Take Back
Your Digital Privacy.

DeCloudUs is a secure, private, free, open source DNS resolver with no logs.

Completely block Google tracking, annoying ads, other online trackers, and protect your computer from malware.

Easily deGoogle and unGoogle your phone, tablet, and computer.

Supports DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH).

Get Started

Digital Content Next – Prof. Douglas C. Schmidt, Vanderbilt University

Why?

Privacy is a right that we willingly surrender for the sake of convenience.

I work in the cyber security field and I am often amazed by the level of privacy intrusions we tolerate on daily basis.

The simple fact is: almost everything you do online is tracked by some company or another. It takes a bit of work to keep your privacy intact when you use your phone or computer.

The biggest privacy offender of them all is Google:

  • 9 out of 10 top online trackers belong to Google.
  • Google can track your online activities even on Apple devices and even if you never sign into a Google account.
  • Google aggregates all data it learns about you. That data is given to other entities as outlined in Google's policy.
  • With many sites using embedded Google trackers (such as Google Analytics), you will often not realize Google is tracking you.
  • Yes, it is possible to block Google out of your online life. At least start by blocking Google on your mobile devices!

Features

Here is how DecloudUs DNS protects your online activities

DeGoogle/UnGoogle

Everytime your device tries to connect to any Google service, DeCloudUs DNS will tell your device to connect to 0.0.0.0.

Ad Blocking

DeCloudUs DNS will block annoying ad banners, pop-ups, and video ads once and for all.

Privacy Protection

Your DNS queries are ALWAYS encrypted. A multitude of online trackers are blocked that monitor your activities.

Speed Your Browsing

With all the ads and trackers blocked, your devices will only focus on displaying the content you want to view.

Malware Protection

DeCloudUs DNS blocks known malicious domains that serve malware to give you more piece of mind.

Free and Open Source

The project is built on Open Source and is free to use. Servers hosted in Germany. We keep no logs.

9,700

Blocked Google Sites

440,000

Blocked Ad Sites

27,000

Blocked Malware Sites

100

Percent Total Uptime
(Production last 30 days)

Get Started

All servers are free to use! Test servers are fully functional but not as reliable as Production. I am asking for donations (any amount) for Production to help pay for the servers hosting cost.
Here are the options to connect to DeCloudUs DNS servers.

Free

Test Server

  • Hosted in Germany
  • Supports DNSCrypt, DoT, and DoH
  • All DeCloudUs DNS Features
  • Used for Testing New Block Rules and Upgrades
  • May be Unstable and Prone to Downtime
  • Small Server Doesn't Scale With Higher Demand
  • Maybe Throttled and Slow With Large Number of Queries
  • Ideal for Testing and Trying Out the Service
DNSCrypt:
also listed on DNSCrypt official public list

IPv4 Stamp: sdns://AQMAAAAAAAAAEjE3Ni45LjE5OS4xNTg6ODQ0MyD73Ye9XeCsS7TdFu9fRP7s5k-0aL91yygulGVmeOAKLh4yLmRuc2NyeXB0LWNlcnQuRGVDbG91ZFVzLXRlc3Q
IPv6 Stamp: sdns://AQMAAAAAAAAAG1syYTAxOjRmODoxNTE6MTFiMDo6M106ODQ0MyD73Ye9XeCsS7TdFu9fRP7s5k-0aL91yygulGVmeOAKLh4yLmRuc2NyeXB0LWNlcnQuRGVDbG91ZFVzLXRlc3Q

DoT: dns.decloudus.com

DoH: https://dns.decloudus.com/dns-query

Any Amount

Production Servers

  • Hosted in Germany
  • Supports DNSCrypt, DoT, and DoH
  • All DecloudUs DNS Features
  • Prime Production Servers
  • Stable with 100% Availability Target
  • Large Servers With More Added as Demand Increases
  • No Throttling. Fast DNS Responses
  • Ideal for All of Your DNS Needs

Donate To Recieve Server Details


After successfully completing PayPal donation, you will be redirected to a thank you page with instructions on how to access Production servers. Please save that page and the info in it for future access and reference. Please Contact Me if you do not recieve server access after PayPal donation or after you make a Bitcoin donation.

