You're NOT using our Secure DNS
Every Website, PC or Modem connected to the Internet has a numerical IP address (Its Home address). A Domain Name Server (DNS) translates these numerical IP addresses into readable domain names we all know and remember (such as google.com), Put a simpler way.. A DNS server acts as a phonebook for the Internet.
Back in 1983, when DNS has just been invented, DNS requests and responses were sent over the internet in clear text, and they still are. Now, with so much at stake on the internet, there is an additional need to encrypt DNS traffic.
If your DNS settings are not working correctly, or you’re still using your standard ISP (Internet Service Provider) defaults, You may be at risk of Censorship, Adverts, Cybercrime, Privacy invasion and Poor internet performance.
Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.
OSZX offers a free recursive DNS security solution using modern DNS encryption methods to protect you from these threats. Our DNS can improve your internet performance and protect your privacy, It is a fast and private way to browse the internet.
DNS over TLS (DoT)
By default, DNS is sent over a plaintext connection. DNS over TLS is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers over an encrypted connection via the Transport Layer Security (TLS) protocol through port 853 (some service's may support using port 443).
The goal of the method is to protect your privacy and prevent DNS hijacking and sniffing.
OSZX supports DNS over TLS on standard port 853 and is compliant with RFC7858.
DNS over DoT currently lacks native support in operating systems (Except Android Pie). Thus a user wishing to use it must install additional software.
Client Software
Stubby (Linux, macOS, Windows) | Unbound (Linux) | Systemd-Resolved (Linux) | Knot Resolver (Linux) | Tenta (Android) | AdGuard (Android)Client OS/HW
Android Pie | Asuswrt-Merlin | Xwrt-Vortex | OpenWRT
DNS over HTTPS (DoH)
DNS over HTTPS is a new protocol designed to encrypt and secure your DNS traffic via the HTTPs protocol, It prevents DNS hijacking and ISPs from sniffing your traffic.
Even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://oszx.co, anyone listening to packets on the network knows you are attempting to visit oszx.co.
To combat this problem, OSZX offers DNS resolution over an HTTPS endpoint for increased security and privacy.
DNS over HTTPS currently lacks native support in operating systems (Except Android Pie & Some 3rd Party Router Firmware).
Thus a user wishing to use it must install additional software to act as a proxy or a web browser that supports DoH.
Client Software
Chrome 66+ (Linux, Windows, macOS) | Firefox 62+ (Linux, Windows, macOS) | Bromite (Android) | Curl (Linux) | OkHTTP (Android, Java) | Curl-DoH (Linux) | DNSCrypt v2 Client (Linux, Windows, macOS) | DNSCloak (iOS) | Intra (Android) | AdGuard (Android)Client OS/HW
Android Pie | Asuswrt-Merlin | Xwrt-Vortex | OpenWRT
DNSCrypt v2
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It also mitigates UDP-based amplification attacks by requiring a question to be at least as large as the corresponding response. Thus, DNSCrypt helps to prevent DNS spoofing.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
Client Software
DNSCrypt-Proxy (Windows, macOS, Linux, Android +) | DoH-proxy (Python) | Pcap_DNSProxy (Windows, Linux, macOS) | YourFriendlyDNS (Windows, macOS, Linux, Android) | Simple DNSCrypt (Windows) | DNSCrypt-Proxy Switcher (macOS) | DNSCloak (iOS) | DNSCrypt Proxy (Android) | AdGuard (Android)Client OS/HW
IP:
tls_auth_name:
TLS SPKI Pin:
port: 853
IPv4-stamp:
2.dnscrypt-cert.oszx.co
port: 5353
IPv4 - DNSStamp:
IP:
tls_auth_name:
TLS SPKI Pin:
port: 853
IPv4-stamp:
IPv6-stamp:
2.dnscrypt-cert.pumplex.com
port: 5353
IPv4 - DNSStamp:
IPv6 - DNSStamp:
We use well known regularly updated ad-blocking lists for general ad blocking as well as specific lists to block ads on iOS Apps/Mobile/Youtube/Spotify/Smart TVs & Streaming Video sites.
All of the ad-blocking list that we use are automatically: updated every 24hrs, Checked for errors, Combined and Stripped of duplicate entrys.
We use the following ad-blocking lists from the following sources
https://pgl.yoyo.org/adservers/index.php
Yoyo-List.txt
https://github.com/deathbybandaid/..
AakList.txt
AdAway-Default-Blocklist.txt
Adblock-YouTube-Ads.txt
https://github.com/austinheap/sophos..
AdGuard.txt
Dan-Pollock-Someonewhocares-org.txt
EasyList.txt
MVPS-Hosts-File.txt
Steven-Blacks-AD-Hoc-List.txt
SpotifyAds.txt
https://v.firebog.net/hosts/
AdguardDNS.txt
https://disconnect.me/
Simple_Ad.txt
https://github.com/Akamaru/Pi-H..
AppAds.txt
HbbTV.txt
Youtube.txt
http://www.squidblacklist.org/..
DG-Ads.acl
https://github.com/w13d/adblo..
Spotify.txt
https://hosts-file.net/?s=Download
Ad_Servers.txt
https://tgc.cloud
iOSAds.txt
https://github.com/r-a-y/mobile-hosts
AdguardMobileAds.txt
https://github.com/anudeepND/blacklist/
AdServers.txt
https://github.com/lightswitch05/hosts/
Ads-And-Tracking.txt
https://github.com/FadeMind/hosts.extras/
StreamingAds.txt
https://github.com/shounak-de/iblocklist..
Blacklist-Domains.txt
If anyone has any requests/recommendations or would like to report a problem regarding the AD blocking lists please use the contact form below, We have plans to implement list/domain blocking requests/votes and fault repoting facilities in the future.
If you would like to check if a domain is being blocked please use the
online blacklist check form below.