Switch Public DNS

Public DNS resolver (beta) for the Swiss Internet community

The Switch Public DNS service is accessible using transport encryption protocols. Our servers are located in data centers in Zurich and Lausanne and provide low latency from within Switzerland.

In addition to an encrypted communication channel, the DNS resolver service provides, by default, the following security features:

  • DNSSEC validation protects from forged or manipulated DNS data from upstream servers
  • DNS Query Name Minimisation to improve privacy
  • Switch DNS Firewall blocks access to infected or malicious websites and redirects users to a landing page

The DNS resolver service blocks domain names listed in the block list by the Swiss gaming law "Geldspielgesetz (BGS)". 


Host name (DoT):

  • dns.switch.ch

URL (DoH):

  • https://dns.switch.ch/dns-query

IP addresses:

  • 2001:620:0:ff::2
  • 2001:620:0:ff::3

Supported protocols:

  • DNS over TLS (DoT) as defined in RFC 7858 on port 853/TCP
  • DNS over HTTPS (DoH) as defined in RFC 8484 on port 443/TCP 


More and more client applications add support for encrypted DNS protocols. For example Androidhas built-in support and automatically upgrades to DoT if a network's DNS server supports it. Web browsers such as Mozilla Firefox or Chrome have added DoH support. We want to provide our users the ability to use our DNS servers when located outside the Switch network. Encrypted DNS protocols such as DoT or DoH provide privacy between the client application and the Switch DNS resolver. This eliminates opportunities for eavesdropping and on-path tampering with DNS queries. For a list of supporting client software, see the list maintained by the DNS Privacy Project. 

Configure your Client

Terms of Service

These terms of service only applies to users using the Switch Public DNS service which are not Switch network users. 


This privacy policy describes the policies and procedures for the Switch Public DNS service which provides DNS resolution service for stub resolvers (often called clients), when used by non-Switch network users. Switch Public DNS utilizes Switch DNS Firewall service where we temporarily block DNS resolution to malicious websites (e.g. websites distributing malicious code or phishing websites).