Privacy is a right that we willingly surrender for the sake of convenience.
The simple fact is: almost everything you do online is tracked by some company or another. It takes a bit of work to keep your privacy intact when you use your phone or computer.
This is where DeCloudUs can help you enhance your privacy. DeCloudUs DNS servers block annoying ads, online trackers, and protect your computer from known malware sites. If you visit a site or use a mobile app that uses Google analytics, Facebook pixel, ads, etc, you no longer have to worry about what information is being collected without your knowledge as DeCloudUs DNS will be working hard behind the scenes blocking requests that can compromise your privacy and security.
DeCloudUs DNS offers servers that give you the option to deGoogle and unGoogle any device, mobile phone, browser, computer, etc. The reason is simple: Google is in a league of its own when it comes to data collection. Here are a few simple facts:
- 9 out of 10 top online trackers belong to Google.
- Google can track your online activities even on Apple devices and even if you never sign into a Google account.
- Google aggregates all data it learns about you. That data is shared and given to other entities as outlined in Google's policy.
- With many sites using embedded Google trackers (such as Google Analytics, Tags, Fonts, etc), you will often not realize Google is tracking you.
- DeGoogling via DNS can be more effective than having a custom DeGoogled ROM since DeCloudUs DNS will not only block Google from your phone OS service, but will also block Google in all apps and sites you use.
- The vast majority of sites you visit on daily basis will work just fine when using DeCloudUs DNS.
- When opting to deGoogle with DeCloudUs DNS, you can can choose to have some Google services accessible like Mobile App Notifications, YouTube, Gmail, etc.
Yes, it is possible to block Google out of your online life. At least start by blocking Google on your mobile devices!
Option to DeGoogle
Everytime your device tries to connect to any Google service, DeCloudUs DNS will tell your device to connect to 0.0.0.0.
DeCloudUs DNS will block annoying ad banners, pop-ups, and video ads once and for all.
Your DNS queries are ALWAYS encrypted. A multitude of online trackers are blocked that monitor your activities.
Speed Your Browsing
With all the ads and trackers blocked, your devices will only focus on displaying the content you want to view.
DeCloudUs DNS blocks known malicious domains that serve malware to give you more peace of mind.
Free and Open Source
The project is built on Open Source and is free to use. Servers hosted in Germany. We keep no logs.
Blocked Google Domains
Blocked Ad & Tracker Sites
Blocked Malware Sites
Percent Total Uptime
(Production last 30 days)
Premium Servers Options
The "Original" DeCloudUs DNS
Alpha DNS servers are the "original" DeCloudUs DNS Premium servers where Google services and tracking are completely blocked (to fully deGoogle/unGoogle your device or your entire life, if you wish). In addition, the servers will also block ads, online trackers, and known malware sites. If you are comitted to your online privacy, this is a great way to protect you privacy whether you configure it on your browser, your device, or even your entire network, you can reset assured DeCloudUs Alpha DNS is blocking sites and services that can compromise your privacy without your knowledge.
DeCloudUs Test Server (information in section below) is based on DeCloudUs Alpha DNS.
Keep Essential Google Services Running
Zulu DNS servers were built based on popular demand for "deGoogle/unGoogle light". Unlike Alpha DNS servers (that will completely block Google), Zulu DNS servers blocks most Google domains and tracking, but will allow some popular Google services to work, such as YouTube, Gmail, Google Search, Google CAPTCHAs, and Android App Notifications.
Basically, Zulu servers will allow some essential Google services to function that some people want to keep using; these services would track you and impact your privacy ONLY if you choose to use them; for example, Google search (www.google.com) cannot track your searches unless you specifically and knowingly use Google search and the same goes for YouTube, Gmail, etc.
With that said, Zulu DNS servers will still block most other Google services that run behind the scenes on many apps and sites and track you without your knowledge or consent (like Google fonts, tag manager, etc). In addition, the DNS servers will also block ads, online trackers, and known malware sites.
