Your Privacy. Your Choice

DeCloudUs is a secure, private, no-logs DNS resolver built on open source.

Completely block online trackers, annoying ads, and protect your devices from malware sites.

Fully customize your DNS settings to control what sites and services to block or allow with a few clicks.

Easily deGoogle, deApple, deMicrosoft, etc any and all devices at any level you choose.

No software or apps to install - just a simple DNS setting change done in a few seconds.

Get Started

Choice to Easily Block

XXX N D+ Hulu and more!


Here is how DecloudUs DNS protects your online activities

Fully Customizable

Control what sites and services to block or allow with just a few clicks, which can be used for Parental Control.

Ad Blocking

DeCloudUs DNS blocks ad banners, pop-ups, and video ads once and for all for all devices, apps, and browsers.

Privacy Protection

DeCloudUs DNS blocks a multitude of online trackers that monitor your activities and erode your privacy.

Malware Protection

DeCloudUs DNS blocks known malicious domains to help protect you against fraud, phishing, and malware attacks.

Speed Up Your Browsing

With all the ads and trackers blocked, your devices will only focus on displaying the content you want to view.

Secure & Encrypted

DeCloudUs only supports encrypted DNS protocols: DNSCrypt, DoT, and DoH for privacy protection. We keep no logs.

Option to DeGoogle

Everytime your device tries to connect to any Google service, DeCloudUs DNS will tell your device to connect to

Simple To Use

No additional software or apps needed, just a simple DNS setting change that can be done in a few seconds.


We offer a free server for all to use. Subscriptions offer more features to contributors and help fund the project.


Blocked Google Domains
(DeGoogle Option)


Blocked Ad & Tracker Sites
(Privacy By Default)


Blocked Malicious & Phishing Sites
(Security By Default)


Percent Total Uptime
(Production Last 30 Days)

Server Options

Your privacy. Your choice. Premium Plus subscription grants access to all servers listed below (including Custom DNS). Premium subscription grants access to Alpha, Zulu, and Echo. With the different subscription options, you get to choose which servers to use based on your needs and your devices.

Fully Control What Sites and Services to Block or Allow

As a Premium Plus subscriber, you get access to a fully-customizable DNS server. You have full control over what sites and services to block or allow with just a few clicks. Create multiple custom DNS profiles, each with its own separate settings; use different custom DNS profiles for different devices or family members with different DNS filtering needs. Think of this as having your own, personal, private, ultra-secure DNS server in the cloud, except with no hassle.

As a baseline, the custom DNS server blocks all ads, trackers, malware, phishing, and malicious sites. By the click of a button, you can block all Google services, Apple services, Microsoft service, gambling sites, piracy sites, crypto-jacking, adult sites, social media sites, streaming services, etc. In addition, you also control your own custom blocklist where you can add any additional domains or subdomains you wish to block.

To make things even more customizable, you also control your own whitelist where you can specify domains or subdomains you wish to allow. For example, if you opt to block all Google services, you can use the whitelist to allow specific Google domains for service you wish to keep using, giving you the ability to fully personalize everything that's blocked or allowed.

DeCloudUs Custom DNS provides many advanced customization features that you will likely not find with other providers. These features allow you to:

  • Create multiple custom DNS profiles with their own spearate settings for different devices or family members
  • use wildcard (*) at any place (beginning, middle, and/or end) of the blocklist/whitelist rule to develop broader ones
  • use IP addresses in rules to block/allow any and all domains/subdomains that resolve to these IPs
  • enter DNS rewrite rules to specify how Custom DNS responds to a particular domain or subdomain query
  • specify a custom upstream DNS server to use alternative DNS roots (such as OpenNIC), use/access decentralized TLDs (such as OpenNIC TLDs), or obfuscate the use of DeCloudUs DNS from fingerprinting

* Note: Custom DNS server only supports DNS over TLS (DoT) and DNS over HTTPS (DoH). You may also use DNSCrypt-Proxy via DoH.

