered IPs. As a consequence spam block lists (RBL) such as spamhaus.org will no longer work. Also note your public IP might still be vulnerable. [1] [2] [3] [4] [4 slides]
• OpenNIC TLDs
• Qname minimisation (RFC 7816)
• Query pre-fetching using Unbound's algorithm
• Supports DNS-over-HTTPS (DoH) (RFC 8484) which is basically DNS over HTTP/2
• Supports DNS-over-TLS (DoT) (RFC 7858)

Installation

Windows

In an elevated Terminal run the following:

Add-DnsClientDohServerAddress -ServerAddress 139.99.222.72 -DohTemplate https://doh-2.seby.io/dns-query -AutoUpgrade $True

Add-DnsClientDohServerAddress -ServerAddress 45.76.113.31 -DohTemplate https://doh.seby.io/dns-query -AutoUpgrade $True

In Settings-> Network & internet -> Advanced network settings -> [your network adapter] -> View Additional Properties -> DNS server assignment Edit

Under DNS server assignment press the Edit button and set it to Manual. Next flip the IPv4 swith to ON and the enter 45.76.113.31 and 139.99.222.72 as the DNS servers

Finally choose Encrypted only (DNS over HTTPS) and hit save

iOS

Download the DNS profile from encrypted-dns.party or create your own: https://dns.notjakob.com/tool.html

Server Details

dns.seby.io - Vultr

dns.seby.io - Vultr

IPv4 address: 45.76.113.31

This server is also part of the NTP pool project

DNS-over-HTTPS (DoH)

HTTP/2 port: 443

Hostname: doh.seby.io

Path: /dns-query

Stamp: sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA9kb2guc2VieS5pbzo0NDMKL2Rucy1xdWVyeQ

Stamp was generated with https://dnscrypt.info/stamps. Command used to get the hash: dnscrypt-proxy -show-certs

TLS Setup: ImmuniWeb report

DNS-over-TLS (DoT)

TLS port: 853

Hostname: dot.seby.io

Out-of-Band public key pin: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

Command used: kdig -d @45.76.113.31 +tls-ca +tls-host=dot.seby.io example.com

TLS Setup: ImmuniWeb report

dns.seby.io - OVH

dns.seby.io - OVH

IPv4 address: 139.99.222.72

DNS-over-HTTPS (DoH)

HTTP/2 port: 443

Hostname: doh-2.seby.io

Path: /dns-query

Stamp: sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzIgPhoaD2xT8-l6SS1XCEtbmAcFnuBXqxUFh2_YP9o9uDgRZG9oLTIuc2VieS5pbzo0NDMKL2Rucy1xdWVyeQ

Stamp was generated with https://dnscrypt.info/stamps. Command used to get the hash: dnscrypt-proxy -show-certs

TLS Setup: ImmuniWeb report, SSL Labs report

DNS-over-TLS (DoT)

TLS port: 853

Hostname: dot.seby.io

Out-of-Band public key pin: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

Command used: kdig -d @139.99.222.72 +tls-ca +tls-host=dot.seby.io example.com

TLS Setup: ImmuniWeb report

---

Unbound - DoT Example:

server:
  port: 53
forward-zone:
  name: "."
    forward-tls-upstream: yes
    forward-addr: 45.76.113.31@853
    forward-addr: 139.99.222.72@853

The server configuration is freely available on github:

https://github.com/publicarray/dns-resolver-infra

If there are any problems please open an issue or send me a DM.

Notes:

While the resolver is freely available abuse will not be tolerated.

To deal with abuse I may need to capture limited amount of traffic,

this will be discarded after the abuse is dealt with.

Public pgp key: https://keybase.io/publicarray/pgp_keys.asc?fingerprint=ac7b7a03d00d8236b8e6f9d180b9687901b6587c