To see complete list of domains/services that Zulu DNS allows, please visit the whitelist: https://decloudus.com/zulu-whitelist.txt
Advanced Blocking For Ads, Trackers, and Malware
Echo DNS servers were built to provide more value for Premium contributors. Echo servers block ads (including Google Ads), trackers (including all Google trackers), and known malware sites while leaving non-ad and non-tracker Google services and sites running. Echo DNS servers are best suited for devices or an entire home network where Google services are in wide use, but you still wish to enhance your privacy and online safety.
Remember that Premium contributors have access to all these servers. So you can use different DNS servers for different devices depending on your privacy goals. Echo servers give you more flexibility and choices.
Test ServerFree to use
- Hosted in Germany
- Supports DNSCrypt, DoT, and DoH
- All DeCloudUs DNS Features
- Used for Testing New Rules and Upgrades
- May be Unstable and Prone to Downtime
- No Redundancy for Failover
- Small Server Doesn't Scale With Demand
- Maybe Throttled and Slow With High Usage
- Only One Server Option Based on Alpha DNS
- Ideal for Testing and Trying Out the Service
DNSCrypt: listed on DeCloudUs public resolver list
DNSCrypt Server Names:
This server is free and will always be free.
Go ahead and give it a try.
If you like what the project has to offer and you find it useful in enhancing your online and digital privacy, please consider becoming a monthly contributor (subscriber) to receive Premium Servers access.
- Hosted in Germany
- Supports DNSCrypt, DoT, and DoH
- All DeCloudUs DNS Features
- Prime Production Servers
- Stable with 100% Availability Target
- Redundant with Failover Plan
- Large, Scalable, Dedicated Servers
- No Throttling. Fast DNS Responses
- Multiple Server Options (see section above)
- Ideal for All of Your DNS Needs
Become A Contributor To Receive Server Access
PayPal is recommended if you already have a PayPal account. Stripe is recommended when you do not have PayPal account. PayPal and Stripe are the largest and most secure payment
After successfully completing contribution (subscription) payment, you will be redirected to a thank you page. A few minutes after that, you will receive an email (via email address you use with PayPal or Stripe) that will contain the access details for Premium Servers. Please ensure you also check junk/spam folder. Please Contact Us if you do not receive the email message after 15 minutes.You can find DeCloudUs terms here.
Android 9 and above supports DNS over TLS (DoT) out of the box. Here is how to enable that feature:
- If your Settings allow for search, type the following
- If your Settings do not allow search, click on
Connections. Then click
More connection settings.
- Click on
Private DNSand a popup menu will open with options.
Private DNS provider hostnameoption.
- On the line below that option, type in the DoT address for DeCloudUs DNS.
For Android 8 and below there is no native support for secure DNS. You will need to download an app and configure it to use secure DeCloudUs DNS. Here are some recommendations:
- - Find an app that allows you to use DoT, DoH, or DNSCrypt.
- - A mobile app worth mentioning is InviZible Pro that allows you to use DNSCrypt.
- - Follow DNSCrypt instructions outlined in the DNSCrypt tab.
As of iOS 14, iPadOS 14, tvOS 14 and macOS Big Sur, Apple devices now have native support for secure DNS protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). It is highly recommended you configure either DoT or DoH for your device. Here is how to configure your Apple devices to use DeCloudUs DoT or DoH:
- From your Apple device, go to DeCloudUs Apple DNS Profile Creation page.
- Enter a profile name and either a DeCloudUs DoT or DoH address you wish to use.
Download Profileand open go to where the .mobileconfig downloaded on your Apple device and click to open it.
- Go where the .mobileconfig file downloaded on your Apple device (most likely Downloads folder) and click to open it.
Settingsapp in iPhone/iPad or
System Preferencesin MacBook.
- Go to
Profile Downloadedin iPhone/iPad or
- Select the profile you created click to install (right corner).
