Private DNS resolver — no query logging, blocks ads and trackers.

Prosvetech DNS

What it is

Prosvetech DNS — a private DNS resolver based on Blocky. Answers “where is this site?” queries, shields your device from ad and tracker hosts, stores nothing. Runs over the encrypted DoH and DoT protocols — your ISP and stranger Wi-Fi networks can’t tell which sites you’re opening.

A baseline privacy setting for a phone or computer. Once your system DNS points at ours, ads get filtered out at lookup time — before the browser even tries to fetch them. No separate browser blocker needed.

Protection levels

Three profiles — pick the one that fits you. Same server address, only the URL suffix differs.

Minimal

Blocks malicious sites only — malware, phishing, scams, trojans. Ads and trackers pass through.

DoH

Default recommended

Blocks malicious sites plus ads, trackers, telemetry. Right for most users.

DoH

DoT

Strict

Filters everything default does, plus affiliate links and referral tracking. Occasionally breaks individual sites.

DoH

To switch levels, change the URL in your device’s settings. If default feels too loud, go minimal; if it’s letting too much through, go strict.

If a site you need got caught by mistake, reach out via private channel and we’ll add it to the allowlist.

DoT is only wired up for the default level (above). Need level switching over DoT? Ping us and we’ll wire it up.

How to set it up

Server address — dns.polycrate.org. Setup takes a minute or two on each system.

Android 9+: Settings → Network & Internet → Private DNS → Hostname → dns.polycrate.org → Save.
Windows 11: Settings → Network & Internet → Wi-Fi or Ethernet → DNS server assignment → DoH → https://dns.polycrate.org/dns-query.
Linux (systemd-resolved): set DNS=dns.polycrate.org, DNSOverTLS=yes, DNSSEC=allow-downgrade in /etc/systemd/resolved.conf → sudo systemctl restart systemd-resolved. DoH needs a separate daemon (dnsproxy / cloudflared).
Firefox (without changing the whole system): Settings → Privacy & Security → DNS-over-HTTPS → Custom → https://dns.polycrate.org/dns-query.
Chrome / Brave: Settings → Privacy and security → Security → “Use secure DNS” → “With a custom provider” → https://dns.polycrate.org/dns-query.
iOS / macOS: ready-made profiles below — one click, no manual steps.

Ready-made profiles for iPhone / Mac

Pick a level, optionally add exceptions, and download the .mobileconfig. Open the downloaded file — iOS or macOS will offer to install it. The system will then use our DNS automatically.

Level · pick one

Minimal Default Strict

Disable on these Wi-Fi networks · optional

Comma-separated. Wi-Fi SSIDs where our DNS should not be used — e.g. a home or office network that already runs its own resolver.

Don't use for these domains · optional

Comma-separated. These names will fall back to your system DNS (corporate VPN, local-network hostnames).

Download infra-dns-.mobileconfig

Uninstall or switch DNS

Remove our profile (iOS / macOS)

iOS: Settings → General → VPN & Device Management → “Private DNS” profile → “Remove Profile”.
macOS: System Settings → General → Device Management → “Private DNS” profile → minus button → confirm.

Reset DNS on other systems

Android: Settings → Network & Internet → Private DNS → “Automatic” — falls back to your carrier’s DNS.
Windows 11: Settings → Network & Internet → Wi-Fi / Ethernet → DNS server assignment → “Automatic (DHCP)”.
Firefox: Settings → Privacy & Security → DNS-over-HTTPS → “Off” — queries go back to system DNS.

Alternatives if our DNS isn’t a fit

Cloudflare: 1.1.1.1 or DoH https://cloudflare-dns.com/dns-query. Fast, no filtering.
Quad9: 9.9.9.9 or DoH https://dns.quad9.net/dns-query. Swiss-based, filters malware.
AdGuard DNS: 94.140.14.14 or DoH https://dns.adguard-dns.com/dns-query. Ad-blocking.

FAQ

Do you store queries? No. Neither client IPs nor the domains being queried go anywhere — not to files, not to a database, not to metrics.

What exactly gets blocked? Ads, trackers, phishing domains, and malware. The strict profile adds affiliate and referral trackers on top. What each level filters — see Protection levels above; the source blocklists powering all of it are in Blocklists below.

A site I need got caught by mistake. What now? Reach out via the private channel — we’ll add it to the allowlist.

Does it work alongside a VPN? Yes. On our VPN our DNS is already the default — nothing extra to set up. With a third-party VPN you can layer our DNS on top: the tunnel encrypts the channel, DoT/DoH encrypts the DNS queries inside. They don’t conflict.

Blocklists

The source lists the filter is built on — open, maintained by independent authors. Feel free to inspect them or compare with what other DNS services use.

HaGeZi DNS Blocklists — the backbone. Pro for the default level, Pro++ for strict, TIF for the threat-intelligence feed.
URLhaus — domains actively distributing malware, from abuse.ch.
Phishing Army — independent phishing-domain feed.

Our blocky config (full list + allowlist) lives at services/main/03-blocky/blocky.yml.

Source code

Blocky: github.com/0xERR0R/blocky