The "Original" DeCloudUs DNS

Alpha DNS servers are the "original" DeCloudUs DNS Premium servers where Google services and tracking are completely blocked (to fully deGoogle/unGoogle your device or your entire life, if you wish). In addition, the servers will also block ads, online trackers, and known malware, phishing, and malicious sites. If you are committed to your online privacy, this is a great way to protect your privacy whether you configure it on your browser, your device, or even your entire network, you can rest assured DeCloudUs Alpha DNS is blocking sites and services that can compromise your privacy without your knowledge.

DeCloudUs Test Server (information in section below) is based on DeCloudUs Alpha DNS.

Keep Essential Google Services Running

Zulu DNS servers were built based on popular demand for "deGoogle/unGoogle light". Unlike Alpha DNS servers (that will completely block Google), Zulu DNS servers blocks most Google domains and tracking, but will allow some popular Google services to work, such as YouTube, Gmail, Google Search, Google CAPTCHAs, and Android App Notifications.

Basically, Zulu servers will allow some essential Google services to function that some people want to keep using; these services would track you and impact your privacy ONLY if you choose to use them; for example, Google search ( cannot track your searches unless you specifically and knowingly use Google search and the same goes for YouTube, Gmail, etc.

With that said, Zulu DNS servers will still block most other Google services that run behind the scenes on many apps and sites that track you without your knowledge or consent (like Google fonts, tag manager, etc). In addition, the DNS servers will also block ads, online trackers, and known malware, phishing, and malicious sites.

To see complete list of domains/services that Zulu DNS allows, please visit the whitelist:

Advanced Blocking For Ads, Trackers, and Malware

Echo DNS servers give you a simple yet powerful way to enhance your online privacy and security. Echo servers block ads (including Google Ads), trackers (including all Google trackers), and known malware, phishing, and malicious sites while leaving non-ad and non-tracker Google services and sites running. Echo DNS servers are best suited for devices or an entire home network where Google services are in wide use, but you still wish to enhance your privacy and online safety.

Premium and Premium Plus subscribers have access to multiple servers. So you can use different DNS servers for different devices depending on your privacy goals. Echo servers give you more flexibility and choices.

Get Started

The service is powered by community contributions. Test server is fully functional but not as reliable or capable as Premium servers. Premium Servers operate on the community-based principle that those who contribute to a service should be the ones who benefit the most from it.

Here are the options to connect to DeCloudUs DNS servers.


Test Server
Free to use
Forever & Always
  • Supports DNSCrypt, DoT, and DoH
  • Most DeCloudUs DNS Features
  • One Location in Germany
  • Used for Testing New Upgrades/Rules
  • Prone to Downtime During Test Cycles
  • No Redundancy for Failover
  • Small Server With No Scaling
  • Throttled. Slow With High Usage
  • One Server Based on Alpha DNS
  • Ideal for Trying Out the Service
  • One DNS profile for all devices/users
  • No DNS customization available


Echo Alpha Zulu
When Billed Annually
  • Supports DNSCrypt, DoT, and DoH
  • Most DeCloudUs DNS Features
  • Choice of Global Locations
  • Prime Premium Servers
  • Stable with 100% Availability Target
  • Redundant with Failover Plan
  • Large & Scalable Servers
  • No Throttling. Fast DNS Responses
  • Multiple Server Options
  • Ideal for Your DNS Needs
  • One DNS profile for all devices/users
  • No DNS customization available

Premium +

Echo Alpha Zulu + Custom DNS
When Billed Annually
  • Supports DNSCrypt, DoT, and DoH
  • All DeCloudUs DNS Features
  • Choice of Global Locations
  • Prime Premium Servers
  • Stable with 100% Availability Target
  • Redundant with Failover Plan
  • Large & Scalable Servers
  • No Throttling. Fast DNS Responses
  • Multiple Server Options
  • Ideal for All of Your DNS Needs
  • Create multiple custom DNS profiles
  • Full DNS Customization