- Accept warnings and follow on-screen steps to activate the DNS profile.
- After successfully installing the profile, you can see it activated in your Settings.
Note: The generated profiles are not signed. This is normal and still secure since you are generating the DNS profile yourself, you are using DeCloudUs DNS secure website to generate this profile, and you are downloading the profile directly on the device via secure connection (HTTPS).
When using your Mac or PC (windows or linux), all the ads, trackers, malware, Google services, etc.. you encounter will be from your browser. The fastest and most efficient way in this case is to configure your browser to use secure DNS. Firefox is privacy friendly and it has native support for DNS over HTTPS (DoH). This works on any Mac or PC with Firefox:
- Open Firefox
Preferencesto access Firefox settings.
- In the settings search bar, type
Settingsthat comes up in the search results.
- Scroll down in the settings menu to the DNS over HTTPS section. Check the box next to
Enable DNS over HTTPSto enable it.
- In the
Custominput field, put the DeCloudUs DoH server info provided. Click OK to apply settings.
Note: sometimes Firefox may still show major Google user sites such as www.google.com and www.youtube.com; however, other Google domains ads, malware, etc.. will be effectively blocked.
In order to ensure Firefox will not fallback to default network DNS because some sites are blocked, you have to change Firefox configuration setting to no fallback:
about:config in the Firefox address bar.
2. Click to confirm that you will be careful if the warning page is displayed.
3. Search for
network.trr.mode and double-click on the name.
4. Set the value to 3 to make DNS Over HTTPS the browser's default DNS resolver with no fallback.
DNSCrypt protocol provides private, secure, and even anonymous DNS that is second to none.
DNSCrypt protocol is fairly simple to understand and implement. It can be used for one device or your entire home network.
For details on how to use DNSCrypt, please check the official installation documentation: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation
In the instructions below, wewill share configuration examples for DeCloudUs DNS.
- - To configure DNSCrypt proxy to use DeCloudUs DNS servers, you will need to ensure you set the configuration file
dnscrypt-proxy.tomlto use DeCloudUs servers.
- - One way to use DeCloudUs servers is to leverage
[static]resolver settings in
dnscrypt-proxy.tomlfile. This is the fastest way to get started.
- - You should copy and paste the stamp value from the details provided to you to ensure the stamp value exactly matches exactly to avoid errors.
- - Finally, you will need to ensure that your DNSCrypt proxy will use DeCloudUs DNS server. This can be done by specifying server name as follows (same name used in [static] configuration):
stamp = 'sdns://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
server_names = ['DeCloudUs-Prod']
- - A better strategy is to add DecloudUs DNS private resolver list to your DNSCrypt proxy configuration. DNSCrypt will periodically fetch the latest DeCloudUs DNS server list and stamps. As more servers are added, they will automatically become available for you to use without you reaching out to us for updated server connection details.
- - The Test Server details will always be available and updated on this site. When you subscribe, you will receive details on how to connect to Production servers. This will include a snippet of configuration that you can add to DNSCrypt proxy configuration to automatically fetch our server list. Here is an example:
- - Finally, you will need to ensure that your DNSCrypt proxy will exclusively use DeCloudUs DNS servers in order to effectively block unwanted traffic. This can be done in two ways:
- - One: you can add the name of the resolver directly in the server name parameter
- - As more resolvers are added, you can add their names to the same field as follows:
- - Another way: you can remove or "comment out" (by adding #) the public resolvers from DNSCrypt proxy configuration file. So the public resolvers under sources section should look like this:
- - You will also have to ensure the following parameters are set EXACTLY as shown here:
- - You will then disable the server names section (remove it or comment out) in order to let DNSCrypt proxy automatically use ALL of DeCloudUs DNS servers:
urls = ['https://dns.example.com/resolvers.md']
minisign_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
cache_file = 'DeCloudUs-resolvers.md'
refresh_delay = 72
prefix = ''
server_names = ['DeCloudUs-Prod']
server_names = ['DeCloudUs-Prod', 'DeCloudUs-Prod2', 'DeCloudUs-Prod3']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
# cache_file = 'public-resolvers.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# prefix = ''
require_nofilter = false
lb_strategy = 'p2'
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
Is DNS blocking really effective for deGoogling/unGoogling, blocking ads, trackers, malware, etc?
