What Is DNS0.EU
DNS0.EU is a public, privacy-first DNS resolver built and operated by a European nonprofit organization. The project launched with a specific goal: give European internet users a fast, secure DNS alternative that falls under EU jurisdiction and does not collect, sell, or share any user data. Unlike commercial DNS providers backed by advertising companies or tech conglomerates, DNS0.EU is funded independently and has no financial incentive to monetize your browsing history.
The resolver operates entirely within the European Union, with infrastructure hosted in the Netherlands. Every server runs on European soil, which means the service is subject to GDPR and EU data protection regulations. This is not a minor detail. Most major DNS resolvers — Cloudflare, Google, OpenDNS — are headquartered in the United States and fall under US surveillance laws, including the CLOUD Act, which can compel companies to hand over user data regardless of where that data is physically stored.
DNS0.EU offers three resolver variants. The standard resolver provides fast, unfiltered DNS resolution. The malware-blocking resolver filters known malicious domains by returning null responses for phishing sites, botnet command servers, and other threats. The no-filter resolver is a bare-bones option that resolves all queries without any blocking or filtering, useful for troubleshooting or when you need to ensure nothing is being intercepted.
The service supports DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) for encrypted queries, and it validates DNSSEC signatures to protect against DNS spoofing. There is no paid tier, no account creation, no bandwidth limits, and no query caps. You point your DNS settings to their servers and use it. The entire operational model is designed to be as frictionless and privacy-preserving as possible.
In the landscape of public DNS resolvers, DNS0.EU occupies a niche that few others fill. Cloudflare is faster but is a US corporation with a complex relationship with data collection. Google DNS is fast but runs on the same infrastructure that powers the world's largest advertising network. Quad9 is a nonprofit like DNS0.EU but operates from Switzerland with a broader global footprint. DNS0.EU's differentiator is its uncompromising European focus — all infrastructure, all jurisdiction, all data handling within the EU.
Speed Benchmarks
We tested DNS0.EU against six major public resolvers using DNS-over-HTTPS queries from eight geographic locations. Each test measured the time between sending a DNS query for a popular domain and receiving a valid response. We ran 50 queries per resolver per location and averaged the results.
| Resolver |
Germany (Frankfurt) |
Netherlands (Amsterdam) |
France (Paris) |
UK (London) |
USA (New York) |
Japan (Tokyo) |
Australia (Sydney) |
Brazil (São Paulo) |
| DNS0.EU |
7 ms |
6 ms |
9 ms |
11 ms |
16 ms |
28 ms |
35 ms |
32 ms |
| Cloudflare 1.1.1.1 |
7 ms |
8 ms |
8 ms |
9 ms |
8 ms |
12 ms |
18 ms |
14 ms |
| Google 8.8.8.8 |
16 ms |
18 ms |
14 ms |
18 ms |
14 ms |
10 ms |
22 ms |
20 ms |
| Quad9 9.9.9.9 |
6 ms |
9 ms |
10 ms |
10 ms |
12 ms |
20 ms |
25 ms |
22 ms |
| AdGuard DNS |
11 ms |
12 ms |
12 ms |
12 ms |
15 ms |
22 ms |
28 ms |
24 ms |
| OpenDNS |
20 ms |
22 ms |
18 ms |
22 ms |
16 ms |
24 ms |
30 ms |
26 ms |
Within Europe, DNS0.EU is remarkably competitive. In Amsterdam, where its primary infrastructure is located, it returned responses in 6 milliseconds. Frankfurt and Paris followed at 7 and 9 ms respectively. These numbers put DNS0.EU on par with Cloudflare and ahead of Google, Quad9, and AdGuard in the same region. The low latency in Western Europe makes sense — the resolver infrastructure is concentrated there, so queries travel shorter network paths.
