HostuxDNS

Android has included a built-in encrypted DNS feature called Private DNS since version 9 (Pie). It uses DNS over TLS on port 853 and requires no third-party app. It encrypts all DNS traffic from the device, regardless of which app sends it.

You need: Android 9 or later, any network connection.

1. Open Settings on your device.
2. Search for Private DNS. Depending on the manufacturer, it may be under one of these paths:
   • Network & internet > Advanced > Private DNS
   • Connections > More connection settings > Private DNS
   • Wi-Fi & network > Private DNS
3. Select Private DNS provider hostname (or Custom).
4. Enter: dns.hostux.net
5. Tap Save.

Android will now send all DNS queries encrypted over TLS to HostuxDNS. The change applies immediately on the current connection.

Private DNS uses DoT, which does not support separate filtering endpoints. To use the HostuxDNS ad and tracker blocking endpoint (https://dns.hostux.net/ads) on Android, you need a DoH-capable app. Two options:

• Intra: lightweight app from Jigsaw (Google), easy to configure with a custom DoH URL.
• AdGuard for Android: supports DoH, DoT, and DoQ with a custom server.

Enter https://dns.hostux.net/ads as the custom DoH URL in either app.

After saving, open any browser and visit a site you have not visited recently. If Private DNS is active, there should be no DNS failure.

To confirm the resolver in use, you can run a DNS leak test from a browser, which will report the resolver IP. HostuxDNS runs on 46.226.108.173 and 46.226.109.82.