[Closed] keweonDNS - now with improved Certificate (iOS, Mac & Android)

Status
Not open for further replies.
Search This thread
By:
Advanced…
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
Timmmmaaahh said:
Haha, that had me laughing all day.
I've been doing some gaming and browsing throughout the day on the AI infused blocking and it seems to be running fine! It sometimes loads a little longer but it's all ad-free and still connected when needed.

Wrapped with delicious Fajita [emoji896]
Click to expand...
Click to collapse

I never would compare my AI with a real AI because it's running here at home on MS-SQL Express. ;)

But hey, the logic is almost working and I'm pretty sure when someone with a real AI experience would see this then I'm pretty sure he would give me a head shoot.

For me at home my "results" are working pretty good and it was just to see where I need to adjust something. It's not perfect but now it's a 1000times better result then one year ago.

Because of the speed it's just a problem of the Database. The server are running near the limit and more is absolutly not possible at the moment. I was curious about the result and I must say I am fully satisfied with the result.

It's far from perfect, but a damn good start.
 
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
Huge Apple fix in progress

I'm able since a few days to cover now Apple related problems. I have seen that Apple devices have had a lot of problems by using keweon.

Because of a incredible donation from an unknown user I'm able now to test also Apple things. The fix is in progress and this evening all Apple problems should be fixed.

Personal note:
I don't know who you are because I was not able to find the sender of this present so let me say million times thanks for this at this way.
I was searching round about one week because I want to say thanks direct to you.

Whoever make this donation - I was really shocked and I hope you send me a PM. I'm still surprised about this bcause it's still incredible for me.
 
  • Like
Reactions: nussbaum, Mackie Messer, Blackeyedangel and 3 others
methuselah

methuselah

Senior Member
Aug 25, 2011
3,992
2,173
MrT69 said:
Can you provide me a link or URL to this?
The next week I'm on the road because of business duty so it might take some time until it's solved...
Click to expand...
Click to collapse
Messages are not getting connected. I mean it's Google messaging new feature. With nebula.
 

Attachments

  • Screenshot_Messages_20191202-192514.png
    Screenshot_Messages_20191202-192514.png
    182.3 KB · Views: 211
L

L1p1c1

Senior Member
Aug 9, 2016
307
70
heaven
keweonDNS for Windows

Download the QuickSetDNS from NIRSOFT and use it on Windows to change your DNS settings.
Currently it's only working with IPv4. Link to NirSoft is HERE

version 1.30 has support for ipv6 as well
 
  • Like
Reactions: MrT69
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
L1p1c1 said:
keweonDNS for Windows

Download the QuickSetDNS from NIRSOFT and use it on Windows to change your DNS settings.
Currently it's only working with IPv4. Link to NirSoft is HERE

version 1.30 has support for ipv6 as well
Click to expand...
Click to collapse

I will change the download Link next week and I will also add the IPv6 Server within the config.

Thanks a lot for monitoring ;)
 
  • Like
Reactions: L1p1c1
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
mucke5 said:
How can I configure unbound on Linux desktop (not server) including IPv4/IPv6 ? Is it possible :eek: ... up to know I run stubby.
Click to expand...
Click to collapse

Take a look at this page:

https://calomel.org/unbound_dns.html

or copy & paste to use this config:

Code: 
## DNS Over TLS, Simple ENCRYPTED recursive caching DNS, TCP port 853
## unbound.conf -- https://calomel.org
## FreeBSD 12 unbound config
#
server:
  access-control: 10.0.0.0/8 allow
  access-control: 192.168.0.0/16 allow
 #access-control: fddd::/48 allow
  aggressive-nsec: yes
 #auto-trust-anchor-file: /usr/local/etc/unbound/root.key
  cache-max-ttl: 14400
  cache-min-ttl: 1200
  chroot: /usr/local/etc/unbound
  directory: /usr/local/etc/unbound
  do-ip4: yes
  do-ip6: yes
  do-tcp: yes
  hide-identity: yes
  hide-version: yes
  interface: 127.255.10.10
  interface: ::2
  pidfile: /var/run/local_unbound.pid
  port: 53
  prefetch: yes
  rrset-roundrobin: yes
  tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
  use-caps-for-id: yes
  username: unbound