How to Connect Your Devices

There are many different ways to connect your devices to DeCloudUs DNS. You can connect using DNSCrypt, DNS over TLS (DoT), or DNS over HTTPS (DoH) . You can simply search the Internet for how to connect a particular device using one of these protocols.

To get you started, here are the easiest ways:

Android 9 and above supports DNS over TLS (DoT) out of the box. Here is how to enable that feature:

  1. Open Settings menu.
  2. If your Settings allow for search, type the following Private DNS.
  3. If your Settings do not allow search, click on Connections. Then click More connection settings.
  4. Click on Private DNS and a popup menu will open with options.
  5. Select Private DNS provider hostname option.
  6. On the line below that option, type in the DoT address for DeCloudUs DNS.

For Android 8 and below there is no native support for secure DNS. You will need to download an app and configure it to use secure DeCloudUs DNS. Here are some recommendations:

  • - Find an app that allows you to use DoT, DoH, or DNSCrypt.
  • - A mobile app worth mentioning is InviZible Pro that allows you to use DNSCrypt.
  • - Follow DNSCrypt instructions outlined in the DNSCrypt tab.

iOS devices do not have native support for secure DNS protocols yet. To use secure DNS, you will need to download an app that extends these protocols. One recommended app is DNSCloak that offers DNSCrypt integration.

  1. Download DNSCloak from iOS app store.
  2. Add DeCloudUs DNS resolvers to app configuration.
  3. One option is to use [static] configuration option. See screenshots in this section for example and also the DNSCrypt tab for more details.
  4. The preferred option is add DeCloudUs DNS resolver list that will get automatically updated as more servers are added. See screenshots in this section for example and also DNSCrypt tab for more details.
  5. After the servers are added, click on Use this server to activate it.
  6. Feel free to click around and explore app further.




When using your Mac or PC (windows or linux), all the ads, trackers, malware, Google services, etc.. you encounter will be from your browser. The fastest and most efficient way in this case is to configure your browser to use secure DNS. Firefox is privacy friendly and it has native support for DNS over HTTPS (DoH). This works on any Mac or PC with Firefox:

  1. Open Firefox Preferences to access Firefox settings.
  2. In the settings search bar, type DNS and search.
  3. Click Settings that comes up in the search results.
  4. Scroll down in the settings menu to the DNS over HTTPS section. Check the box next to Enable DNS over HTTPS to enable it.
  5. Select Custom for the Use Provider option.
  6. In the Custom input field, put the DeCloudUs DoH server info provided. Click OK to apply settings.

Note: sometimes Firefox may still show major Google user sites such as www.google.com and www.youtube.com; however, other Google domains ads, malware, etc.. will be effectively blocked.
In order to ensure Firefox will not fallback to default network DNS because some sites are blocked, you have to change Firefox configuration setting to no fallback:
1. Load about:config in the Firefox address bar.
2. Click to confirm that you will be careful if the warning page is displayed.
3. Search for network.trr.mode and double-click on the name.
4. Set the value to 3 to make DNS Over HTTPS the browser's default DNS resolver with no fallback.



DNSCrypt protocol provides private, secure, and even anonymous DNS that is second to none.

DNSCrypt protocol is fairly simple to understand and implement. It can be used for one device or your entire home network.

For a details on how to use DNSCrypt, please check the official installation documentation: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation

In the instructions below, I will share configuration examples for DeCloudUs DNS.

