Switch Public DNS

The Switch Public DNS service is accessible using transport encryption protocols. Our servers are located in data centers in Zurich and Lausanne and provide low latency from within Switzerland.

In addition to an encrypted communication channel, the DNS resolver service provides, by default, the following security features:

• DNSSEC validation protects from forged or manipulated DNS data from upstream servers
• DNS Query Name Minimisation to improve privacy
• Switch DNS Firewall blocks access to infected or malicious websites and redirects users to a landing page

The DNS resolver service blocks domain names listed in the block list by the Swiss gaming law "Geldspielgesetz (BGS)". 

Host name (DoT):

• dns.switch.ch

URL (DoH):

• https://dns.switch.ch/dns-query

IP addresses:

• 130.59.31.248
• 130.59.31.251
• 2001:620:0:ff::2
• 2001:620:0:ff::3

Supported protocols:

• DNS over TLS (DoT) as defined in RFC 7858 on port 853/TCP
• DNS over HTTPS (DoH) as defined in RFC 8484 on port 443/TCP 

More and more client applications add support for encrypted DNS protocols. For example Androidhas built-in support and automatically upgrades to DoT if a network's DNS server supports it. Web browsers such as Mozilla Firefox or Chrome have added DoH support. We want to provide our users the ability to use our DNS servers when located outside the Switch network. Encrypted DNS protocols such as DoT or DoH provide privacy between the client application and the Switch DNS resolver. This eliminates opportunities for eavesdropping and on-path tampering with DNS queries. For a list of supporting client software, see the list maintained by the DNS Privacy Project.