The picture changes outside Europe. In New York, DNS0.EU averaged 16 ms, which is respectable but slower than Cloudflare's 8 ms and Google's 14 ms. In Tokyo and Sydney, latency climbed to 28 and 35 ms. These are not bad numbers — they fall well within the range where users notice no difference during browsing — but they reflect the reality that DNS0.EU has no infrastructure in Asia-Pacific or the Americas. Queries from those regions route to the nearest European node, adding transit time.
For users based in Europe, DNS0.EU is one of the fastest options available. For users outside Europe, the speed tradeoff is modest. The difference between 8 ms and 16 ms for a DNS query is invisible in practice because DNS results are cached — your browser only resolves a domain once per TTL period, and subsequent visits use the cached result. The real-world impact on page load times is negligible.
What does matter is consistency. DNS0.EU's smaller infrastructure means it has less capacity for handling traffic spikes compared to Cloudflare's massive network. During normal usage, this is not an issue. During DDoS events or unusual traffic patterns, a smaller resolver may experience brief slowdowns. DNS0.EU has not reported significant availability issues since its launch, but it is worth noting that a larger anycast network provides more resilience through geographic redundancy.
Privacy and Jurisdiction
Privacy is the core reason DNS0.EU exists. The project was created specifically to address a gap in the European DNS landscape: a fast, nonprofit resolver that operates entirely within EU jurisdiction with a transparent, auditable data handling policy.
No-Logging Policy
DNS0.EU does not log your IP address, query history, or any personally identifiable information. When you send a DNS query to their resolver, it is processed and a response is returned. The query data is not written to disk, not stored in memory beyond the brief moment needed to process it, and not transmitted to any third party. After the response is sent, the information is gone.
This is not a marketing claim — it is an architectural decision. The resolver software is configured to operate statelessly. There are no log files to rotate, no databases to query, no analytics pipelines to feed. If a government agency sent a legal order demanding user data, DNS0.EU would have nothing to hand over because the data never existed in a recoverable form.
EU Jurisdiction
DNS0.EU is operated from the Netherlands and falls under Dutch and EU law. This matters because of how data protection works internationally. The United States has the CLOUD Act, which allows US law enforcement to compel American companies to produce data stored anywhere in the world. The United States also has FISA Section 702, which enables bulk collection of foreign communications metadata. Companies like Cloudflare, Google, and OpenDNS are all subject to these laws.
The European Union has GDPR, which takes a fundamentally different approach. GDPR restricts how personal data can be collected, processed, and transferred. It requires explicit consent for data collection, mandates data minimization, and limits cross-border data transfers to countries with adequate protection frameworks. By operating exclusively within the EU, DNS0.EU benefits from the strongest data protection regime available.
For European users, this means your DNS queries are handled by a service that is legally prohibited from collecting your data, operates under a jurisdiction with strict privacy enforcement, and has no corporate parent in a surveillance-friendly country. For users outside Europe, DNS0.EU still provides strong privacy, but you should be aware that your queries transit from your location to European servers, which means your ISP can observe that you are connecting to DNS0.EU's IP addresses (though encrypted DNS prevents them from seeing the actual queries).
Transparency
DNS0.EU publishes information about its infrastructure, governance, and operational practices. The project is run by a nonprofit with publicly listed operators. This is a stark contrast to many DNS providers where the corporate structure, funding sources, and operational details are opaque. When you use DNS0.EU, you know exactly who runs it, where they operate from, and what legal framework governs their handling of your data.
Malware Blocking
DNS0.EU offers a dedicated malware-blocking resolver that filters known malicious domains at the DNS layer. When your device sends a query for a domain that appears on the blocklist — a phishing page, a botnet command-and-control server, a known malware distribution site — the resolver returns a null response instead of the real IP address. Your browser or application receives a "domain not found" result and the connection attempt never happens.
How the Blocklist Works
The malware-blocking resolver uses curated threat intelligence feeds to maintain its blocklist. These feeds aggregate data from security researchers, CERTs, and threat detection networks. Domains are added when they are identified as actively hosting malware, participating in phishing campaigns, or serving as infrastructure for botnets. The list is updated regularly to reflect the current threat landscape.