  # Unbound from pkg built with libevent; increase threads and slabs to the
  # number of real cpu cores to reduce lock contention. Increase cache size to
  # store more records and allow each thread to serve an increased number of
  # concurrent client requests.
# num-threads: 4
# msg-cache-slabs: 4
# rrset-cache-slabs: 4
# infra-cache-slabs: 4
# key-cache-slabs: 4
# msg-cache-size: 256M
# rrset-cache-size: 512M
# outgoing-range: 8192
# num-queries-per-thread: 4096

 # forward-addr format must be ip "@" port number "#" followed by the valid public hostname
 # in order for unbound to use the tls-cert-bundle to validate the dns server certificate.
 forward-zone:
   name: "."
   forward-tls-upstream: yes
   forward-addr: 1.0.0.1@853#one.one.one.one
   forward-addr: 1.1.1.1@853#one.one.one.one
   forward-addr: 8.8.4.4@853#dns.google
   forward-addr: 8.8.8.8@853#dns.google
   forward-addr: 9.9.9.9@853#dns.quad9.net
   forward-addr: 149.112.112.112@853#dns.quad9.net


If you have problems by using this config then let me know. But it's quite easy for local usage.

Install unbound, copy and pase this config. Restart unbound and it's working. Now point you network card to DNS at 127.255.10.10 (v4) or ::2 (v6) .

That's it. Your NIC is asking unbound and unbound is forwarding all requests encrypted. When this is done then you can change the IP Address to keweonDNS. Just change the "forwrd-addr" and that's it.
 
M

mucke5

Member
Mar 7, 2011
8
2
MrT69 said:
Take a look at this page:

https://calomel.org/unbound_dns.html

If you have problems by using this config then let me know. But it's quite easy for local usage.

Install unbound, copy and pase this config. Restart unbound and it's working. Now point you network card to DNS at 127.255.10.10 (v4) or ::2 (v6) .

That's it. Your NIC is asking unbound and unbound is forwarding all requests encrypted. When this is done then you can change the IP Address to keweonDNS. Just change the "forwrd-addr" and that's it.
Click to expand...
Click to collapse

Could you offer a ready-to-use config like you do for QuickSetDNS, please? I would be surprised if you didn't optimize some settings... :D
 
  • Like
Reactions: MrT69
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
mucke5 said:
Could you offer a ready-to-use config like you do for QuickSetDNS, please? I would be surprised if you didn't optimize some settings... :D
Click to expand...
Click to collapse

Thanks a lot for this but I must pass. Unbound is almost a tiny DNS genius because it's supports DNS, DoT and even DnsCrypt.

I have a almost 5 yrs old config for Unbound and this is for FreeBSD. I guess this will not really help because it only supports DNS.

If you want to teach yourself then use Unbound. From my point of view it's the best DNS for tiny and middle size environments.
 
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
MoHuToP said:
From 01.12.19 connection thorough keweon is really lightning fast. Any recent changes?

Regards!
Click to expand...
Click to collapse

At the moment I'm playing around with some new caching thing. Inspired from a funny CISCO features I have developed a new acceleration thing which make it possible to reduce the response time to DNS requests by round about 50%. It seems I'm on the right way.

Thanks for this feedback!!!!
 
  • Like
Reactions: n0j0e, Scalpos, AntonVermeulen and 9 others
T

totalcmdext

Inactive Recognized Developer
Feb 7, 2006
1,228
82
Nokia 8.3 5G
Android TV

The cert isn't possible to installed in the AndroidTV. I suppose that there is specific layout for AndroidTV compared to Android.

Nebulo with keweon DNS is running without any problem.....
 
  • Like
Reactions: MrT69
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
totalcmdext said:
Android TV

The cert isn't possible to installed in the AndroidTV. I suppose that there is specific layout for AndroidTV compared to Android.

Nebulo with keweon DNS is running without any problem.....
Click to expand...
Click to collapse

No, there you can't install any cert. I have the same on my Samsung TV and there it is running also without problems.

I guess I need a Firestick or something else to log out what's the problem in detail.

EDIT:
I was taking a look at the Android TV site. Is it possible to run Android TV without a stick just on a Android Tablet???
 
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
Now, for actual reasons I need your help please.

If there is a website about keweon, what should there be to find? What are you interested in, where do you need basics and what can you think is technically hard and deep?

Please give me some feedback what you want to see.
 
  • Like
Reactions: O l l i X
O

O l l i X

Senior Member
May 12, 2018
53
56
MrT69 said:
Now, for actual reasons I need your help please.

If there is a website about keweon, what should there be to find? What are you interested in, where do you need basics and what can you think is technically hard and deep?

