Major Updates Released: Major July release is complete. Visit Status page for details on features and enhancements implemented!

Take Back
Your Digital Privacy.

DeCloudUs is a secure, private, no-logs DNS resolver built on open source.

Completely block online trackers, annoying ads, and protect your devices from malware sites.

Full and complete control over what sites and services to block or to allow with a few clicks.

Choice to easily deGoogle and unGoogle your devices with different levels based on your needs.

No additional software or apps to install.. just a simple DNS setting change done in a few seconds.

Get Started

Choice to Easily Block

XXX N D+ Hulu and more!


Here is how DecloudUs DNS protects your online activities

Fully Customizable

Control what sites and services to block or allow with just a few clicks, which can be used for Parental Control.

Ad Blocking

DeCloudUs DNS blocks ad banners, pop-ups, and video ads once and for all for all devices, apps, and browsers.

Privacy Protection

DeCloudUs DNS blocks a multitude of online trackers that monitor your activities and erode your privacy.

Malware Protection

DeCloudUs DNS blocks known malicious domains to help protect you against fraud, phishing, and malware attacks.

Speed Up Your Browsing

With all the ads and trackers blocked, your devices will only focus on displaying the content you want to view.

Secure & Encrypted

DeCloudUs only supports encrypted DNS protocols: DNSCrypt, DoT, and DoH for privacy protection. We keep no logs.

Option to DeGoogle

Everytime your device tries to connect to any Google service, DeCloudUs DNS will tell your device to connect to

Simple To Use

No additional software or apps needed, just a simple DNS setting change that can be done in a few seconds.


We offer a free server for all to use. Subscriptions offer more features to contributors and help fund the project.


Blocked Google Domains
(DeGoogle Option)


Blocked Ad & Tracker Sites
(Privacy By Default)


Blocked Malware Sites
(Security By Default)


Percent Total Uptime
(Production Last 30 Days)

Server Options

Your privacy. Your choice. Premium Plus subscription grants access to all servers listed below (including Custom DNS). Premium subscription grants access to Alpha, Zulu, and Echo. With the different subscription options, you get to choose which servers to use based on your needs and your devices.

Fully Control What Sites and Services to Block or Allow

As a Premium Plus contributor, you get access to a fully-customizable DNS server. You have full control over what sites and services to block or allow with just a few clicks. Think of this as having your own, personal, private, ultra-secure DNS server in the cloud, except with no hassle.

As a baseline, the custom DNS server blocks all ads, trackers, and malware sites. By the click of a button, you can block all Google services, adult sites, social media sites, streaming Services, etc. In addition, you also control your own custom blocklist where you can add any additional domains or subdomains you wish to block.

To make things even more customizable, you also control your own whitelist where you can specify domains or subdomains you wish to allow. For example, if you opt to block all Google services, you can use the whitelist to allow specific Google domains for service you wish to keep using, giving you the ability to fully personalize everything that's blocked or allowed.

* Note: Custom DNS server only supports DNS over TLS (DoT) and DNS over HTTPS (DoH). You may also use DNSCrypt-Proxy via DoH.

The "Original" DeCloudUs DNS

Alpha DNS servers are the "original" DeCloudUs DNS Premium servers where Google services and tracking are completely blocked (to fully deGoogle/unGoogle your device or your entire life, if you wish). In addition, the servers will also block ads, online trackers, and known malware sites. If you are committed to your online privacy, this is a great way to protect your privacy whether you configure it on your browser, your device, or even your entire network, you can rest assured DeCloudUs Alpha DNS is blocking sites and services that can compromise your privacy without your knowledge.

DeCloudUs Test Server (information in section below) is based on DeCloudUs Alpha DNS.

Keep Essential Google Services Running

Zulu DNS servers were built based on popular demand for "deGoogle/unGoogle light". Unlike Alpha DNS servers (that will completely block Google), Zulu DNS servers blocks most Google domains and tracking, but will allow some popular Google services to work, such as YouTube, Gmail, Google Search, Google CAPTCHAs, and Android App Notifications.