After successfully completing subscription payment or trial sign-up, you will automatically receive an email that contains the access details for your Premium Servers. With PayPal and Stripe, it typically takes no more than 5 minutes to receive server details. With Crypto, you will receive access details after two network confirmations, which typically takes less than an hour. Please Contact Us if you do not receive server details within the typical timeline for your payment method.
When "Free Trial" is offered, it is typically done at zero or minimal cost of $0.01 (1 cent). After the trial period, you will automatically be billed the regular subscription amount per subscription agreement. If you do not wish to use the service after the trial, please cancel your subscription before the trial period is over. You can find DeCloudUs terms here.

What Makes Us Different

DeCloudUs was established to meet some basic needs that other DNS providers were not fulfilling. Here are the main basic principles that guide what we do

Commitment to privacy

DeCloudUs is on a mission to help you take back your digital privacy and preserve your online security. Privacy and security is the foundation of everything we do.

Our DNS service operates with the "zero knowledge" principle in that our DNS servers have zero knowledge of who you are or what DNS queries you are submitting.

To manage subscriptions, we only need an email address; we do NOT keep your name, billing information, or payment information on our side. In fact, you don't even create a username and password with us.

In addition, unlike other privacy-touting DNS providers that are heavily built using "Cloud" and big tech services (using Cloudflare Workers, Google hosted services, Cloudflare proxies, Amazon loadbalancers, etc), we use hardware servers to self-host all of our infrastructure and services, including our own crypto payment processing. There are no other providers or cloud services used in our DNS servers whatsoever.

We take all these measures and many more to guarantee the absolute maximum level of privacy and security for our users.

Providing actual value

Our goal is to not just provide a great service, but to also provide great value. DeCloudUs aims to fulfill all of your DNS need.

With DeCloudUs, you get access to multiple DNS servers that offer different types and levels of filtering capabilities to suite any use case you have for all of you devices or even entire home network. Moreover, we stand behind our filtering and blocking rules and ensure we do not block legitimate sites or allow sites that should be blocked.

We are never satisfied with the status quo, as we believe we can always do better; so we are constantly enhancing our service and adding new features to give our users more value.

Full customization

DeCloudUs Custom DNS aims to give users unprecedented ability to fully control what to block or allow. This is not just by how many buttons available for users to click on, but by how flexible the underlying platform is and the customization capabilities it offers.

DeCloudUs DNS contains many customized settings that you are unlikely to find with other providers: from letting you specifiy DNS server locations to use, to using custom upstream servers, using wildcard (*) value to develop broader rules, blocking sites/services based on IPs they resolve to, developing DNS rewrite rules, giving you full control over multitude of site categories and services you wish to block or allow, and allowing each user to create multiple custom DNS profiles with different custom settings.

The way we see it, it is your DNS, so it is your choice to fully control all of its settings.

Treating others the way we want To be treated

We simply offer great customer service. Any subscriber that reaches out for support often receives a response within 24 hours or less.

We always welcome users' comments and feedback, which often guide the development of new features.

Don't take our word for it; go ahead and give us a try - it is free for 14 days!

How to Connect Your Devices

There are many different ways to connect your devices to DeCloudUs DNS. You can connect using DNSCrypt, DNS over TLS (DoT), or DNS over HTTPS (DoH) . You can simply search the Internet for how to connect a particular device using one of these protocols.

To get you started, here are the easiest ways:

Android 9 and above supports DNS over TLS (DoT) out of the box. Here is how to enable that feature:

  1. Open Settings menu.
  2. If your Settings allow for search, type the following Private DNS.
  3. If your Settings do not allow search, click on Connections. Then click More connection settings.
  4. Click on Private DNS and a popup menu will open with options.
  5. Select Private DNS provider hostname option.
  6. On the line below that option, type in the DoT address for DeCloudUs DNS.