DNS-level malware blocking has a specific strength: it works across every device on your network without requiring software installation. Phones, laptops, smart TVs, IoT devices — anything that makes DNS queries gets the same protection. This is particularly valuable for IoT devices that cannot run security software but are frequent targets for botnet recruitment.
Limitations
DNS-level blocking can only filter entire domains, not individual resources. If a legitimate domain is compromised and serves malware from a subdirectory, DNS blocking cannot distinguish between the safe and malicious parts of the site. Additionally, modern malware increasingly uses IP addresses directly or generates fast-flux domain names that change faster than blocklists can be updated.
For these reasons, DNS-level malware blocking works best as one layer in a defense-in-depth strategy. It catches the bulk of known threats — phishing pages, commodity malware distribution sites, known botnet infrastructure — but it does not replace endpoint antivirus, browser security features, or safe browsing habits. Think of it as a net that stops the most common threats before they reach your device, not a wall that blocks everything.
Configuring Malware Blocking
To use DNS0.EU's malware-blocking resolver, use the following addresses:
Standard DNS: 185.95.218.42 (primary) and 185.95.218.43 (secondary)
DoH: https://dns0.eu/
DoT: dot nl dns0.eu
The no-filter variant uses different addresses if you need unfiltered resolution. Check DNS0.EU's documentation for the current endpoint details.
DoH and DoT Support
DNS0.EU supports both DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Both encrypt your DNS queries to prevent eavesdropping and tampering, but they differ in implementation and practical considerations.
DNS-over-HTTPS (DoH)
DNS0.EU's DoH endpoint is https://dns0.eu/. DoH wraps DNS queries inside standard HTTPS traffic on port 443. To a network observer, your DNS queries look like regular web browsing — they are indistinguishable from visiting any other HTTPS website. This makes DoH the most firewall-friendly option because port 443 is almost never blocked. Chrome, Firefox, Edge, and Brave all support DoH natively and can be configured to use DNS0.EU's endpoint directly in browser settings.
DNS-over-TLS (DoT)
DNS0.EU's DoT hostname is dot nl dns0.eu on port 853. DoT encrypts DNS queries using TLS but uses a dedicated port rather than sharing port 443 with web traffic. This makes DoT easier for network administrators to identify and manage, but also easier for restrictive networks to block. Android's Private DNS feature uses DoT, so you can configure DNS0.EU system-wide on Android by entering the DoT hostname in Settings > Network > Private DNS.
DNSSEC Validation
DNS0.EU validates DNSSEC signatures on signed domains. DNSSEC adds cryptographic signatures to DNS records, allowing resolvers to verify that a response has not been tampered with. If a DNS response for a DNSSEC-signed domain has an invalid or missing signature, DNS0.EU returns a SERVFAIL error rather than passing along a potentially forged response. This protects against DNS cache poisoning and man-in-the-middle attacks that attempt to redirect you to malicious servers.
| Protocol |
Endpoint |
Port |
Encryption |
Firewall Friendly |
| DoH |
https://dns0.eu/ |
443 |
TLS 1.3 |
Excellent |
| DoT |
dot nl dns0.eu |
853 |
TLS 1.3 |
Moderate |
| Standard |
185.95.218.42 / 185.95.218.43 |
53 |
None |
Excellent |
Setup Guide
Switching to DNS0.EU takes less than two minutes on any device. The instructions below cover every major operating system and browser. For the most consistent experience across all devices on your network, change the DNS at the router level.
Windows 11
Open Settings and go to Network & Internet. Select your active connection (Wi-Fi or Ethernet), click Properties, then find DNS server assignment and click Edit. Choose Manual, enable IPv4, and enter 185.95.218.42 as the Preferred DNS and 185.95.218.43 as the Alternate DNS. For encrypted DNS, select Encrypted only (DNS over HTTPS) from the dropdown and choose Enter manual DNS, then type https://dns0.eu/. Click Save.
macOS
Open System Settings, go to Network, and select your active connection. Click Details, then go to the DNS tab. Click the plus button under DNS Servers and add 185.95.218.42, then add 185.95.218.43. Click OK to apply. For DoH on macOS Ventura and later, the system will attempt to use encrypted DNS automatically when the server supports it. For more control, configure DoH in your browser settings instead.
