Public DNS
Every time you open a website, your device queries a DNS resolver to translate the domain name into an IP address. These EU-based public DNS resolvers are operated by companies based exclusively in European Union (EU) member states, offering EU-hosted infrastructure, GDPR-compliant privacy policies, and full data sovereignty within the EU.
| Provider | Country | Free | DoT | DoH | Filtering |
|---|---|---|---|---|---|
| AdGuard DNS | 🇨🇾 CY | Yes | Yes | Yes | Ads, trackers, malware |
| DNS4EU | 🇨🇿 CZ | Yes | Yes | Yes | Malware, optional ads / child |
| DNS.SB | 🇩🇪 DE | Yes | Yes | Yes | No |
| Digitalcourage DNS | 🇩🇪 DE | Yes | Yes | No | No |
| FFMUC DNS | 🇩🇪 DE | Yes | Yes | Yes | No |
| dnsforge | 🇩🇪 DE | Yes | Yes | Yes | Ads, trackers, malware (optional) |
| le_dns | 🇫🇷 FR | Yes | Yes | Yes | No |
European public DNS resolvers
The EU DNS servers listed here are all free to use, some offer paid premium features. Most support modern connection protocols such as DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH). These modern protocols are preferable, as they offer better privacy over the older plain DNS protocol.
Switching away from your ISPs default DNS resolver to a privacy-aware one with a modern DoT/DoH protocol keeps your browsing history out of the hands of providers that may log, sell, or hand it over on request.
Most providers listed here also claim a "no logging" policy. However, such claims of "no logging" can ultimately not be verified by the end user (or us!). It requires trust in the provider.
Switching away from your ISPs default DNS resolver to a privacy-aware one with a modern DoT/DoH protocol keeps your browsing history out of the hands of providers that may log, sell, or hand it over on request.
Most providers listed here also claim a "no logging" policy. However, such claims of "no logging" can ultimately not be verified by the end user (or us!). It requires trust in the provider.
A public DNS resolver is a service that converts domain names like example.com into the IP addresses your device needs to connect. By default, most devices use the resolver assigned by their ISP. Switching to a public resolver lets you choose a provider that handles your queries with stricter privacy guarantees, faster routing, or optional content filtering.
European resolvers operate under EU and national data protection law, which restricts what can be logged and how long. Many of them are run by non-profits, civic-tech communities, or EU-funded projects rather than commercial entities, so there is no business model built on monetizing query data. Routing within Europe also tends to give lower latency, meaning slightly faster page loads.
The traditional DNS protocol was developed in the 80s, without much consideration for privacy. Regular traffic on the DNS protocol is not encrypted. DoT and DoH both attempt to fix this privacy issue, by transferring DNS requests over other protocols (DoT = TLS, DoH = HTTPS).
DoT (DNS-over-TLS) and DoH (DNS-over-HTTPS) both encrypt DNS queries between your device and the resolver, hiding them from anyone watching the network. DoT runs on its own port (853) and is easy to spot and block as DNS traffic, while DoH runs on port 443 and looks like normal HTTPS traffic. DoT is generally simpler to configure system-wide on Android, Linux, and routers; DoH is easier to enable per-application, especially in browsers.
AdGuard DNS, dnsforge, and DNS4EU each provide filtering endpoints that block ads, trackers, and known malware domains at the DNS layer. AdGuard offers paid plans with improved ad filtering.
FFMUC DNS, Digitalcourage DNS, DNS.SB, and le_dns all explicitly return unmodified DNS answers without any filtering.
Yes, with the same caveats as any DNS provider. Trust is the underlying question: You must trust the provider. Any claims of "no logging" or "zero logs" can not be verified by you as the end user. You can not really look into their servers and see the exact software they are running and if they are truly not storing any logs.