Please give me some feedback what you want to see.
Click to expand...
Click to collapse


Ddwrt / openwrt setup, and a list of up to date ip's..
-Oh, and a little light thinguie.. Red, yellow and green, to see what the real time status is like.. ?

Btw, is there problems at the moment? Either that, Or I have some local issues.. ?

Thanks again! ❤️
 
  • Like
Reactions: AntonVermeulen and MrT69
MrT69

MrT69

Senior Member
May 9, 2006
1,748
4,422
54
Königsbrunn
www.keweon.de
O l l i X said:
Ddwrt / openwrt setup, and a list of up to date ip's..
-Oh, and a little light thinguie.. Red, yellow and green, to see what the real time status is like.. ?

Btw, is there problems at the moment? Either that, Or I have some local issues.. ?

Thanks again! ❤️
Click to expand...
Click to collapse

Thanks for this. And it must be a local problem.
It also might be that this is sometimes a provider issue because the Servers are almost virtual, the entire backend is virtual and it's just a provider connect, not a carrier connect.
 
  • Like
Reactions: Frunzdoedel, O l l i X and AntonVermeulen
Status
Not open for further replies.

Similar threads

Snoop05
[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3
Replies
2K
Views
7M
McAsia
McAsia
fivefour
OUTDATED - [MOD] CrossBreeder - Lag-/Entropy+/DNS+/Tether+/Ads-/Censors-/.bit support!!
Replies
7K
Views
2M
fivefour
fivefour
shimp208
[TOOL]Minimal ADB and Fastboot [2-9-18]
Replies
982
Views
5M
sinommo
sinommo
B
[UTIL][WIN][MT65xx] MTK Droid Root & Tools | MediaTek Android Smartphone
Replies
2K
Views
3M
A
allyalla
BSDgeek_Jake
  • Poll
MoaAB: Mother of All AD-BLOCKING > BLOCKS ADware Malware Spyware Bloatware Ransomware
Replies
5K
Views
2M
J
jonatansuarez

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 248
    MrT69
    MrT69
    Please read this first!


    The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.

    The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.

    A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.

    From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.

    For actual reasons and because of many discussions I want to inform you about threat possibilities:


    1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.​


    2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:

    Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.

    This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.​


    3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.


    4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".


    Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.


    5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.

    6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.​


    The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.


    Thanks a lot to each single user!!





    keweonShield.png





    **************************************************************

    Business inquires: Please see contact information section below.

    ***************************************************************


    **************************************************************

    Keweon quick start.
    Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:

    **************************************************************


    **************************************************************

    Available DNS servers (choose one primary and one secondary):

    Main Servers:
    IP: 176.9.62.58
    IP: 176.9.62.62

    or

    IPv6: 2a01:4f8:150:8023::58
    IPv6: 2a01:4f8:150:8023::62
    Click to expand...
    Click to collapse


    Update November 28, 2018:

    If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.

    IPv4: 213.239.207.143
    IPv6: 2a01:4f8:a0:8487::143

    IPv4: 107.191.55.215
    IPv6: 2001:19f0:6401:175d::215
    Click to expand...
    Click to collapse

    These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.

    **************************************************************

    Available Server List for keweon Privacy & Security
    (Server Edition keweonDNS v.6.80.280.LL)

    Australia / Sidney: (vServer)
    k1ns-au-001.keweon.center
    45.76.125.130
    2001:19f0:5801:b45::130

    France / Paris: (vServer)
    k1ns-fr-001.keweon.center
    45.77.62.37
    2001:19f0:6801:95e::37

    Germany / Frankfurt (vServer)
    k1ns-de-001.keweon.center
    104.207.131.11
    2001:19f0:6c01:61f::11

    India / Bangalore (vServer)
    k1ns-in-001.keweon.center
    IPv4: 139.59.33.236
    IPv6: 2400:6180:100:d0::30d:5001

    Japan / Tokio (vServer)
    k1ns-jp-001.keweon.center
    45.77.25.72
    2001:19f0:7001:22a8::72

    Netherland / Amsterdam (vServer)
    k1ns-nl-001.keweon.center
    45.77.138.206
    2001:19f0:5001:d8d::206

    Singapore / Singapore: (vServer)
    k1ns-sp-001.keweon.center
    45.76.151.221
    2001:19f0:4400:4f31::221

    UK / London (vServer)
    k1ns-lon-001.keweon.center
    45.32.183.39
    2001:19f0:7402:a61::39

