PubHole — Secure DoH Server with AdBlock and OpenNIC

PubHole is a DNS over HTTPS (DoH) server by archuser.org (at archuser.org) that offers two secure lanes for DNS traffic and standard DNS. It blocks ads and trackers and adds OpenNIC support that is only accessible with a special DNS server. PubHole is run by a single person out of pocket as a hobby with a “zero data out” policy. Data that can identify users NEVER leaves our server. EVER. All log files are stored in tmpfs, and it reboots every week, which securely wipes them. Logs are only used to prevent malicious use and ensure the server works.

What are the benefits of using PubHole?

PubHole is a secure DoT/DoH server (DNS over TLS/DNS over HTTPS) with encrypted traffic. They also provide Pi-hole DNS blocking (hence the name “PubHole) at a public level. The lists of blocked websites are available on our website, pubhole.archuser.org.

They also resolve DNS names on the OpenNIC DNS servers. This means that OpenNIC DNS server names like firebadnofire.libre (PubHole’s owner’s site) and grep.geek (a search engine for OpenNIC sites) will resolve. They encrypt all outgoing traffic, regardless of whether DoT/DoH is used. Outgoing traffic from the Pi-hole to the root DNS is also encrypted. User-to-server DNS, however, is still unencrypted if DoT/DoH is not used.

How to ensure your privacy is safe is outlined here: How to Easily Live an Untrackable Life

How to use PubHole Secure DNS with Chrome

First, type chrome://settings in your address bar. Then, go to Privacy and Security > Security

Then, switch on Use Secure DNS, and type https://doh.archuser.org/dns-query in the box below.

After that, all your browsing will use PubHole as the DNS server, to ensure it’s secure.

How to Use PubHole Secure DoT Server on iOS/macOS

You will have to download a profile to ensure you can use DNS over HTTPS or DNS over TLS. Luckily, our profiles are available at Paulmillr’s Repository.

Then, follow the instructions mentioned in the README file.

Using PubHole Without Encryption

While not recommended, we do support normal DNS without TLS or HTTPS for PubHole.

To use it, go to your system’s DNS settings and put the following IP addresses, replacing any others:

• IPv4: 66.228.61.140
• IPv6: 2600:3c02::f03c:94ff:fe86:115d

For Mac, DNS settings are available at Wi-Fi > Details > DNS.

On Windows, it’s slightly more complex, and we recommend the following article: https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10

On Linux, the DNS servers are located in /etc/resolv.conf

Some Linux distributions (such as Ubuntu and RHEL) use systemd-resolved instead of resolve.conf. The config file is located at /etc/systemd/resolved.conf and should look like this:

After editing it, you need to run sudo systemctl restart systemd-resolved

How to Check if PubHole Secure DoH is working?

Click the following link: https://check.archuser.org. The link is not accessible unless you are using the DNS server. It resolves to the following webpage:

If you do not get the webpage, then your DNS isn’t working.

Additionally, you can verify by going to a site only accessible with an OpenNIC DNS Server, like https://grep.geek.

Conclusion

The new DNS over HTTPS protocol provides more privacy against your ISP and from any onlookers, but it can often give more information to companies like Google. Therefore, you should choose a more private DoH provider. Our privacy policy is outlined in https://pubhole.archuser.org/privacy/, and we do not mine or sell your data.

Moreover, you can use our server as the base for your own DNS server if you choose to use it.