User Tools

Site Tools


Table of Contents


tumaBox offers a public DNS service. Why should you use our DNS? Because:

  • You don't want your ISP or other DNS provider to forbid/forge/redirect the domains that you access. We only return true responses as received from authority servers.
  • You don't want your ISP or other DNS provider to log any domain that you access and build profiles on you. We don't keep logs of the domains that you access. We don't do profiles. We respect your privacy.
  • You don't want your ISP or other DNS provider to snoop every domain that you access. You'll have to use dnscrypt for this (see below) and also an encrypted protocol in your application (such as https, ssh etc.)
  • You don't want to depend on US based ICANN and you don't want to support their monopoly on domain names. We use OpenNic root servers.
  • You want to access non-ICANN (unofficial) domains supported by OpenNic


  • We do not log domains or ips.
  • We only provide answers as we receive them
  • We use OpenNic root servers. These are alternative community supported root servers that include all “official” domain names but also provide new TLDs that are not accessible when using “normal” DNS servers. You get access to .bbs .geek .pirate .indy TLDs and many more. For a complete list of OpenNic TLDs (that are not accessible with “normal” DNS servers) see here
  • We provide dnscrypt service. This means that all domain queries and answers move encrypted between your computer and our servers.
  • We support both ipv4 and ipv6
  • It may be faster than your current DNS provider


  • It may be slower than your current DNS provider
  • We don't currently support DNSSEC so there's still a possibility of forging by an upstream server
  • There is no such thing as end-to-end encryption in DNS. Even if you use dnscrypt the information will move unencrypted between our server and upstream servers

How to use

Simply point set your nameserver to:

for ipv4 or:


for ipv6.

Refer to your operating system documentation for how to do this.


If you want the queries and answers to move encrypted between your computer and our server you'll have to use dnscrypt. See here how to install a dnscrypt client on your computer. You'll need the following information:

  • ip: or 2a01:4f8:1c1c:6694::1
  • port: 5353
  • provider name:
  • provider key: D591:7B11:6A35:3114:C238:AA99:A6EB:0C28:7CF7:6805:41AC:5DBF:A8A0:239E:228C:5B06


By using this service you take full responsability. We do NOT take any responsability whatsoever. The terms and/or availability of this service may change without prior notice.

Unfortunately the internet as it is makes IP spoofing available which makes many attacks possible. The way DNS was designed makes it a particularly interesting target for such attacks with DNS amplification attack being one of the most popular. We do not want to support such attacks and this is why we reserve the right to rate limit, mask particular domains or block access to this service entirely without any notice. If you this doesn't suit you please don't use our DNS service. The rate limits are designed for a typical personal computer or home network. If you're usage pattern needs more than this use dnscrypt.

dns.txt · Last modified: 2019/01/18 07:21 by admin