  • - To configure DNSCrypt proxy to use DeCloudUs DNS servers, you will need to ensure you set the configuration file dnscrypt-proxy.toml to use DeCloudUs servers.
  • - One way to use DeCloudUs servers is to leverage [static] resolver settings in dnscrypt-proxy.toml file. This is the fastest way to get started.
  • [static]
    [static.'DeCloudUs-Prod']
    stamp = 'sdns://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  • - You should copy and paste the stamp value from the details provided to you to ensure the stamp value exactly matches exactly to avoid errors..
  • - Finally, you will need to ensure that your DNSCrypt proxy will use DeCloudUs DNS server. This can be done by specifying server name as follows (same name used in [static] configuration):
  • server_names = ['DeCloudUs-Prod']
  • - A better strategy is to add DecloudUs DNS private resolver list to your DNSCrypt proxy configuration. DNSCrypt will periodically fetch the latest DeCloudUs DNS server list and stamps. As more servers are added, they will automatically become available for you to use without you reaching out to me for updated server connection details.
  • - The Test Server details will always be available and updated on this site. When you donate, you will recieve details on how to connect to Production servers. This will include a snippet of configuration that you can add to DNSCrypt proxy configuration to automatically fetch our server list. Here is an example:
  • [sources.'DecloudUs-resolvers']
    urls = ['https://dns.example.com/resolvers.md']
    minisign_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    cache_file = 'DeCloudUs-resolvers.md'
    refresh_delay = 72
    prefix = ''
  • - Finally, you will need to ensure that your DNSCrypt proxy will exclusively use DeCloudUs DNS servers in order to effectively block unwanted traffic. This can be done in two ways:
  • - One: you can add the name of the resolver directly in the server name parameter
  • server_names = ['DeCloudUs-Prod']
  • - As more resolvers are added, you can add their names to the same field as follows:
  • server_names = ['DeCloudUs-Prod', 'DeCloudUs-Prod2', 'DeCloudUs-Prod3']
  • - Another way: you can remove or "comment out" (by adding #) the public resolvers from DNSCrypt proxy configuration file. So the public resolvers under sources section should look like this:
  • # [sources.'public-resolvers']
    # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
    # cache_file = 'public-resolvers.md'
    # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
    # prefix = ''
  • - You will also have to ensure the following parameters are set EXACTLY as shown here:
  • require_nofilter = false
    lb_strategy = 'p2'
  • - You will then disable the server names section (remove it or comment out) in order to let DNSCrypt proxy automatically use ALL of DeCloudUs DNS servers:
  • # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']

Frequently Asked Questions

These are the commonly asked questions I recieve. Please give them a look as they will address a few more topics that were not mentioned above.
If you have another question, please feel free to contact me.

  • Using a custom ROM or mobile operating system that respects your privacy is an ideal solution. Rooting your phone to remove Google services can also work well. However, there are a few reasons for why that would not be possible:

    • You have a work phone that you cannot root or load custom ROM on
    • Your existing phone is not supported by deGoogled/unGoogled custom ROMs (and you cannot afford to get a new phone).
    • You do not have the technical knowledge to root your phone

    In such cases and others, deGoogling/unGoogling your phone via DNS block is a good alternative.

  • Well, here is a suggestion: why not use both! NetGuard will completely block certain apps you choose from ever connecting to the Internet, which can be used to block Google specific apps. I first started doing that, but then I noticed my phone was still talking to Google too much. There are many other apps we have installed that use Google services (for example banking apps that use Google analytics services) in addition to most sites that also use Google services to track my mobile browsing activities. NetGuard will not be able to help there. However, if you block your phone from connecting to Google domains via DNS, that applies to Google apps, browser, banking apps, etc.

  • I only use secure DNS protocols, that's why DeCloudUs DNS supports popular secure DNS protocols: DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH). As an end user, DNS/53 is really not good for your privacy or security. As a DNS resolver operator, DNS/53 will significantly increase the attack surface on the servers and will make it really difficult to provide value to the community.

  • Yes, you certainly can! But you should think through some alternatives to services you use: search engine, email provider, cloud backup, browser, etc. In fact, there is subreddit dedicated to deGoogling and they took time to curate a list of alternative services you can use to replace Google:
    https://www.reddit.com/r/degoogle/comments/g1yu01/google_alternatives_huge_list_restore_your_privacy/
    A special mention for youtube replacement. It can be difficult to find content you want on other video platforms, so here is a tip:
    Invidio.us is a great Youtube proxy that allows you to watch any Youtube video without logging in, even if the video is somehow restricted. To do this, simply replace [www.youtube.com] with [invidio.us] in the URL you want to view.

  • First, there is no company on Earth that collects as much data about you than Google. To make matters worse, often times, you have no choice in the matter because Google services are everywhere and used by the majority of the web. Even if you don't have Gmail or use Google maps, Google still collects data about you. Even if you don't use Android at all, Google still collects data about you.
    It is not just about what Google does with your information, but from a security perspective, the aggregation of all that data in one place is very dangerous; just think of what would happen if the data gets into the wrong hands (hackers, governments, ex-wife, etc).
    If you consider other companies that track you, you have more choice and options in the matter (although Facebook is another area of concern as I have seen their trackers without anyone actually using Facebook). For example, if you are worried about Samsung phone or smart TV tracking your activities, then don't buy it and find an alternative; if you do that, Samsung won't track you.

