portal.switch.ch
Open in
urlscan Pro
2001:620:0:ff::5c
Public Scan
Submitted URL: https://dns.switch.ch/
Effective URL: https://portal.switch.ch/pub/public-dns/
Submission: On July 11 via api from IT — Scanned from CH
Effective URL: https://portal.switch.ch/pub/public-dns/
Submission: On July 11 via api from IT — Scanned from CH
Form analysis 0 forms found in the DOM
Text Content
* Login
Toggle navigation Community Portal
* DNS Firewall
* Open Data
* Public DNS
SWITCH PUBLIC DNS
Public DNS resolver (beta) for the Swiss Internet community
The SWITCH Public DNS service is accessible using transport encryption
protocols. Our servers are located in data centers in Zurich and Lausanne and
provide low latency from within Switzerland.
In addition to an encrypted communication channel, the DNS resolver service
provides, by default, the following security features:
* DNSSEC validation protects from forged or manipulated DNS data from upstream
servers
* DNS Query Name Minimisation to improve privacy
* SWITCH DNS Firewall blocks access to infected or malicious websites and
redirects users to a landing page
The DNS resolver service blocks domain names listed in the block list by the
Swiss gaming law "Geldspielgesetz (BGS)".
SERVERS
Host name (DoT):
* dns.switch.ch
URL (DoH):
* https://dns.switch.ch/dns-query
IP addresses:
* 130.59.31.248
* 130.59.31.251
* 2001:620:0:ff::2
* 2001:620:0:ff::3
Supported protocols:
* DNS over TLS (DoT) as defined in RFC 7858 on port 853/TCP
* DNS over HTTPS (DoH) as defined in RFC 8484 on port 443/TCP
MOTIVATION
More and more client applications add support for encrypted DNS protocols. For
example Android has built-in support and automatically upgrades to DoT if a
network's DNS server supports it. Web browsers such as Mozilla Firefox or Chrome
have added DoH support. We want to provide our users the ability to use our DNS
servers when located outside the SWITCH network. Encrypted DNS protocols such as
DoT or DoH provide privacy between the client application and the SWITCH DNS
resolver. This eliminates opportunities for eavesdropping and on-path tampering
with DNS queries. For a list of supporting client software, see the list
maintained by the DNS Privacy Project.
CONFIGURE YOUR CLIENT
* Android
* Google Chrome
* Mozilla Firefox
* Microsoft Edge
Android 9 (Pie) or newer has built-in support for DNS over TLS. To always use
the SWITCH Public DNS follow these steps:
1. Go to Settings→ Network & internet→ Advanced→ Private DNS
2. Select the Private DNS provider hostname option and enter:
dns.switch.ch
3. Click on SAVE
You can verify that you use the SWITCH Public DNS if you can reach the DNS
Firewall test landing page http://test.ph.rpz.switch.ch/
Chrome version 83 or newer has a DoH settings page (called "secure DNS" in
Chrome). Chrome has enabled "secure DNS" (DoH) by default and tries to use DoH
with your current service provider if supported. To use DoH with SWITCH Public
DNS follow these steps:
1. Go to Preferences... → Privacy and security → Security
2. Enable "Use secure DNS" and select the check box to use a "With Customised"
provider URL and enter: https://dns.switch.ch/dns-query
You can verify that you use the SWITCH Public DNS if you can reach the DNS
Firewall test landing page http://test.ph.rpz.switch.ch/
Firefox version 62 or newer has DoH support. Firefox does not yet use DoH by
default in Switzerland. To enable DoH support with SWITCH Public DNS follow
these steps:
1. Go to Preferences... → General → Networking Settings → Settings...
2. Enable the "Enable DNS over HTTPS" check box and enter the custom provider
URL:
https://dns.switch.ch/dns-query
3. Click on OK to save the setting
You can verify that you use the SWITCH Public DNS if you can reach the DNS
Firewall test landing page http://test.ph.rpz.switch.ch/
Microsoft Edge version 86 or newer has a DoH settings page (called "secure DNS"
in Edge). Edge has enabled "secure DNS" (DoH) by default and tries to use DoH
with your current service provider if supported. To use DoH with SWITCH Public
DNS follow these steps:
1. Go to Settings → Privacy, Search, and Services → Security
2. Enable "Use secure DNS to specify how to lookup the network address for
websites" and select the check box "Choose a service provider" and enter the
URL:
https://dns.switch.ch/dns-query
You can verify that you use the SWITCH Public DNS if you can reach the DNS
Firewall test landing page http://test.ph.rpz.switch.ch/
TERMS OF SERVICE
These terms of service only applies to users using the SWITCH Public DNS service
which are not SWITCH network users.
WHO MAY USE THE SERVICE
SWITCH Public DNS is a free (beta) service for any user. Business organisations
interested in using the service please contact us first.
ENDING THESE TERMS
You may end your legal agreement with SWITCH at any time by discontinuing your
use of the service.
SWITCH may block your access to the service if your usage disrupts or damages
the service or other systems as a result of your usage.
SWITCH reserves the right to end this public service for non-SWITCH network
users at any time.
JURISDICTION
The legal venue for all disputes arising in connection with these is Zurich.
Version: 6th April 2020
PRIVACY POLICY
This privacy policy describes the policies and procedures for the SWITCH Public
DNS service which provides DNS resolution service for stub resolvers (often
called clients), when used by non-SWITCH network users. SWITCH Public DNS
utilizes SWITCH DNS Firewall service where we temporarily block DNS resolution
to malicious websites (e.g. websites distributing malicious code or phishing
websites).
INFORMATION COLLECTION AND USE
SWITCH does not collect any DNS query data that is sent to the SWITCH Public DNS
from clients. However, we may temporarily collect such data during operational
service investigations. If so, this data will be deleted within 24 hours.
SWITCH stores resolver upstream responses from authoritative name servers for 24
hours. The following aggregated response data is indefinitely stored:
* Query Name, e.g. www.example.com
* Query Type, e.g. AAAA
* Query Answer Data, e.g. 2001:DB8::1
* First Seen Timestamp
* Last Seen Timestamp
* Number of Hits
SWITCH stores some performance related metrics (statistics) indefinitely in
order to assist in enhancing the overall performance of the service.
SWITCH DNS FIREWALL
For non-SWITCH network users, SWITCH does not collect nor share any DNS query
data pertaining to domain names that were blocked on that basis.
SWISS GAMBLING LAW "BGS (GELDSPIELGESETZ)"
SWITCH is required to block domain names listed in the block list by the Swiss
gambling law. For non-SWITCH network users, SWITCH does not collect nor share
any DNS query data pertaining to domain names that were blocked on that basis.
DATA SHARING
The SWITCH Public DNS service generates aggregated data from authoritative name
server responses (See Information Collection and Use). We may allow partners or
academic researchers to access this data.
Version: 22nd April 2020
1. Legal notice
2. Imprint
© 2024 for content at SWITCH