Encrypted DNS, profile-based filtering, and zero guesswork.
When you subscribe, you receive a unique Client ID. This Client ID determines which filtering profile is applied to your DNS queries.
There is no account login, no dashboard, and no per-device configuration. The Client ID is your configuration.
You configure your device, operating system, or router to use DNS over HTTPS (DoH) or DNS over TLS (DoT), including your Client ID in the endpoint.
Plain DNS on port 53 is not supported. All DNS traffic is encrypted by design.
On Apple devices, duzz DNS can be configured using a configuration profile (.mobileconfig). This allows DNS over HTTPS to be set up with a single installation.
The profile contains your unique Client ID and configures encrypted DNS system-wide. No apps, VPNs, or background services are required.
Once installed, all DNS requests from the device are securely routed through duzz DNS using the filtering profile associated with your Client ID.
Configuration profiles are signed and handled by the operating system. duzz DNS does not gain device management access and cannot see or control anything beyond DNS traffic.
When your device makes a DNS request:
This happens in real time and requires no client software.
Filtering is based on well-maintained blocklists and DNS-level rules. Depending on your subscription, this may include:
Profiles are applied server-side. Switching devices does not require reconfiguration beyond using the same Client ID.
duzz DNS is hosted on redundant servers in the EU. Multiple endpoints are available to ensure availability.
No single device or IP address is required. The service works equally well on phones, laptops, and routers.
DNS queries are processed only to provide the service. We do not sell data, inject ads, or build marketing profiles.
For details on data handling and retention, see the privacy page.