OSZX DNS

UPDATE

We have recently added another secure DNS server named "PumpleX" This server is also located within the UK but does not filter ads unlike our OSZX server. It is uncensored, keeps no logs and is DNSSEC enabled.

×You may of noticed that our D-o-T (DNS over TLS) server was offline for a few hours a couple of days ago, Apologies if this affected you but it was for a good cause as we have successfully implemented TLSv1.3 on our server.

This is the newest version of TLS with extra security & performance benefits, This affects our DNS services and website but don't worry if your device/software does not yet support it as it will fall back to using TLSv1.2 if it is unable to use TLSv1.3

You may have also noticed little changes our site as we have been activly optimising it's code, in the same vein we have updated the server software and are now using our own custom compiled version of Nginx based on the latest release with performance enhancements such as pagespeed and brotli and implemented global cdn servers.

Every Website, PC or Modem connected to the Internet has a numerical IP address (Its Home address). A Domain Name Server (DNS) translates these numerical IP addresses into readable domain names we all know and remember (such as google.com), Put a simpler way.. A DNS server acts as a phonebook for the Internet.
the internet dns book
Back in 1983, when DNS has just been invented, DNS requests and responses were sent over the internet in clear text, and they still are. Now, with so much at stake on the internet, there is an additional need to encrypt DNS traffic.

If your DNS settings are not working correctly, or you’re still using your standard ISP (Internet Service Provider) defaults, You may be at risk of Censorship, Adverts, Cybercrime, Privacy invasion and Poor internet performance.

Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.

OSZX offers a free recursive DNS security solution using modern DNS encryption methods to protect you from these threats. Our DNS can improve your internet performance and protect your privacy, It is a fast and private way to browse the internet.

DNS over TLS (DoT)

By default, DNS is sent over a plaintext connection. DNS over TLS is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers over an encrypted connection via the Transport Layer Security (TLS) protocol through port 853 (some service's may support using port 443).
The goal of the method is to protect your privacy and prevent DNS hijacking and sniffing.

OSZX supports DNS over TLS on standard port 853 and is compliant with RFC7858.
DNS over DoT currently lacks native support in operating systems (Except Android Pie). Thus a user wishing to use it must install additional software.

Client Software

Client OS/HW

Android Pie | Asuswrt-Merlin | Xwrt-Vortex | OpenWRT

DNS over HTTPS (DoH)

DNS over HTTPS is a new protocol designed to encrypt and secure your DNS traffic via the HTTPs protocol, It prevents DNS hijacking and ISPs from sniffing your traffic.

Even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://oszx.co, anyone listening to packets on the network knows you are attempting to visit oszx.co.

To combat this problem, OSZX offers DNS resolution over an HTTPS endpoint for increased security and privacy.

DNS over HTTPS currently lacks native support in operating systems (Except Android Pie & Some 3rd Party Router Firmware).

Thus a user wishing to use it must install additional software to act as a proxy or a web browser that supports DoH.

Client Software

Client OS/HW

Android Pie | Asuswrt-Merlin | Xwrt-Vortex | OpenWRT

DNSCrypt v2

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It also mitigates UDP-based amplification attacks by requiring a question to be at least as large as the corresponding response. Thus, DNSCrypt helps to prevent DNS spoofing.

It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.

Client Software

Client OS/HW

Asuswrt-Merlin | Xwrt-Vortex | OpenWRT