    USA / Dallas (vServer)
    k1ns-tx-001.keweon.center
    45.76.57.41
    2001:19f0:6401:9ed::41

    USA / New Jersey (vServer)
    k1ns-ny-001.keweon.center
    45.77.144.132
    2001:19f0:5:2962::132

    USA / Silicon Valley (vServer)
    k1ns-sv-001.keweon.center
    45.32.140.26
    2001:19f0:ac01:639::26
    **************************************************************


    **************************************************************
    Keweon Root certificate (not required, but will suppress certificate errors):

    http://pki.keweon.center

    For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
    >> CLICK HERE <<

    MSI within a ZIP file:
    >> CLICK HERE <<

    For Android and iOS devices, also for Firefox and Mozilla Browser:
    >> CLICK HERE <<

    Certificate within a ZIP file:
    >> CLICK HERE <<

    For Admins to use it within Active Directory as REG file:
    >> CLICK HERE <<

    REG within a ZIP file:
    >> CLICK HERE <<

    If you want to have a "AllInOne Package" use this link please:
    >> CLICK HERE <<


    (End of Quick Start section)

    **************************************************************


    **************************************************************
    About Keweon:

    Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."

    Keweon is more than a generic adblock system. Keweon does:

     Advertising Blocking
     Adware Protection
     App Protection
     Bandwidth Protection for Mobile Phones
     Botnets Protection
     Cryptoware Protection
     Fake Online Shop Filter
     Fake Software Protection
     Malware Protection
     Miningware Protection
     Online Worms Protection
     Pharming Protection
     Phishing Protection
     Popup Blocker
     Privacy Protection
     Ransomware Protection
     Remote Keyloggers Protection
     Rogue Security Software Protection
     Spoofing Protection
     Spyware Protection
     Tracing Protection
     Tracking Protection
     Trojan Protection
     Virus Protection
     and a lot of other things

    Things Keweon does not do or does not have:
     Acceptible advertising exceptions
     A Malware or virus scanner
     Data collection

    Keweon will:
     Save bandwidth. Ads are blocked, not just hidden.

    **************************************************************


    **************************************************************

    Basic instructions:

    1. Take the DNS Servers
    2. Install the keweon Adblock Root Certificate (recommended, not required)
    3. Change your Internet Router or your Mobile Device to use the servers
    4. Reboot (Router and PC)

    **************************************************************


    **************************************************************

    Trusted apps for changing DNS on your device:

    - Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger

    - iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093

    - Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.

    - Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/

    **************************************************************


    **************************************************************
    FAQ:

    1) Does my traffic runs trough the keweon System?

    Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.

    2) Here are some questions from Telegram users which might be interesting for you.

    http://downloads.keweon.center/keweon/keweon_questionnaire.pdf


    3) If you have questions - please ask!
    **************************************************************


    **************************************************************

    Contact information:

    If you want to send blacklists (things that should be blocked) please send them to: blackli.wovqusywx173aog9@u.box.com

    If you want to send whitelists (things that shouldn't be blocked) please send them to: whiteli.g2o05glywjqt8zfy@u.box.com

    If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: site-error@keweon.center

    Developer email: torsten.jahnke@keweon.com (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
    This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)

    **************************************************************


    **************************************************************

    New license terms because of the EU DSGVO/GDRP (25.05.2018):

    Business and Corporate usage is not allowed without my written permission.
    The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.

    Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.

    **************************************************************
    View
    52
    MrT69
    MrT69
    How to use keweon?

    It's very easy:

    1. Take the DNS Servers
    2. Install the keweon Adblock Root Certificate ( <<< THIS IS ONLY A RECOMMENDATION)
    3. Change your Internet Router or your Mobile Device to it
    4. Reboot (Router and PC)
    5. Done! That's it.
    6. See the Internet within a never seen way

    In the meantime the keweon AdBlock Root Certificate has more than 4 Millions global downloads. This certificate is not required but for a few websites it is mandatory.
    This certificate will only surpress the certificate errors. Not all of them because I'm still working on this.

    On iOS Devices just open Safari. With Android use the default Browser and go to http://pki.keweon.center and after 3 sec. the download of the certificate will start. JUST THE DOWNLOAD!! You need to install it by yourself. More facts about the keweon Root Certificate will comming soon on the website.


