Quick Start
Configure your device to use the Open tier. See Full for strong family-safe blocking or Lite for light oisd protection.
Android 9+ (Private DNS)
open.public-rdns.com
Firefox / Chrome / Edge / Brave (DoH)
https://open.public-rdns.com/dns-query
systemd-resolved (Linux)
[Resolve] DNS=37.27.125.213#open.public-rdns.com 2a01:4f9:3070:2feb::213#open.public-rdns.com DNSOverTLS=yes DNSSEC=allow-downgrade
sudo systemctl restart systemd-resolved resolvectl status
Unbound forwarder (Linux / BSD)
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 37.27.125.213@853#open.public-rdns.com
forward-addr: 2a01:4f9:3070:2feb::213@853#open.public-rdns.com
Windows 11 (DoH)
IPv4: 37.27.125.213 DoH: https://open.public-rdns.com/dns-query IPv6: 2a01:4f9:3070:2feb::213 DoH: https://open.public-rdns.com/dns-query
Routers (plain / DoT)
Primary: 37.27.125.213 IPv6: 2a01:4f9:3070:2feb::213
OpenWrt / pfSense / OPNsense — forward over DoT to open.public-rdns.com:853.
Command line
dig @open.public-rdns.com example.com kdig @open.public-rdns.com +tls example.com kdig @open.public-rdns.com +https example.com
Endpoints
| Transport | Address |
|---|---|
| DoH | https://open.public-rdns.com/dns-query |
| DoT | open.public-rdns.com:853 |
| Plain DNS | open.public-rdns.com |
| IPv4 | 37.27.125.213 |
| IPv6 | 2a01:4f9:3070:2feb::213 |
This resolver publishes _dns.resolver.arpa SVCB records for DDR auto-discovery.
Android
Settings → Network & internet → Advanced → Private DNS → Private DNS provider hostname:
open.public-rdns.com
Apple (iOS, iPadOS, macOS)
Download a profile from Quick Start (DoT recommended) and install via Settings → General → VPN & Device Management (iOS) or System Settings → Privacy & Security → Profiles (macOS).
Browsers
https://open.public-rdns.com/dns-query
Browser DoH only protects the browser. For system-wide protection, configure the OS instead.
systemd-resolved and Unbound
[Resolve] DNS=37.27.125.213#open.public-rdns.com 2a01:4f9:3070:2feb::213#open.public-rdns.com DNSOverTLS=yes DNSSEC=allow-downgrade
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 37.27.125.213@853#open.public-rdns.com
forward-addr: 2a01:4f9:3070:2feb::213@853#open.public-rdns.com
Windows
Windows 11: Settings → Network & internet → Edit DNS → Manual. IPv4: 37.27.125.213, DoH URL: https://open.public-rdns.com/dns-query.
Routers
Primary: 37.27.125.213 IPv6: 2a01:4f9:3070:2feb::213
OpenWrt, pfSense, and OPNsense can forward over DoT to open.public-rdns.com:853.
Transports
curl -s -H 'accept: application/dns-message' \ "https://open.public-rdns.com/dns-query?dns=q80BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE" | xxd kdig @open.public-rdns.com +tls example.com dig @open.public-rdns.com example.com
Blocking
The Open tier performs no blocking — every name resolves if it exists in the global DNS. No RPZ feeds are loaded. If you need protection, use the Full or Lite tier instead.
Comparison
| Public RDNS Open | Cloudflare 1.1.1.1 | Quad9 | NextDNS | AdGuard | |
|---|---|---|---|---|---|
| Logs queries? | No | Yes (24h+) | No | Configurable | Yes |
| DNSSEC enforced | Yes (hard fail) | Yes | Yes | Yes | Yes |
| Family-safe blocking | None | Malware only | Malware + some | Configurable | Strong |
| NSFW / Gambling blocks | None | No | Limited | Paid tiers | Paid tiers |
| Native tracker blocking | None | No | No | Paid | Paid |
| QNAME minimisation | Yes | Yes | Yes | Yes | Yes |
| ECS (client IP leak) | Disabled | Enabled | Disabled | Optional | Optional |
| Cost | $0 | $0 | $0 | Free tier limited | Free tier limited |
| Transparent operator | Yes (this page) | US corp | Non-profit | For-profit | For-profit |