Public DNS Resolver

Overview

I spawned 3 instances of AdGuard Home and opened it for public use at dns.stevenz.net. The instances support traditional DNS (port 53), DoT (DNS-over-TLS), DoH (DNS-over-HTTPS) and DoQ (DNS-over-QUIC).
Please note that the AdGuard Home instances validate DNSSEC by default and also have some filter lists deployed.
All instances locations are in U.S. east coast so the experience might not be the best for other regions (hence you should consider self-hosting or use other providers).

Specification


Instances powered by AdGuard Home.
Server Address: dns.stevenz.net
Protocols: DoT (853), DoH (443), DoQ (784), Regular DNS (53).
Features: DNSSEC-enabled, ECS-enabled, DNS Filter-enabled.

Filters

  1. CHN: anti-AD https://anti-ad.net/easylist.txt
  2. OISD – ABP https://abp.oisd.nl/
  3. The Big List of Hacked Malware Web Sites https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts

Network

Data center locations: Azure (US East 1), BuyVM (Las Vegas), Oracle (US East). All instances are dual stack (IPv4 + IPv6)
I will try to keep the current IP sets as long as possible. Since instance IP might change, I’ll not publish a list of IP for this service. Please manually resolve dns.stevenz.net with A and AAAA records for use on unsupported devices.
Unsure which server you connected to? Simply lookup server.dns.stevenz.net‘s TXT record!

Usage

If your device support sdns:// protocol(DNS Stamps), you can use following links:
DNS over TLS
DNS over HTTPS
DNS over QUIC
Otherwise:
DNS over TLS: tls://dns.stevenz.net
DNS over HTTPS: https://dns.stevenz.net/dns-query
Regular DNS: dns.stevenz.net
Private DNS: dns.stevenz.net
Apple: Signed MobileConfig with DoT and DoH

If you wish to install a DoH file for apple systems, you would want to DIY a .mobileconfig file.

Notice

Since the resolvers are public-facing and provided free of charge, the service is provided “AS-IS” without uptime guarantee.
If you are not happy with this fact, you are welcome to host your own servers with AdGuard Home.

In addition, ALL PTR lookups to private facing IP address will be blocked. I have no interest in the network infrastructure of your place.

Custom Blocklists

# Block Private Network PTR
||10.in-addr.arpa^
||16.172.in-addr.arpa^
||17.172.in-addr.arpa^
||18.172.in-addr.arpa^
||19.172.in-addr.arpa^
||20.172.in-addr.arpa^
||21.172.in-addr.arpa^
||22.172.in-addr.arpa^
||23.172.in-addr.arpa^
||24.172.in-addr.arpa^
||25.172.in-addr.arpa^
||26.172.in-addr.arpa^
||27.172.in-addr.arpa^
||28.172.in-addr.arpa^
||29.172.in-addr.arpa^
||30.172.in-addr.arpa^
||31.172.in-addr.arpa^
||168.192.in-addr.arpa^
# Block Special-Use Domain Names
||home.arpa^
||home^
||invalid^
||example^
||local^
||test^
||localhost^

Scroll to Top