Yes, it absolutely is! DNS level blocking can actually be more effective in deGoogling and blocking ads, trackers, malware, etc than other methods. For example, if you configure your smart phone or tablet to use DeCloudUs DNS, you will effectively block all Google services, trackers, ads, etc from running anywhere on the device, whether it is within the operating system, mobile apps, or browser; so one simple DNS setting change on your device will have such a wide impact.
When we were trying to find easy and effective ways for us to deGoogle, we were not sure at first that DNS blocking would be effective. So we watched the network traffic generated by my smart phone for about a month; to my surprise, we found that all Google services on my phone were completely dead and there was no unexpected traffic between my phone and Google, trackers, or ad services. It is possible that an app on the phone is hardcoded to use other DNS resolvers but this is rare and not common, espeically for Google apps and services that seem to always use the DNS service you specify.
Best of all, you can try and see for yourself how effective DeCloudUs DNS can be for your own needs! Go ahead and try the Test Server on your devices or network, it is completely free. If you find it effective, you can easily switch to the more reliable Premium Production Servers.
Why deGoogle/unGoogle via DNS blocking? Why can't you just root your phone or use custom ROM/Operating System?
Using a custom ROM or mobile operating system that respects your privacy is good solution. Rooting your phone to remove Google services can also work well. However, there are a few reasons for why that would not be possible:
- You have a work phone that you cannot root or load custom ROM on
- Your existing phone is not supported by deGoogled/unGoogled custom ROMs (and you cannot afford to get a new phone).
- You do not have the technical knowledge to root your phone
In such cases and others, deGoogling/unGoogling your phone via DNS block is a good alternative.
Also, even if you have a custom ROM or rooted phone, Google and many other trackers will still run as it is embedded within many apps and sites. So you may still need a solution that will block Google, trackers, ads, and known malware sites.. like DeCloudUs DNS.
Wouldn't NetGuard be more effective in blocking Google than DNS?
Well, not really! But, you can certainly use both. NetGuard will completely block certain apps you choose from ever connecting to the Internet, which can be used to block Google specific apps. We first started doing that, but then we noticed my phone was still talking to Google too much. There are many other apps we have installed that use Google services (for example banking apps that use Google analytics services) in addition to most sites that also use Google services to track my mobile browsing activities. NetGuard will not be able to help there. However, if you block your phone from connecting to Google domains via DNS, that applies to Google apps, browser, banking apps, etc.
Why not allow "regular" DNS queries on port 53?
We only use secure DNS protocols, that's why DeCloudUs DNS supports popular secure DNS protocols: DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH). As an end user, DNS/53 is really not good for your privacy or security. As a DNS resolver operator, DNS/53 will significantly increase the attack surface on the servers and will make it really difficult to provide value to the community.
Can I really block Google from my life.. and Youtube?!
Yes, you certainly can! But, if you find that you still need some Google services to run, take a look at Zulu DNS Servers description above to see if it can provide a happy medium between privacy and still using some Google services (like YouTube, Gmail, etc).
If you are comitted to completely deGoogling, you should think through some alternatives to services you use: search engine, email provider, cloud backup, browser, etc. In fact, there is subreddit dedicated to deGoogling and they took time to curate a list of alternative services you can use to replace Google:
So I blocked Google, but what about all the other companies that also track me?