For Android 8 and below there is no native support for secure DNS. You will need to download an app and configure it to use secure DeCloudUs DNS. Here are some recommendations:

  1. Find an app that allows you to use DoT, DoH, or DNSCrypt.
  2. A mobile app worth mentioning is InviZible Pro that allows you to use DNSCrypt.
  3. Follow DNSCrypt instructions outlined in the DNSCrypt tab.

As of iOS 14, iPadOS 14, tvOS 14 and macOS Big Sur, Apple devices now have native support for secure DNS protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). It is highly recommended you configure either DoT or DoH for your device. Here is how to configure your Apple devices to use DeCloudUs DoT or DoH:

  1. From your Apple device, go to DeCloudUs Apple DNS Profile Creation page.
  2. Enter a profile name and either a DeCloudUs DoT or DoH address you wish to use.
  3. Click Download Profile.
  4. Go where the .mobileconfig file downloaded on your Apple device (most likely Downloads folder) and click to open it. (if you open the file from the browser it will not work; you must open the downloaded file from its download location)
  5. After clicking the file, the device will display a message informing you that the profile is available in Settings app.
  6. Open Settings app in iPhone/iPad or System Preferences in MacBook.
  7. Go to Profile Downloaded in iPhone/iPad or Profile in MacBook (this only appears after clicking to open the mobileconfig file in previous steps).
  8. Select the profile you created click to install (right corner).
  9. Accept warnings and follow on-screen steps to activate the DNS profile.
  10. After successfully installing the profile, you can see it activated in your Settings.

Apple tvOS Special Instructions

  1. Follow steps 1 to 3 from above to create and download your .mobileconfig profile.
  2. Host the .mobileconfig profile somewhere secure/private that gives you a downloadable link (such Dropbox, OneDrive, Nextcloud, etc).
  3. On Apple TV device, open Settings app.
  4. Go to General and then open Privacy.
  5. Hover over Share Apple TV Analytics without pressing it.
  6. On the Apple TV remote, press Play button.
  7. Select Add Profile.
  8. Enter the .mobileconfig downloadable link you created previously.
  9. Follow on-screen instructions to install the profile.

Note: The generated profiles are not signed. This is normal and still secure since you are generating the DNS profile yourself, you are using DeCloudUs DNS secure website to generate this profile, and you are downloading the profile directly on the device via secure connection (HTTPS).

When using your laptop or desktop, all the ads, trackers, malware, Google services, etc, you encounter will be from your browser. The fastest and most efficient way in this case is to configure your browser to use secure DNS. Firefox is privacy friendly and it has native support for DNS over HTTPS (DoH). This works on any Mac or PC with Firefox:

  1. Open Firefox Preferences to access Firefox settings.
  2. In the settings search bar, type DNS and search.
  3. Click Settings that comes up in the search results.
  4. Scroll down in the settings menu to the DNS over HTTPS section. Check the box next to Enable DNS over HTTPS to enable it.
  5. Select Custom for the Use Provider option.
  6. In the Custom input field, put the DeCloudUs DoH address you wish to use. Click OK to apply settings.

Note: sometimes Firefox may still show major Google user sites such as and; however, other Google domains ads, malware, etc, will be effectively blocked.
In order to ensure Firefox will not fallback to default network DNS because some sites are blocked, you have to change Firefox configuration setting to no fallback:
1. Load about:config in the Firefox address bar.
2. Click to confirm that you will be careful if the warning page is displayed.
3. Search for network.trr.mode and double-click on the name.
4. Set the value to 3 to make DNS Over HTTPS the browser's default DNS resolver with no fallback.

