The first port of call for any privacy sensitive use should be our Privacy Policy.
For best results, you should configure your DNS-over-TLS (DoT) client to use
for resolution
However, if you don't want to allow your resolver to do a lookup first, you can configure the following IPs, and instruct your resolver to verify that a valid cert is provided with the tls_auth_name dns.bentasker.co.uk.
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: xx.xx.xx.xx@853#dns.bentasker.co.uk
forward-addr: yy.yy.yy.yy@853#dns.bentasker.co.ukFor more information, see how to configure unbound for upstream DoT
For best results, you should configure your DNS-over-TLS (DoT) client to use
for resolution
However, if you don't want to allow your resolver to do a lookup first, you can configure the following IPs, and instruct your resolver to verify that a valid cert is provided with the tls_auth_name dns.bentasker.co.uk.
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: xx.xx.xx.xx@1853#dns.bentasker.co.uk
forward-addr: yy.yy.yy.yy@1853#dns.bentasker.co.ukFor more information, see how to configure unbound for upstream DoT
Configure your DNS-over-HTTPS client to place queries via
By default, ECS information will be included in upstream queries. If you do not want this, you should ensure your DoH client is set to request that ECS is not used.
network.trr.uri: https://dns.bentasker.co.uk/dns-query network.trr.disable-ECS: false network.trr.mode: 2