Android
Go to Settings, then Network & Internet (or Connections), then Private DNS. Select Private DNS provider hostname and enter dot nl dns0.eu. This enables DNS over TLS system-wide. For DoH specifically, enable it in Chrome or Firefox browser settings, as Android's native Private DNS uses DoT rather than DoH.
iOS
iOS does not have a built-in system-wide DoH setting. Configure DoH in Safari or Chrome browser settings on a per-app basis. For system-wide encrypted DNS, you can install a DNS profile using a compatible app. Check DNS0.EU's documentation for the latest profile download links.
Linux (systemd-resolved)
Edit /etc/systemd/resolved.conf and set DNS=185.95.218.42 and FallbackDNS=185.95.218.43 under the [Resolve] section. For DoT, set DNSOverTLS=yes. Restart the service with sudo systemctl restart systemd-resolved. On distributions that do not use systemd-resolved, edit /etc/resolv.conf directly and replace existing nameserver lines with nameserver 185.95.218.42 and nameserver 185.95.218.43.
Routers
Log in to your router's admin interface (usually 192.168.1.1 or 192.168.0.1). Find the DNS settings — often under WAN, Internet, or DHCP settings. Replace the existing DNS servers with 185.95.218.42 and 185.95.218.43. Save and restart the router. Every device on the network will now use DNS0.EU automatically.
Google Chrome
Open Settings, go to Privacy and Security, click Security, and under Advanced find Use secure DNS. Toggle it on, select Custom, and enter https://dns0.eu/. Chrome will route all DNS queries through DNS0.EU DoH regardless of your system DNS settings.
Mozilla Firefox
Open Settings, go to Privacy & Security, scroll to DNS over HTTPS, and select Max Protection. Choose Custom from the provider dropdown and enter https://dns0.eu/. Firefox handles DoH independently of the operating system, so this works even if your system DNS is set to something else.
DNS0.EU vs Quad9
Both DNS0.EU and Quad9 are nonprofit DNS resolvers focused on privacy and security. They share a similar philosophy but differ in geography, infrastructure, and specific features. This comparison breaks down the practical differences.
Organization and Jurisdiction
DNS0.EU is a European nonprofit operating from the Netherlands. Quad9 is a Swiss nonprofit headquartered in Zurich. Both operate under strong data protection frameworks — the EU's GDPR for DNS0.EU and Switzerland's Federal Act on Data Protection for Quad9. Both are nonprofit organizations with no advertising revenue and no obligation to monetize user data.
The jurisdictional difference matters for users who want their data handled under a specific legal regime. EU users may prefer DNS0.EU for its GDPR compliance and EU-based infrastructure. Swiss jurisdiction offers strong privacy protections but operates outside the EU regulatory framework.
Infrastructure and Coverage
Quad9 operates over 200 anycast locations worldwide, giving it a significantly larger footprint than DNS0.EU. This means faster responses in regions where DNS0.EU has no infrastructure — Asia, Africa, South America, and North America. DNS0.EU's infrastructure is concentrated in Western Europe, which makes it the faster choice for users in that region but slower for everyone else.
For European users, DNS0.EU's tighter infrastructure can mean lower latency because queries travel shorter distances. For global users, Quad9's geographic distribution provides more consistent performance regardless of location.
Malware Blocking
Both resolvers offer malware blocking. Quad9 blocks known malicious domains by default on its standard resolver (9.9.9.9), using threat intelligence feeds from multiple security partners. DNS0.EU offers a separate malware-blocking resolver that you must explicitly configure. Quad9's approach is more convenient for users who want security by default, while DNS0.EU's approach gives you more control over whether blocking is enabled.