Many users like Chrome look and feel. There are many chromium-based browsers that offer more privacy that Google chrome such as Brave (for PCs) and Bromite (for mobile). These instructions are for Brave browser but similar steps can be followed for any Chromium-based browser:

  1. Open Brave Settings from browser menu.
  2. In the settings, select Privacy and security option.
  3. Under the Privacy and security section, click on Security to enter its settings.
  4. Enable the setting Use Secure DNS and more options will become available.
  5. Under Use Secure DNS section, check the radio button to use Custom DoH
  6. In the Custom input field, put the DeCloudUs DoH server address you wish to use.

Note: Microsoft Edge is also Chromium-based, so similar steps can be followed if you wish to use DeCloudUs DNS on there.

DNSCrypt protocol provides private, secure, and even anonymous DNS that is second to none.

DNSCrypt protocol is fairly simple to understand and implement. It can be used for one device or your entire home network.

For details on how to use DNSCrypt, please check the official installation documentation:

In the instructions below, we will share configuration examples for DeCloudUs DNS.

  • - To configure DNSCrypt proxy to use DeCloudUs DNS servers, you will need to ensure you set the configuration file dnscrypt-proxy.toml to use DeCloudUs servers.
  • - One way to use DeCloudUs servers is to leverage [static] resolver settings in dnscrypt-proxy.toml file. This is the fastest way to get started.
  • [static]
    stamp = 'sdns://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  • - You should copy and paste the stamp value from the details provided to you to ensure the stamp value exactly matches exactly to avoid errors.
  • - Finally, you will need to ensure that your DNSCrypt proxy will use DeCloudUs DNS server. This can be done by specifying server name as follows (same name used in [static] configuration):
  • server_names = ['DeCloudUs-Prod']
  • - A better strategy is to add DecloudUs DNS private resolver list to your DNSCrypt proxy configuration. DNSCrypt will periodically fetch the latest DeCloudUs DNS server list and stamps. As more servers are added, they will automatically become available for you to use without you reaching out to us for updated server connection details.
  • - The Test Server details will always be available and updated on this site. When you subscribe, you will receive details on how to connect to Premium servers via DNSCrypt. This will include a snippet of configuration that you can add to DNSCrypt proxy configuration to automatically fetch our server list. Here is an example:
  • [sources.'DecloudUs-resolvers']
    urls = ['']
    minisign_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    cache_file = ''
    refresh_delay = 72
    prefix = ''
  • - Finally, you will need to ensure that your DNSCrypt proxy will exclusively use DeCloudUs DNS servers in order to effectively block unwanted traffic by adding the name of the resolver you wish to use directly in the server name parameter
  • server_names = ['DeCloudUs-Prod']

Frequently Asked Questions

These are the commonly asked questions we receive. Please give them a look as they will address a few more topics that were not mentioned above. If you have another question, please feel free to contact us.

  • We receive many inquiries about how DeCloudUs DNS uses other "cloud" or "big tech" service providers in the DNS service. These inquiries often cite other privacy-touting DNS providers that use Cloudflare Workers, Google hosted services, Cloudflare proxies, Amazon loadbalancers, etc. The answer to that question is simple, there are no other providers or cloud services used in our DNS servers whatsoever.

    First, unlike other providers, we are fully transparent about the third parties DeCloudUs uses, in any way, in our "User Agreement and Privacy Policy" page (there are none for DNS servers). In short, we self-host all of our servers. We do not use "cloud" servers; rather, we lease hardware servers from data centers and we then install and manage all componets: firewall, Operating System, web server, DNS server, etc. While this is indeed more complex and more expensive than using "cloud" providers to deliver our service, it is the only way to guarantee optimal privacy and security, since we are in control of the DNS traffic and we do not trust it to any other provider. If we were to use Cloudflare Workers or proxies for example, Cloudflare would then, likely, be able to see unecrypted DNS queries/traffic coming from your IP address. That would never be OK with us; after all, what is the point of using a privacy-focused DNS service when all DNS traffic is handled by a third party provider that may have different privacy policies that the DNS service does not control?

