Pittsburgh DNS is an Anycast DNS service offered for free hosted by myself on BuyVM’s platform. With servers in Las Vegas, New York, Miami, and Luxembourg (soon to be Switzerland), I offer a free public DNS service filtered by AdGuardHome with all of the default blacklists except for “No Google” (so there is no Google filtering, of course). 4Chan is the only blocked service for legal reasons (I found no other legitimate reason to block any of the others).
All logging is disabled with only anonymous statistics of DNS requests. Lookups are performed by Unbound, a resolver which looks up DNS requests directly from the authoritative nameservers of these domains so there is less of a risk of middleman attacks and less risk for me due to amplification attacks such as denial of service (DoS) on other DNS servers. This does mean however, that there is no current encrypted connection between Unbound and the authoritative name server, however DNS requests made using secure DNS will only appear to be coming from the resolver which is requesting them. The resolvers are configured with DNSSEC, a security technique for verifying DNS keys with the authoritative server to make sure they are legitimate by verifying them with a signed key and a server verification.
Anycast is a “service” or routing technique. It uses one IP address and automatically selects the appropriate server to route your DNS request to based on the location your request is coming from and the availability of servers. This means that there is one IP address for all server locations unlelss you want to use a non-Anycast IP. At the moment, I am only releasing the Anycast IP address, however the DNS servers do have individual IP addresses which I will release later.
Secure DNS
Secure DNS is available including DNS over HTTPS and DNS over Quic. DNS over HTTPS is available on port 444 and DNS over Quic is available on the default port (853). These services are also Anycasted. Unencrypted DNS is available on the standard UDP port 53.
EDNS Client Subnet (ECS)
ECS is enabled to allow support for Samsung TVs, among other web services which benefit from it. While this may be a privacy concern for some, this DNS resolver is mainly setup for legitimate adblocking and malware filtering. No logging of DNS requests is performed.
ECS is a way of filtering DNS responses so that DNS queries only return specific information based on the request, typically the location of which the request is made. In this way, ECS returns, for example, servers which are in close proximity to that of the user for the fastest internet experience. However, because the ECS uses geolocation data from the requesting address, it is a privacy concern to some because it can allow for tracking of users’ locations through DNS.
Possible future expansion of Pittsburgh DNS may offer a non-ECS service for those who are interested, however there are a lot of DNS services available which do not offer ECS. At the moment, I am not considering adding another IP just for non-ECS DNS, so it would be offered on a non-standard port if made available.
Ports and Address
Secure DNS and Quic is available at dns.k1vzx.com, ports 444 (https) and 853 (quic). Unencrypted DNS is at port 53. For Firefox and Chrome, use secure DNS location https://dns.k1vzx.com:444/dns-query.
Bug Reports
Bug reports are welcome. If you, like I had, find an issue with the servers, I am willing to investigate the issue and whitelist domains for you to get something working. For note, I use an iPhone and a Samsung TV. However, if you have an Android device, I am very interested in working with you to prevent issues with this network from allowing these devices to work correctly in the appropriate way. For this reason, you can always submit requests to me at my DNS server contact address here and I will do my best to get back to you in a timely manner.