Xstl DNS is public DNS service enhances the privacy level with minimal overhead in the common use.
Xstl DNS is public DNS service enhances the privacy level with minimal overhead in the common use. (Updates)
| Type | Address | Upstream | Host |
|---|---|---|---|
| Do53, DoT, DoH (h3) | tls://dns.seia.io | CloudFlare DNS | SK Broadband, South Korea |
| Do53, DoT, DoH (h3) | tls://secondary.dns.seia.io | CloudFlare DNS | Oracle Cloud Platform, South Korea |
Features
Installation
If you’re using the profile distributed before Oct 2023, you should update your profile by removing and reinstalling.
sudo networksetup -setdnsservers Wi-Fi 116.121.57.111 140.238.14.191 and sudo networksetup -setdnsservers Wi-Fi emptydns.seia.io in Network Settings.116.121.57.111.140.238.14.191.You can connect all servers via tls://dns.seia.io or https://dns.seia.io.
There are things that you need to know before applying the DNS to your device.
Encrypted DNS hides its queries from Internet Service Providers by wrapping the packet using TLS tunnel or TLS-like protocol. There are two ways to provide encrypted DNS typically.
DoT(DNS over TLS, port 853) and DoH(DNS over Https, port 443), and both works when the connection established over valid certificate.
I provide DoT service to minimize the overhead.
DNS can be the failure point when internet disconnects temporarilly. DNS server works as a phone book by linking the website address and real IP address. So the outage of DNS server make the use of Internet unable.
Xstl DNS can be a better alternative if you’re already using the service from AdGuard or third-party ad blockers.
Our DNS doesn’t collect users’ IP address when logging. All instances are running behind of virtual bridge interface and the bridge is not forwarding any user information.
Comments
The type of privacy applied on this DNS service is TR.
Comments
See blocklist.txt for blocklist file applied to my serivce.
# priority
"https://get.dns.seia.io/blocklist.txt"
"https://raw.githubusercontent.com/yous/YousList/master/hosts.txt"
# suspicious
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt"
"https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt"
"https://someonewhocares.org/hosts/zero/hosts"
"https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts"
"https://winhelp2002.mvps.org/hosts.txt"
"https://v.firebog.net/hosts/neohostsbasic.txt"
"https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt"
"https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt"
# advertising
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts"
# tracking
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
"https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt"
"https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt"
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt"
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt"
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
# malicious
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://raw.githubusercontent.com/Te-k/stalkerware-indicators/master/generated/hosts"
"https://urlhaus.abuse.ch/downloads/hostfile/"
# other
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
Some domain names are allowed forcibly by default to avoid incorrect blocking:
Some domain names are loaded from Google DNS (8.8.8.8) to avoid service breakage with CloudFlare DNS (1.1.1.1):