    To conclude, we are committed to your privacy and security as outlined in our privacy policy. One of the main reasons behind our service is to "decloud" and take charge of our data and privacy from large tech companies that control most of the Internet. For us, building our DNS service on the top of other cloud services is simply not an option.

  • As a baseline, every DeCloudUs DNS server provides "Privacy by Default" and "Security by Default" that collectively block over one million domains:

    Privacy by Default: all DeCloudUs DNS servers block all known ads, trackers, analytics, and web beacons domains from anywhere (the ones you see and the ones behind the scenes). This also includes device-specific trackers for a wide variaty of popular devices such Samsung, Apple, Microsoft, Google, Roku, Xiaomi, etc. These domains compromise your privacy and track your activities across the web to the profit of the companies using them. They provide no value and no benefit to you, so blocking them will not negatively impact your online experience. In fact, by blocking these domains, in addition to privacy protection, your online experience will be significantly enhanced by eliminating annoying ads and speeding up your browsing.

    Security by Default: all DeCloudUs DNS servers block a wide variaty of malicious sites that are used for phishing, spam, and spreading malware. DeCloudUs DNS uses various Threat Intelligence feeds to obtain the most up-to-date data on active malicious sites every day. In addition, DeCloudUs DNS is capable of blocking domains based on the IP address they resolve to; DeCloudUs blocks 1000s of malicious IPs, which in return blocks unlimited number of malicious domains that resolve to these IPs. While you should always remain vigilant of malicious sites, DeCloudUs DNS will help you stay safe online.

    DeCloudUs DNS supports encrypted DNS protocols: DNS over TLS (DoT), DNS over HTTPS (DoH), and DNSCrypt in order to keep your DNS traffic private and secure. In addition, DeCloudUs keeps no DNS logs to ensure that no one can see what DNs quries you are submitting.

  • You can fully control what sites and services to block or allow with a few clicks when using Custom DNS, including blocking adult sites, social media sites, streaming services, and much more. You can also manually add additional domains and subdomains to be blocked or allowed. This gives ultimate control over your online privacy and security and makes for a great Parental Control tool, if you need it.

  • Yes, it absolutely is! DNS level blocking can actually be more effective in blocking all these things and much more. With DeCloudUs DNS, unlike other content blockers, there is no additional software or apps to install - just a simple DNS setting change. Once your device, system, or home network is configured to use DeCloudUs DNS, you you have complete control over what to block or allow in a very thorough and granular way. For example, if you configure a device to use DeCloudUs with deGoogle, deApple, or deMicrosoft option enabled, DeCloudUs will block all these services from running anywhere on your device - in places you see and you don't see - within the Operating System, mobile apps, or browser.

    The same applies to anything DeCloudUs blocks, based on your settings, from ads, trackers, phishing, malware, adult sites, Google, Apple, Microsoft, social media sites, streaming services, etc. And due to the flexibility of DNS-based blocking, you can use it selectively for a browser, for an entire device or system, or for an entire network. You can also use different DeCloudUs DNS servers on different devices per your needs.

    Best of all, don't take our word for it.. go ahead and try for yourself how effective DeCloudUs DNS can be for your own needs! We offer a 14-day free trial for our Premium Plus, so you can get access to all of our servers risk-free.

  • Using a custom ROM or mobile operating system that respects your privacy is good solution. Rooting your phone to remove Google services can also work well. However, there are a few reasons for why that would not be possible:

    • You have a work phone that you cannot root or load custom ROM on
    • Your existing phone is not supported by deGoogled/unGoogled custom ROMs (and you cannot afford to get a new phone).
    • You do not have the technical knowledge to root your phone

    In such cases and others, deGoogling your phone via DNS block is a good alternative.

    Also, even if you have a custom ROM or rooted phone, Google and many other trackers will still run as it is embedded within many apps and sites. So you may still need a solution that will block Google, trackers, ads, and known malware sites.. like DeCloudUs DNS.