  • No, you are more than welcome to use the Test Server without any contribution. I outlined above the differences between the Test Server and the Production Servers. My intention is to operate Production Servers on the community-based principle that those people who contribute to a service should be the ones who benefit the most from it. Otherwise, I won't be able to keep the servers running. The larger the community of supporters grows, the more Productions Servers will also grow to ensure fast and smooth responses.

  • I sure can, but the question is: how many other people will find the same blocking rules valuable? Generally, I started DNS servers that block Google because no one else was running public resolvers that did that (at least not that I have found). So I started my own and I want to offer it to the community. If there is a demand from the community to add more servers that block more things (like adult sites, social media sites, etc), I am happy to do it but that ultimiately depends on the level of financial backing and support from the community.

    If you wish to adopt/sponsor a DNS server, please feel free to contact me. Tell me what additional sites you wish to block and we will go from there. After the server is launched, it will be available to the entire community to use with a special thank you note to the sponsor.

  • Please contact me and I will certainly look into it. Please let me know the following:

    • The exact URL that is not being blocked (otherwise it will be a wild goose chase!)
    • The server you are using (DoT/DoH URL or DNSCrypt stamp).

  • If you see Quad9 and Cloudflare DNS servers, then rest assured that your DNS is configured properly! Here is what happens behind the scenes:
    DeCloudUs DNS resolvers use Quad9 and Cloudflare as upstream servers (after applying all the filtering rules). Each non-filtered query made to DeCloudUs DNS is forwarded to a different Quad9 or Cloudflare upstream server. Quad9 and Cloudflare ONLY see DeCloudUs as the "client" making the query. So, you make the DNS request to DeCloudUs DNS servers; then DeCloudUs resolvers will either filter/block it (if it is a Google domain, ad, tracker, malware, etc) or DeCloudUs will go out to a number of public resolvers to get the DNS responses on your behalf and then hand these responses back to you. There is no way Quad9 or Cloudflare will ever know who actually made that request or you IP address.
    DeCloudUs DNS servers use Quad9 and Cloudflare as upstream servers as this enhances response time and significantly increases performance and the number of requests DeCloudUs can handle in parallel. And since this in no way impacts user privacy, it is a win-win.

  • That's understandable. Everyone is different when it comes to the level of dependency on Google services, so different people will have different privacy goals and strategies. But here are a couple of ideas to balance privacy with functionality:

    For mobile devices: you can set phone resolver to one that blocks Google, ads, trackers, etc (such as DeCloudUs DNS) as outlined in the How To section. Meanwhile, you can also install a secure browser, such as Bromite and have ONLY this browser use a different DNS resolver (such as Quad9 DoH) via the browser DNS settings. This means your mobile device overall will be deGoogled, but when you know you need to access a Google site or service (or even certain sites that use CAPTCHA), you can specifically use Bromite browser for these.

    For PC/mac device: you can use Firefox and set DoH in browser settings to use something like DeCloudUs DNS (again, to block Google, ads, trackers, etc) as outlined in the How To section. You can then also install another browser and only use that other browser when you need to access a Google site or service. This other browser would you use your system regular DNS settings, which will not block Google.

    Assuming you deGoogle your entire home network (use DeCloudUs DNS as resolver in your home router or as upstream resolver for your local DNS) as outlined in the How To section: in this case, you can use Firefox/Chromium-based-browser DoH settings to bypass Google blocking (such Quad9 DoH). Then you would only use that browser when you know you need to access sites that use Google services.

    That way, you can control what/when/how you use Google services; otherwise, Google is blocked by default.

Contact Me

If you want to get in touch, please use the form below. I will reply back to the email address provided.

If you are not able to use the form or wish to email me directly, you can send me your message here (Note that this address may be changed if spam emails become endless. I will update it here if I change it):

For Bitcoin Donation: please email me immediately after making the donation to obtain the Production servers details. In your message, please note your sender address and the exact BTC amount.

For General Inquiries: please feel free to email if you have any question or feedback.

For Inquiries to adopt/sponsor a server: please send me information about the additional blocking you wish the server to do and we can go from there.

For Blocking an Ad or Google URL: please email me the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be blocked.

For Whitelisting Requests: please email me the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be whitelisted along with a brief reason to explain why.