Location: Sydney, Australia
In an elevated Terminal run the following:
Add-DnsClientDohServerAddress -ServerAddress 45.76.113.31 -DohTemplate https://doh.seby.io/dns-query -AutoUpgrade $True
In Settings-> Network & internet -> Advanced network settings -> [your network adapter] -> View Additional Properties -> DNS server assignment Edit
Under DNS server assignment press the Edit button and set it to Manual. Next flip the IPv4 swith to ON and the enter 45.76.113.31
and 139.99.222.72
as the DNS servers
Finally choose Encrypted only (DNS over HTTPS)
and hit save
Download the DNS profile or create your own: https://dns.notjakob.com/tool.html
IPv4 address: 45.76.113.31
This server is also part of the NTP pool project
HTTP/2 port: 443
Hostname: doh.seby.io
Path: /dns-query
Stamp: sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA9kb2guc2VieS5pbzo0NDMKL2Rucy1xdWVyeQ
dnscrypt-proxy -show-certs
TLS Setup: ImmuniWeb report
TLS port: 853
Hostname: dot.seby.io
Out-of-Band public key pin: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
kdig -d @45.76.113.31 +tls-ca +tls-host=dot.seby.io example.com
TLS Setup: ImmuniWeb report
server: port: 53 forward-zone: name: "." forward-tls-upstream: yes forward-addr: 45.76.113.31@853
The server configuration is freely available on github:
https://github.com/publicarray/dns-resolver-infra
If there are any problems please open an issue.
Notes:
While the resolver is freely available abuse will not be tolerated.
To deal with abuse I may need to capture limited amount of traffic,
this will be discarded after the abuse is dealt with.