First and foremost, DeCloudUs DNS blocks 440,000+ ad and tracker sites. So the goal is to block Google privacy invasion completely, in addition to other known trackers.As to why block Google completely, that is simple: there is no company on Earth that collects as much data about you than Google. To make matters worse, often times, you have no choice in the matter because Google services are everywhere and used by the majority of the web. Even if you don't have Gmail or use Google maps, Google still collects data about you. Even if you don't use Android at all, Google still collects data about you because many sites and mobile apps have Google services embedded within them.
It is not just about what Google does with your information, but from a security perspective, the aggregation of all that data in one place is very dangerous; just think of what would happen if the data gets into the wrong hands (hackers, governments, ex-wife, etc).
If you consider other companies that track you, you have more choice and options in the matter. For example, if you are worried about Samsung phone or smart TV tracking your activities, then don't buy it and find an alternative; if you do that, Samsung won't track you.
Do I have to pay to use the DNS servers?
No, you are more than welcome to use the Test Server without any contribution. We outlined above the differences between the Test Server and the Premium Production Servers. Our intention is to operate Production Servers on the community-based principle that those who contribute to a service should be the ones who benefit the most from it. Otherwise, we won't be able to keep the servers running. The larger the community of supporters grows, the more Productions Servers will also grow to ensure fast and smooth responses.
Can I use DeCloudUs DNS with my AdGuard, pfSense, Pi-hole, OpenWrt, etc?
Yes, you certainly can! You can set DeCloudUs DNS as your upstream DNS resolver for AdGuard, pfSense, Pi-hole, OpenWrt, etc. DeCloudUs DNS supports DoT, DoH, and DNSCrypt, so you have many options to choose from depending on what secure DNS protocols your device supports.
Note regarding AdGuard Home: when adding DeCloudUs Alpha or Zulu in the upstream server settings and clicking the "Test Upstream" button, you may see an error saying it cannot be used. Simply ignore this and just click "Apply" button to save and apply the settings; you will see that AdGuard Home works just fine with DeCloudUs DNS as upstream server . The reason this happens is becuase AdGuard Home is testing whether the upstream DNS server is working or not by resolving "google-public-dns-a.google.com". DeCloudUs Alpha and Zulu (which are used for DeGoogling, blocking trackers, ads, etc..) return 0.0.0.0 for google-public-dns-a.google.com (as opposed 220.127.116.11); solely based on that, AdGuard Home displays an error when clicking the test button; so it is safe to ignore that error and simply save your settings and AdGuard Home will start using DeCloudUs with no issues. DeCloudUs Echo servers do not cause this error with the test button in AdGuard Home becuase Echo servers are only for blocking Ads, trackers, and malware sites.
What does "built on open source" mean? Can you share the source code?
DeCloudUs DNS is NOT a custom software. DeCloudUs DNS is a service comprised of DNS servers/resolvers. DeCloudUs DNS servers are built SOLELY using open source software: Debian OS, Nginx, BIND, Encrypted DNS Server, acme.sh, etc). There is no custom or modified software source code used on DeCloudUs DNS servers, so there is no need for Github or Gitlab repo to share source code. What makes DeCloudUs DNS unique is block/filtering lists we use for deGoogling, blocking ads, adware, trackers, and known malware sites, in addition to our unwavering policies regarding privacy and security.
I want to block Google, but I also want to block other things (like adult sites, social media sites, etc). Can you block them?
We sure can, but the question is: how many other people will find the same blocking rules valuable? Generally, we started DNS servers that block Google because no one else was running public resolvers that did that (at least not that we have found). So we started our own and wanted to offer it to the community. If there is a demand from the community to add more servers that block more things (like adult sites, social media sites, etc), We are happy to do it but that ultimiately depends on the level of financial backing and support from the community.
If you wish to adopt/sponsor a DNS server, please feel free to contact us. Tell us what additional sites you wish to block and we will go from there. After the server is launched, it will be available to the entire community to use with a special thank you note to the sponsor.
I am noticing some ad URLs or Google sites not blocked, what do I do?
Please contact us and we will certainly look into it. Please let us know the following:
- The exact URL that is not being blocked (otherwise it will be a wild goose chase!)