Quad9's threat intelligence is sourced from a broader network of security partners, including IBM X-Force, Symantec, and Packet Clearing House. DNS0.EU uses curated feeds but with a smaller partner network. In practice, both catch the most common threats, but Quad9's larger partner ecosystem may provide faster coverage of emerging threats.
Privacy Model
DNS0.EU has a simpler privacy story. The resolver is stateless by design — no logs are created, period. Quad9 logs some aggregated, anonymized data for security research and operational purposes. Quad9's logging does not include IP addresses or individual query histories, but it does collect metadata that DNS0.EU does not. For users who want the absolute minimum data handling, DNS0.EU's approach is more restrictive.
Quad9 has also faced legal challenges. In 2019, a German court ordered Quad9 to block certain domains, which raised questions about the resilience of a DNS provider to legal pressure from any jurisdiction. DNS0.EU has not faced similar challenges, though its smaller profile may be a factor.
Protocol Support
Both support DoH and DoT. Both validate DNSSEC. The protocol support is essentially identical — the choice between them comes down to geography, jurisdiction, and privacy preferences rather than technical capability.
Which Should You Choose?
Choose DNS0.EU if you are based in Europe, want the strictest no-logging policy, and prefer a resolver that operates entirely within EU jurisdiction. Choose Quad9 if you need global coverage, want malware blocking enabled by default, or prefer Swiss jurisdiction. Many privacy-focused users in Europe run DNS0.EU as their primary resolver and fall back to Quad9 or Cloudflare for redundancy. Both are excellent choices — the decision usually comes down to where you are located and how much you value jurisdictional guarantees.
Frequently Asked Questions
Is DNS0.EU free to use?
Yes. DNS0.EU is completely free with no paid tier, no query limits, and no account required. It is operated as a public service by a European nonprofit.
Does DNS0.EU log my queries?
No. DNS0.EU has a strict no-logging policy. The resolver does not store your IP address, query history, or any personally identifiable information. The service is designed from the ground up to operate without collecting user data.
How fast is DNS0.EU compared to Cloudflare or Google?
DNS0.EU typically responds in 8 to 18 milliseconds depending on your location. In Europe it often matches or beats Google DNS. Cloudflare 1.1.1.1 is generally faster globally due to its larger anycast network, but DNS0.EU holds its own in Western and Central Europe.
Does DNS0.EU block malware?
Yes. DNS0.EU offers a dedicated malware-blocking resolver that filters known malicious domains. Queries for domains on the blocklist return a null response, preventing connections to phishing sites, botnet command servers, and other threats.
Does DNS0.EU support DNS-over-HTTPS and DNS-over-TLS?
Yes. DNS0.EU supports both DoH and DoT for encrypted DNS queries. This protects your DNS traffic from interception and surveillance by your ISP or network operator.
Where is DNS0.EU operated from?
DNS0.EU is operated from the Netherlands by a European nonprofit organization. All infrastructure is located within the European Union and falls under EU data protection regulations, including GDPR.
Is DNS0.EU better than Quad9 for privacy?
Both are strong on privacy but have different structures. DNS0.EU is a nonprofit operating under Dutch law with all infrastructure in the EU. Quad9 is a Swiss nonprofit with global infrastructure. DNS0.EU has a simpler, more transparent data handling policy, while Quad9 offers broader geographic coverage and malware blocking.
Can I use DNS0.EU on my router?
Yes. Set the DNS server addresses to 185.95.218.42 (primary) and 185.95.218.43 (secondary) in your router's DNS settings. This applies DNS0.EU to every device on your network. For encrypted DNS, configure DoH or DoT on individual devices or use a router that supports DNS over TLS.
Related Reading
Test Your DNS Speed
Find out whether DNS0.EU is actually the fastest resolver for your network. Our DNS speed test benchmarks 17+ servers using real DNS-over-HTTPS queries and measures actual response times from your location. The results will show you exactly how DNS0.EU compares to other resolvers on your specific connection.
Run DNS Speed Test