  • Yes, absolutely DeCloudUs can help! It is completely understandable that deGoogling is not for everyone. DeCloudUs can still help you achieve more privacy and security online with no impact on your favorite Google services. DeCloudUs offers Echo DNS Servers and Custom DNS Servers exactly for that purpose.

    Echo servers block all ads and trackers (including Google ads and trackers), but allow most Google consumer and business services to still work. Echo servers will improve the quality of your online experience by blocking annoying ads on browsers and within mobile apps, which will speed up your browsing. Echo servers will also enhance your privacy by blocking trackers that run in the background without your knowledge; these trackers serve no real purpose other than being used by ads and marketing companies to gather more and more information about what you do online. Consumer and business services (that are not ads or trackers) offered by Google and other companies will work perfectly fine with Echo servers.

    In addition to Echo servers, Premium Plus subscribers have access to Custom DNS servers. Using Custom DNS, you are in complete control for what to block or allow. As a baseline, Custom DNS will block all ads and trackers (including Google ads and trackers) and malicious websites. You can then specify other services or websites you wish to block to further enhance your online privacy based on your needs.

  • We only use secure DNS protocols, that's why DeCloudUs DNS supports popular secure DNS protocols: DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH). As an end user, DNS/53 is really not good for your privacy or security. As a DNS resolver operator, DNS/53 will significantly increase the attack surface on the servers and will make it really difficult to provide value to the community.

  • DeCloudUs DNS only supports secure and encrypted DNS protocols (DoT, DoH, DNSCRYPT). So there is no option to use the typical, cleartext DNS over port 53, which is what your VPN provider expects by asking for direct IPs. As stated in FAQ above, using cleartext DNS (just the plain IP address) is vulnerable to multitude of attacks that can compromise your security, even if you do it in combination with VPN.

    For OpenVPN in general (which is what most VPN providers use), it is possible for VPN tunnel to use your device's DNS settings so you do not have to configure DNS IPs with the VPN provider. For mobile phones, for example, Private DNS option is set to use DeCloudUs DNS in android settings, as outlined in How-To section. Most VPN proivders allow you to download a VPN client profile to modify and use on other OpenVPN apps (like the official OpenVPN app). The OpenVPN client profile you use from the VPN provider doesn't have any parameters regarding DNS settings. DNS queries are then handled by DeCloudUs DNS, while the tunnel is up and running.

    This can also work the same way on other devices such as tablets, PCs, etc; simply configure the device to use DeCloudUs DNS directly (as outlined in the How-To section) and do not configure DNS settings for OpenVPN; at that point, the device would use its own DNS settings (i.e. DeCloudUs secure and private DNS) to resolve DNS queries while also tunneling the traffic to your VPN provider.

  • Yes, you certainly can! You can set DeCloudUs DNS as your upstream DNS resolver for AdGuard, pfSense, Pi-hole, OpenWrt, DNSCrypt-Proxy, etc. DeCloudUs DNS supports DoT, DoH, and DNSCrypt, so you have many options to choose from depending on what secure DNS protocols your device supports.

    Note regarding AdGuard Home: when adding DeCloudUs Alpha or Zulu in the upstream server settings and clicking the "Test Upstream" button, you may see an error saying it cannot be used. Simply ignore this and just click "Apply" button to save and apply the settings; you will see that AdGuard Home works just fine with DeCloudUs DNS as upstream server . The reason this happens is becuase AdGuard Home is testing whether the upstream DNS server is working or not by resolving "". DeCloudUs Alpha and Zulu (which are used for DeGoogling, blocking trackers, ads, etc..) return for (as opposed; solely based on that, AdGuard Home displays an error when clicking the test button; so it is safe to ignore that error and simply save your settings and AdGuard Home will start using DeCloudUs with no issues. DeCloudUs Echo servers do not cause this error with the test button in AdGuard Home becuase Echo servers are only for blocking Ads, trackers, phishing, malware, and malicious sites.