- The server you are using (DoT/DoH URL or DNSCrypt stamp).
Can you unblock some more important Google services on Zulu DNS Servers?
We can certainly look into it to see if it is possible. Here are the general guiding principles to follow for whitelisting subdomains on Zulu DNS servers:
- It must be targeted whitelisting (for example, only one or two subdomains are needed for the requested service to run).
- It cannot be a core Google subdomain used in many other services (for example, accounts.google.com, googleservices.com, etc).
- It must not have a large impact on user privacy, espeically if it is a Google service that runs in the background without a user knowing (for example, googleapis.com).
If you request follows these general principles, please contact us. Zulu whitelist is published here for all users to see: https://decloudus.com/zulu-whitelist.txt.
Why do I see Quad9 and Cloudflare DNS when I do DNS leak test?
If you see Quad9 and Cloudflare DNS servers, then rest assured that your DNS is configured properly! Here is what happens behind the scenes:
DeCloudUs DNS resolvers use Quad9 and Cloudflare as upstream servers (after applying all the filtering rules). Each non-filtered query made to DeCloudUs DNS is forwarded to a different Quad9 or Cloudflare upstream server. Quad9 and Cloudflare ONLY see DeCloudUs as the "client" making the query. So, you make the DNS request to DeCloudUs DNS servers; then DeCloudUs resolvers will either filter/block it (if it is a Google domain, ad, tracker, malware, etc) or DeCloudUs will go out to a number of public resolvers to get the DNS responses on your behalf and then hand these responses back to you. There is no way Quad9 or Cloudflare will ever know who actually made that request or you IP address.
DeCloudUs DNS servers use Quad9 and Cloudflare as upstream servers as this enhances response time and significantly increases performance and the number of requests DeCloudUs can handle in parallel. And since this in no way impacts user privacy, it is a win-win.
OK, what if I am not ready to fully deGoogle or if I rely on Google services for work or school?
That's understandable. Everyone is different when it comes to the level of dependency on Google services, so different people will have different privacy goals and strategies. In fact, that's why DeCloudUs offers different server options for different levels of Google dependency:
- Echo servers for those who cannot deGoogle.
- Zulu servers for those who wish to deGoogle but still use some essential Google services.
- Alpha servers for those who are ready to completely block Google.
Here are a few ideas to manage privacy with DeCloudUs options:
For mobile devices: you can set phone resolver to use Alpha or Zulu servers, as outlined in the How To section. Meanwhile, you can also install a secure browser, such as Bromite and have ONLY this browser use a different DNS resolver (such as Echo servers) via the browser DNS settings. This means your mobile device overall will be deGoogled, but when you know you need to access a Google site or service, you can specifically use Bromite browser for these.
For PC/mac device: you can use Firefox and set DoH in browser settings to use Alpha servers as outlined in the How To section. You can then also install another browser and only use that other browser when you need to access different Google sites and services. This other browser would you use Echo servers that will still provide enhanced privacy protection, while allowing Google sites to work.
For entire home network: you can use Echo servers in your home router or as upstream resolver for your local DNS, as outlined in the How To section. This will provide enhanced privacy protection for your entire network, while reducing the chances of some devices on your network malfunctioning due to dependency on Google services. You can then use Alpha servers in your Firefox or Chromium-based-browser DoH settings and on your mobile devices for even more privacy specifically for these devices.
Of course there are many other ways to do this. The goal of DeCloudUs is to give you options and choices so that you can do what best fits you privacy goals.
For Bitcoin Donation: for instructions on how to donate via bitcoin, please email us.
For General Inquiries: please feel free to email if you have any question or feedback.
For Inquiries to adopt/sponsor a server: please send us information about the additional blocking you wish the server to do and we can go from there.
For Blocking an Ad or Google URL: please email us the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be blocked.
For Whitelisting Requests: please email us the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be whitelisted along with a brief reason to explain why.