I’ve decided to give some information about the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) services I’m running that are publicly available on the dnscrypt provider list. (aaflalo-me; aaflalo-me-gcp).

All the servers support only TLS 1.2 and TLS 1.3.


Url for DoH requests:


For DNS-over-TLS (DoT):


This is the main server. I’ve created this server using my own guide on how to setup pihole and DoH. It runs a customized version of dnsmasq (named FTL) that is provided by the PiHole installer. Currently working with more than 500 000 blacklisted domains.

To provide the DoH part of the service, I’m using NGINX, let’s encrypt and doh-server as explained by the tutorial on how to setup a DoH server.

For the DoT part, I’m using also NGINX and a simple DNS server, in this case PiHole. You can find how to configure it in my DoT Tutorial.

The server doesn’t log anything, I’ve no idea who you are what request you do on it.

It’s a VPS server hosted at RamNode in their Netherlands datacenter.


Url for DoH requests:


For DNS-over-TLS (DoT):


This server is a proxy of the aaflalo-me ; it runs Unbound which keep a local cache of minimum 600 seconds for each response. It’s connected directly to aaflalo-me server using a wireguard connection where all the traffic is encrypted with minimal overhead. (It’s a great protocol for VPN, I’ll do an article about it).

For the DNS-over-TLS, I’m using nginx in stream mode to provide the TLS part and directly send the traffic to the unbound server. This is useful if you’re using Android 9 (Pie). This way you don’t need to install another app to secure your DNS request and benefit from the ad blocking feature.

This server doesn’t do any kind of ad blocking itself, it only redirects the query to the first server and save the result in a cache.

Same configuration as aaflalo-me for the DoH part with Nginx, let’s encrypt and doh-server.

Also, it doesn’t log anything.

The server is hosted on Google Cloud Platform on a free-tier VM with a static IP on the US zone.


If you have issue with some website, I don’t mind adding new domain to the whitelist. You just need to contact me using the contact form and choose DNS as the reason. I usually respond quite fast.