Â̲èÖ±²¥ Public DNS
Public DNS resolver (beta) for the Swiss Internet community
The Â̲èÖ±²¥ Public DNS service is accessible using transport encryption protocols. Our servers are located in data centers in Zurich and Lausanne and provide low latency from within Switzerland.
In addition to an encrypted communication channel, the DNS resolver service provides, by default, the following security features:
- DNSSEC validation protects from forged or manipulated DNS data from upstream servers
- DNS Query Name Minimisation to improve privacy
- Â̲èÖ±²¥ DNS Firewall blocks access to infected or malicious websites and redirects users to a landing page
The DNS resolver service blocks domain names listed in the block list by the Swiss gaming law "Geldspielgesetz (BGS)".Â
Servers
Host name (DoT):
- dns.switch.ch
URL (DoH):
- https://dns.switch.ch/dns-query
IP addresses:
- 130.59.31.248
- 130.59.31.251
- 2001:620:0:ff::2
- 2001:620:0:ff::3
Supported protocols:
- DNS over TLS (DoT) as defined in RFC 7858 on port 853/TCP
- DNS over HTTPS (DoH) as defined in RFC 8484 on port 443/TCPÂ
Motivation
More and more client applications add support for encrypted DNS protocols. For example Androidhas built-in support and automatically upgrades to DoT if a network's DNS server supports it. Web browsers such as Mozilla Firefox or Chrome have added DoH support. We want to provide our users the ability to use our DNS servers when located outside the Â̲èÖ±²¥ network. Encrypted DNS protocols such as DoT or DoH provide privacy between the client application and the Â̲èÖ±²¥ DNS resolver. This eliminates opportunities for eavesdropping and on-path tampering with DNS queries. For a list of supporting client software, see the list maintained by the DNS Privacy Project.Â
Configure your Client
Terms of Service
These terms of service only applies to users using the Â̲èÖ±²¥ Public DNS service which are not Â̲èÖ±²¥ network users.
Privacy
This privacy policy describes the policies and procedures for the Â̲èÖ±²¥ Public DNS service which provides DNS resolution service for stub resolvers (often called clients), when used by non-Â̲èÖ±²¥ network users. Â̲èÖ±²¥ Public DNS utilizes Â̲èÖ±²¥ DNS Firewall service where we temporarily block DNS resolution to malicious websites (e.g. websites distributing malicious code or phishing websites).