  • DeCloudUs DNS is NOT a custom software. DeCloudUs DNS is a service comprised of DNS servers, resolvers, and recursors. DeCloudUs DNS server components are built SOLELY using open source software: Debian OS, Nginx, Encrypted DNS Server,, etc), so there is no need for Github or Gitlab repo to share DNS server source code. What makes DeCloudUs DNS unique is how we fit all these open source components together in a way to deliver personalized DNS customization along with the advanced block/filtering lists to deGoogle, deApple, deMicrosoft, block ads, adware, trackers, known malware sites, adult sites, social media sites, etc, in addition to our unwavering policies regarding privacy and security.

  • To guarantee optimal privacy, DeCloudUs does not keep any DNS query logs. DNS queries are very sensitive and we believe they should not be saved and logged by the DNS servers; believing that a user cannot troubleshoot or view DNS queries without DNS server-side logs is false dichotomy. There certainly are many other ways for you to see DNS query logs from your side (client-side). Here are some examples:

    Troubleshooting Tool (for Custom DNS): DeCloudUs DNS provides a troubleshooting tool for Custom DNS that you can access from your Custom DNS settings page. Since Custom DNS provides the ability to fully control and customize what to block and allow, the Troubleshooting tool allows to enter any domain or subdomain and then immediately tells you if it is blocked or not, based on your own customizable settings.

    Browser Developer Tools: When accessing a web site, to find what domains or subdomains are blocked when visiting this site, you can use browser Developer Tools network monitor (such as Firefox for example First, you set the browser DoH to use DeCloudUs DNS (as outlined in the How To section). The network monitor will show a "Domain" column and "Status" column when you visit a site; if a domain is blocked by DeCloudUs DNS, the status for that domain will be empty/null; if a domain is not blocked, it will have a status of some sort. This allows you to easily identify what is being blocked when visiting a particular site/page.

    Encrypted-DNS Client Apps (that show client logs) If you wish to view DNS logs associated to a mobile device or mobile app, there are many DNS client apps that support encrypted DNS that will show you detailed information about your DNS queries. For example, InviZible Pro (for Android) and DNSCloak (for iOS). While mobile devices have native support for encrypted DNS and DeCloudUs DNS can (and should) be configured directly on the device, if you have a need to see the device DNS queries, you can install such a DNS client app and configure it to use DeCloudUs DNS; this will allow you to see full details for your encrypted DNS traffic.

  • Please contact us and we will certainly look into it. Please let us know the following:

    • The exact URL that should or should not be blocked (otherwise it will be a wild goose chase!)
    • The server you are using (DoT/DoH URL or DNSCrypt stamp).

  • We can certainly look into it to see if it is possible. Here are the general guiding principles to follow for whitelisting subdomains on Zulu DNS servers:

    • It must be targeted whitelisting (for example, only one or two subdomains are needed for the requested service to run).
    • It cannot be a core Google subdomain used in many other services (for example,,, etc).
    • It must not have a large impact on user privacy, espeically if it is a Google service that runs in the background without a user knowing (for example,

    If your request follows these general principles, please contact us. Zulu whitelist is published here for all users to see: Otherwise, you are also free to fully control and customize your own deGoogling experience via Custom DNS.

Contact Us

If you want to get in touch, please use the form below. We will reply back to the email address provided.

If you are not able to use the form or wish to email us directly, you can send your message to:

For General Inquiries: please feel free to email if you have any question, feedback or suggestions.

For Business Inquiries & Partnerships: please send us an email with what you have in mind. Let us know what DeCloudUs can do to help you or how we can collaborate to enhance everyone's online privacy.

For Blocking Requests: please email us the details of the exact URL that should be blocked along with a brief reason to explain why.

For Whitelisting Requests: please email us the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be whitelisted along with a brief reason to explain why.