Basically, Zulu servers will allow some essential Google services to function that some people want to keep using; these services would track you and impact your privacy ONLY if you choose to use them; for example, Google search ( cannot track your searches unless you specifically and knowingly use Google search and the same goes for YouTube, Gmail, etc.

With that said, Zulu DNS servers will still block most other Google services that run behind the scenes on many apps and sites that track you without your knowledge or consent (like Google fonts, tag manager, etc). In addition, the DNS servers will also block ads, online trackers, and known malware sites.

To see complete list of domains/services that Zulu DNS allows, please visit the whitelist:

Advanced Blocking For Ads, Trackers, and Malware

Echo DNS servers give you a simple yet powerful way to enhance your online privacy and security. Echo servers block ads (including Google Ads), trackers (including all Google trackers), and known malware sites while leaving non-ad and non-tracker Google services and sites running. Echo DNS servers are best suited for devices or an entire home network where Google services are in wide use, but you still wish to enhance your privacy and online safety.

Premium and Premium Plus contributors have access to multiple servers. So you can use different DNS servers for different devices depending on your privacy goals. Echo servers give you more flexibility and choices.

Get Started

The service is powered by community contributions. Test server is fully functional but not as reliable or capable as Premium servers. Premium Servers operate on the community-based principle that those who contribute to a service should be the ones who benefit the most from it.

Here are the options to connect to DeCloudUs DNS servers.


Test Server
Free to use
Forever & Always
  • Hosted in Germany
  • Supports DNSCrypt, DoT, and DoH
  • Most DeCloudUs DNS Features
  • Used for Testing New Upgrades/Rules
  • Prone to Downtime During Test Cycles
  • No Redundancy for Failover
  • Small Server With No Scaling
  • Throttled. Slow With High Usage
  • One Server Based on Alpha DNS
  • Ideal for Trying Out the Service
  • No DNS customization available


Echo Alpha Zulu
Billed Monthly
  • Hosted in Germany
  • Supports DNSCrypt, DoT, and DoH
  • Most DeCloudUs DNS Features
  • Prime Production Servers
  • Stable with 100% Availability Target
  • Redundant with Failover Plan
  • Large & Scalable Servers
  • No Throttling. Fast DNS Responses
  • Multiple Server Options
  • Ideal for Your DNS Needs
  • No DNS customization available

Premium +

Echo Alpha Zulu + Custom DNS
Billed Every 3 Months (Quarterly)
  • Hosted in Germany
  • Supports DNSCrypt*, DoT, and DoH
  • All DeCloudUs DNS Features
  • Prime Production Servers
  • Stable with 100% Availability Target
  • Redundant with Failover Plan
  • Large & Scalable Servers
  • No Throttling. Fast DNS Responses
  • Multiple Server Options
  • Ideal for All of Your DNS Needs
  • Full DNS Customization

After successfully completing contribution (subscription) payment, you will be redirected to a thank you page. A few minutes after that, you will receive an email (via email address you use with PayPal or Stripe) that will contain the access details for Premium Servers. Please Contact Us if you do not receive the email message after 15 minutes.
When "Free Trial" is offered, it is typically done at zero or minimal cost of $0.01 (1 cent). After the trial period, you will automatically be billed the regular subscription amount per subscription agreement. If you do not wish to use the service after the trial, please cancel your subscription before the trial period is over. You can find DeCloudUs terms here.

How to Connect Your Devices

There are many different ways to connect your devices to DeCloudUs DNS. You can connect using DNSCrypt, DNS over TLS (DoT), or DNS over HTTPS (DoH) . You can simply search the Internet for how to connect a particular device using one of these protocols.

To get you started, here are the easiest ways:

Android 9 and above supports DNS over TLS (DoT) out of the box. Here is how to enable that feature:

  1. Open Settings menu.
  2. If your Settings allow for search, type the following Private DNS.
  3. If your Settings do not allow search, click on Connections. Then click More connection settings.
  4. Click on Private DNS and a popup menu will open with options.
  5. Select Private DNS provider hostname option.
  6. On the line below that option, type in the DoT address for DeCloudUs DNS.

For Android 8 and below there is no native support for secure DNS. You will need to download an app and configure it to use secure DeCloudUs DNS. Here are some recommendations:

  • - Find an app that allows you to use DoT, DoH, or DNSCrypt.
  • - A mobile app worth mentioning is InviZible Pro that allows you to use DNSCrypt.
  • - Follow DNSCrypt instructions outlined in the DNSCrypt tab.

As of iOS 14, iPadOS 14, tvOS 14 and macOS Big Sur, Apple devices now have native support for secure DNS protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). It is highly recommended you configure either DoT or DoH for your device. Here is how to configure your Apple devices to use DeCloudUs DoT or DoH:

  1. From your Apple device, go to DeCloudUs Apple DNS Profile Creation page.
  2. Enter a profile name and either a DeCloudUs DoT or DoH address you wish to use.
  3. Click Download Profile and open go to where the .mobileconfig downloaded on your Apple device and click to open it.
  4. Go where the .mobileconfig file downloaded on your Apple device (most likely Downloads folder) and click to open it.
  5. Open Settings app in iPhone/iPad or System Preferences in MacBook.
  6. Go to Profile Downloaded in iPhone/iPad or Profile in MacBook
  7. Select the profile you created click to install (right corner).
  8. Accept warnings and follow on-screen steps to activate the DNS profile.
  9. After successfully installing the profile, you can see it activated in your Settings.

Note: The generated profiles are not signed. This is normal and still secure since you are generating the DNS profile yourself, you are using DeCloudUs DNS secure website to generate this profile, and you are downloading the profile directly on the device via secure connection (HTTPS).

When using your Mac or PC (windows or linux), all the ads, trackers, malware, Google services, etc, you encounter will be from your browser. The fastest and most efficient way in this case is to configure your browser to use secure DNS. Firefox is privacy friendly and it has native support for DNS over HTTPS (DoH). This works on any Mac or PC with Firefox:

  1. Open Firefox Preferences to access Firefox settings.
  2. In the settings search bar, type DNS and search.
  3. Click Settings that comes up in the search results.
  4. Scroll down in the settings menu to the DNS over HTTPS section. Check the box next to Enable DNS over HTTPS to enable it.
  5. Select Custom for the Use Provider option.
  6. In the Custom input field, put the DeCloudUs DoH server info provided. Click OK to apply settings.

Note: sometimes Firefox may still show major Google user sites such as and; however, other Google domains ads, malware, etc, will be effectively blocked.
In order to ensure Firefox will not fallback to default network DNS because some sites are blocked, you have to change Firefox configuration setting to no fallback:
1. Load about:config in the Firefox address bar.
2. Click to confirm that you will be careful if the warning page is displayed.
3. Search for network.trr.mode and double-click on the name.
4. Set the value to 3 to make DNS Over HTTPS the browser's default DNS resolver with no fallback.

DNSCrypt protocol provides private, secure, and even anonymous DNS that is second to none.

DNSCrypt protocol is fairly simple to understand and implement. It can be used for one device or your entire home network.

For details on how to use DNSCrypt, please check the official installation documentation:

In the instructions below, wewill share configuration examples for DeCloudUs DNS.

  • - To configure DNSCrypt proxy to use DeCloudUs DNS servers, you will need to ensure you set the configuration file dnscrypt-proxy.toml to use DeCloudUs servers.
  • - One way to use DeCloudUs servers is to leverage [static] resolver settings in dnscrypt-proxy.toml file. This is the fastest way to get started.
  • [static]
    stamp = 'sdns://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  • - You should copy and paste the stamp value from the details provided to you to ensure the stamp value exactly matches exactly to avoid errors.
  • - Finally, you will need to ensure that your DNSCrypt proxy will use DeCloudUs DNS server. This can be done by specifying server name as follows (same name used in [static] configuration):
  • server_names = ['DeCloudUs-Prod']
  • - A better strategy is to add DecloudUs DNS private resolver list to your DNSCrypt proxy configuration. DNSCrypt will periodically fetch the latest DeCloudUs DNS server list and stamps. As more servers are added, they will automatically become available for you to use without you reaching out to us for updated server connection details.
  • - The Test Server details will always be available and updated on this site. When you subscribe, you will receive details on how to connect to Production servers. This will include a snippet of configuration that you can add to DNSCrypt proxy configuration to automatically fetch our server list. Here is an example:
  • [sources.'DecloudUs-resolvers']
    urls = ['']
    minisign_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    cache_file = ''
    refresh_delay = 72
    prefix = ''
  • - Finally, you will need to ensure that your DNSCrypt proxy will exclusively use DeCloudUs DNS servers in order to effectively block unwanted traffic. This can be done in two ways:
  • - One: you can add the name of the resolver directly in the server name parameter
  • server_names = ['DeCloudUs-Prod']
  • - As more resolvers are added, you can add their names to the same field as follows:
  • server_names = ['DeCloudUs-Prod', 'DeCloudUs-Prod2', 'DeCloudUs-Prod3']
  • - Another way: you can remove or "comment out" (by adding #) the public resolvers from DNSCrypt proxy configuration file. So the public resolvers under sources section should look like this:
  • # [sources.'public-resolvers']
    # urls = ['', '']
    # cache_file = ''
    # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
    # prefix = ''
  • - You will also have to ensure the following parameters are set EXACTLY as shown here:
  • require_nofilter = false
    lb_strategy = 'p2'
  • - You will then disable the server names section (remove it or comment out) in order to let DNSCrypt proxy automatically use ALL of DeCloudUs DNS servers:
  • # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']

Frequently Asked Questions

These are the commonly asked questions we receive. Please give them a look as they will address a few more topics that were not mentioned above.
If you have another question, please feel free to contact us.

  • Yes, absolutely DeCloudUs can help! It is completely understandable that deGoogling is not for everyone. DeCloudUs can still help you achieve more privacy and security online with no impact on your favorite Google services. DeCloudUs offers Echo DNS Servers and Custom DNS Servers exactly for that purpose.

    Echo servers block all ads and trackers (including Google ads and trackers), but allow most Google consumer and business services to still work. Echo servers will improve the quality of your online experience by blocking annoying ads on browsers and within mobile apps, which will speed up your browsing. Echo servers will also enhance your privacy by blocking trackers that run in the background without your knowledge; these trackers serve no real purpose other than being used by ads and marketing companies to gather more and more information about what you do online. Consumer and business services (that are not ads or trackers) offered by Google and other companies will work perfectly fine with Echo servers.

    In addition to Echo servers, Premium Plus contributors have access to Custom DNS servers. Using Custom DNS, you are in complete control for what to block or allow. As a baseline, Custom DNS will block all ads and trackers (including Google ads and trackers) and malicious websites. You can then specify other services or websites you wish to block to further enhance your online privacy based on your needs.

  • You can fully control what sites and services to block or allow with a few clicks when using Custom DNS, including blocking adult sites, social media sites, streaming services, and much more. You can also manually add additional domains and subdomains to be blocked or allowed. This gives ultimate control over your online privacy and security and makes for a great Parental Control tool, if you need it.

  • Yes, it absolutely is! DNS level blocking can actually be more effective in deGoogling and blocking ads, trackers, malware, etc than other methods. For example, if you configure your smart phone or tablet to use DeCloudUs DNS, you will effectively block all Google services, trackers, ads, etc from running anywhere on the device, whether it is within the operating system, mobile apps, or browser; so one simple DNS setting change on your device will have such a wide impact.

    When we were trying to find easy and effective ways for us to deGoogle, we were not sure at first that DNS blocking would be effective. So we watched the network traffic generated by my smart phone for about a month; to my surprise, we found that all Google services on my phone were completely dead and there was no unexpected traffic between my phone and Google, trackers, or ad services. It is possible that an app on the phone is hardcoded to use other DNS resolvers but this is rare and not common, espeically for Google apps and services that seem to always use the DNS service you specify.

    Best of all, you can try and see for yourself how effective DeCloudUs DNS can be for your own needs! Go ahead and try the Test Server on your devices or network, it is completely free. If you find it effective, you can easily switch to the more reliable Premium Production Servers.

  • Using a custom ROM or mobile operating system that respects your privacy is good solution. Rooting your phone to remove Google services can also work well. However, there are a few reasons for why that would not be possible:

    • You have a work phone that you cannot root or load custom ROM on
    • Your existing phone is not supported by deGoogled/unGoogled custom ROMs (and you cannot afford to get a new phone).
    • You do not have the technical knowledge to root your phone

    In such cases and others, deGoogling/unGoogling your phone via DNS block is a good alternative.

    Also, even if you have a custom ROM or rooted phone, Google and many other trackers will still run as it is embedded within many apps and sites. So you may still need a solution that will block Google, trackers, ads, and known malware sites.. like DeCloudUs DNS.

  • Well, not really! But, you can certainly use both. NetGuard will completely block certain apps you choose from ever connecting to the Internet, which can be used to block Google specific apps. We first started doing that, but then we noticed my phone was still talking to Google too much. There are many other apps we have installed that use Google services (for example banking apps that use Google analytics services) in addition to most sites that also use Google services to track my mobile browsing activities. NetGuard will not be able to help there. However, if you block your phone from connecting to Google domains via DNS, that applies to Google apps, browser, banking apps, etc.

  • We only use secure DNS protocols, that's why DeCloudUs DNS supports popular secure DNS protocols: DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH). As an end user, DNS/53 is really not good for your privacy or security. As a DNS resolver operator, DNS/53 will significantly increase the attack surface on the servers and will make it really difficult to provide value to the community.

  • DeCloudUs DNS only supports secure and encrypted DNS protocols (DoT, DoH, DNSCRYPT). So there is no option to use the typical, cleartext DNS over port 53, which is what your VPN provider expects by asking for direct IPs. As stated in FAQ above, using cleartext DNS (just the plain IP address) is vulnerable to multitude of attacks that can compromise your security, even if you do it in combination with VPN.

    For OpenVPN in general (which is what most VPN providers use), it is possible for VPN tunnel to use your device's DNS settings so you do not have to configure DNS IPs with the VPN provider. For mobile phones, for example, Private DNS option is set to use DeCloudUs DNS in android settings, as outlined in How-To section. Most VPN proivders allow you to download a VPN client profile to modify and use on other OpenVPN apps (like the official OpenVPN app). The OpenVPN client profile you use from the VPN provider doesn't have any parameters regarding DNS settings. DNS queries are then handled by DeCloudUs DNS, while the tunnel is up and running.

    This can also work the same way on other devices such as tablets, PCs, etc; simply configure the device to use DeCloudUs DNS directly (as outlined in the How-To section) and do not configure DNS settings for OpenVPN; at that point, the device would use its own DNS settings (i.e. DeCloudUs secure and private DNS) to resolve DNS queries while also tunneling the traffic to your VPN provider.

  • Yes, you certainly can! But, if you find that you still need some Google services to run, take a look at Zulu DNS Servers description above to see if it can provide a happy medium between privacy and still using some Google services (like YouTube, Gmail, etc). You can also use Echo DNS Servers that block all ads and trackers (including Google ads and trackers), but allow most Google consumer and business services to still work.

    For ultimate control over what to block or allow, you can try Custom DNS where you are free to fully customize your deGoogling stages.

    If you are committed to completely deGoogling, you should think through some alternatives to services you use: search engine, email provider, cloud backup, browser, etc. In fact, there is subreddit dedicated to deGoogling and they took time to curate a list of alternative services you can use to replace Google:

  • No, you are more than welcome to use the Test Server without any contribution. We outlined above the differences between the Test Server and the Premium and Premium Plus Servers. Our intention is to operate Premium Servers on the community-based principle that those who contribute to a service should be the ones who benefit the most from it. Otherwise, we won't be able to keep the servers running. The larger the community of supporters grows, the more servers and features we will be able to offer.

  • Yes, you certainly can! You can set DeCloudUs DNS as your upstream DNS resolver for AdGuard, pfSense, Pi-hole, OpenWrt, etc. DeCloudUs DNS supports DoT, DoH, and DNSCrypt, so you have many options to choose from depending on what secure DNS protocols your device supports.

    Note regarding AdGuard Home: when adding DeCloudUs Alpha or Zulu in the upstream server settings and clicking the "Test Upstream" button, you may see an error saying it cannot be used. Simply ignore this and just click "Apply" button to save and apply the settings; you will see that AdGuard Home works just fine with DeCloudUs DNS as upstream server . The reason this happens is becuase AdGuard Home is testing whether the upstream DNS server is working or not by resolving "". DeCloudUs Alpha and Zulu (which are used for DeGoogling, blocking trackers, ads, etc..) return for (as opposed; solely based on that, AdGuard Home displays an error when clicking the test button; so it is safe to ignore that error and simply save your settings and AdGuard Home will start using DeCloudUs with no issues. DeCloudUs Echo servers do not cause this error with the test button in AdGuard Home becuase Echo servers are only for blocking Ads, trackers, and malware sites.

  • DeCloudUs DNS is NOT a custom software. DeCloudUs DNS is a service comprised of DNS servers/resolvers. DeCloudUs DNS servers are built SOLELY using open source software: Debian OS, Nginx, BIND, Encrypted DNS Server,, etc). There is no custom or modified software source code used on DeCloudUs DNS servers, so there is no need for Github or Gitlab repo to share source code. What makes DeCloudUs DNS unique is block/filtering lists we use for deGoogling, blocking ads, adware, trackers, and known malware sites, in addition to our unwavering policies regarding privacy and security.

  • Please contact us and we will certainly look into it. Please let us know the following:

    • The exact URL that should or should not be blocked (otherwise it will be a wild goose chase!)
    • The server you are using (DoT/DoH URL or DNSCrypt stamp).

  • We can certainly look into it to see if it is possible. Here are the general guiding principles to follow for whitelisting subdomains on Zulu DNS servers:

    • It must be targeted whitelisting (for example, only one or two subdomains are needed for the requested service to run).
    • It cannot be a core Google subdomain used in many other services (for example,,, etc).
    • It must not have a large impact on user privacy, espeically if it is a Google service that runs in the background without a user knowing (for example,

    If you request follows these general principles, please contact us. Zulu whitelist is published here for all users to see: Otherwise, you are also free to fully control and customize your own deGoogling experience via Custom DNS.

  • If you see Quad9 and Cloudflare DNS servers, then rest assured that your DNS is configured properly! Here is what happens behind the scenes:
    DeCloudUs DNS resolvers use Quad9 and Cloudflare as upstream servers (after applying all the filtering rules). Each non-filtered query made to DeCloudUs DNS is forwarded to a different Quad9 or Cloudflare upstream server. Quad9 and Cloudflare ONLY see DeCloudUs as the "client" making the query. So, you make the DNS request to DeCloudUs DNS servers; then DeCloudUs resolvers will either filter/block it or DeCloudUs will go out to a number of public resolvers to get the DNS responses on your behalf and then hand these responses back to you. There is no way Quad9 or Cloudflare will ever know who actually made that request or you IP address.

    DeCloudUs DNS servers use Quad9 and Cloudflare as upstream servers as this enhances response time and significantly increases performance and the number of requests DeCloudUs can handle in parallel. And since this in no way impacts user privacy, it is a win-win.

Contact Us

If you want to get in touch, please use the form below. We will reply back to the email address provided.

If you are not able to use the form or wish to email us directly, you can send your message to:

For Bitcoin Donation: for instructions on how to donate via bitcoin, please email us.

For General Inquiries: please feel free to email if you have any question or feedback.

For Inquiries to adopt/sponsor a server: please send us information about the additional blocking you wish the server to do and we can go from there.

For Blocking an Ad or Google URL: please email us the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be blocked.

For Whitelisting Requests: please email us the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be whitelisted along with a brief reason to explain why.