    Test the DNS Servers within this List and choose the one which is the fastest for you:

    https://xdaforums.com/android/software-hacking/keweon-privacy-online-security-t3681139#6


    How to use it on Android devices:

    Use an App of your choice or use this. I also use this app and from my point of view this is the worldwide best App to change the DNS settings on Android devices. No Root Access is required. The developer is from Germany and I have had a good contact to him. The app is free of charge and also free of advertising. The source code for this app is also available on GitHub. If you have troubles with it or want to have additonal features than contact the developer. He would be happy about every feedback.

    https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger


    How to use it on iOS/Apple devices:

    All my iOS Tester using this App. If you have a better one or you are able to translate the Android App to XCode - your welcome.

    https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093


    You are using Chrome and the DNS thing is not working? (thanks a lot @NamitNayan for this info)

    Google wants to prevent Adblocking via DNS. Therefore they have enabled an experimental Switch by default to prevent DNS blocking.
    Take a look at here if it's not working >>> HERE <<< and fix the problem within seconds.

    View
    50
    MrT69
    MrT69
    keweonDNS & installation Information

    ALL keweonDNS Servers:

    Version: DoT Server - DNS over TLS (updated 03/21/2019)
    Used Certificate: Let'sEncrypt Certificate
    Server Address: dot.asecdns.com
    Port: 853 & 443
    IP Addresses:
    dot.asecdns.com (159.69.48.240 - HETTNER RZ Falkenstein)
    dot.asecdns.com (116.203.117.199 - HETTNER RZ Nuernberg)
    dot.asecdns.com (95.216.192.253 - HETTNER RZ Helsinki)
    dot.asecdns.com (2a01:4f8:1c17:6e44::240 - HETTNER RZ Falkenstein)
    dot.asecdns.com (2a01:4f8:c2c:491::199 - HETTNER RZ Nuernberg)
    dot.asecdns.com (2a01:4f9:c010:3071::253 - HETTNER RZ Helsinki)

    Version: DoH Server - DNS over HTTPS (updated 03/21/2019)
    Used Certificate: Let'sEncrypt Certificate
    Server Address: doh.asecdns.com/nebulo
    Port: 443
    IP Addresses:
    doh.asecdns.com (159.69.49.250 - HETTNER RZ Falkenstein)
    doh.asecdns.com (116.203.126.207 - HETTNER RZ Nuernberg)
    doh.asecdns.com (95.216.165.29 - HETTNER RZ Helsinki)
    doh.asecdns.com (2a01:4f8:1c17:6fc7::250 - HETTNER RZ Falkenstein)
    doh.asecdns.com (2a01:4f8:c2c:e25::207 - HETTNER RZ Nuernberg)
    doh.asecdns.com (2a01:4f9:c010:1cbd::29 - HETTNER RZ Helsinki)


    Version: keweonDNS v.6.80.280.LL (updated 03/21/2019)

    Australia / Sidney: (vServer)
    k1ns-au-001.keweon.center
    45.76.125.130
    2001:19f0:5801:b45::130

    France / Paris: (vServer)
    k1ns-fr-001.keweon.center
    45.77.62.37
    2001:19f0:6801:95e::37

    Germany / Frankfurt (vServer)
    k1ns-de-001.keweon.center
    104.207.131.11
    2001:19f0:6c01:61f::11

    India / Bangalore (vServer)
    k1ns-in-001.keweon.center
    IPv4: 139.59.33.236
    IPv6: 2400:6180:100:d0::30d:5001

    Japan / Tokio (vServer)
    k1ns-jp-001.keweon.center
    45.77.25.72
    2001:19f0:7001:22a8::72

    Netherland / Amsterdam (vServer)
    k1ns-nl-001.keweon.center
    45.77.138.206
    2001:19f0:5001:d8d::206

    Singapore / Singapore: (vServer)
    k1ns-sp-001.keweon.center
    45.76.151.221
    2001:19f0:4400:4f31::221

    UK / London (vServer)
    k1ns-lon-001.keweon.center
    45.32.183.39
    2001:19f0:7402:a61::39

    USA / Dallas (vServer)
    k1ns-tx-001.keweon.center
    45.76.57.41
    2001:19f0:6401:9ed::41

    USA / New Jersey (vServer)
    k1ns-ny-001.keweon.center
    45.77.144.132
    2001:19f0:5:2962::132

    USA / Silicon Valley (vServer)
    k1ns-sv-001.keweon.center
    45.32.140.26
    2001:19f0:ac01:639::26

    Physical Instance:

    Germany / Falkenstein
    k1-de-058-fsn.keweon.center (Physical)
    176.9.62.58
    2a01:4f8:150:8023::58
    and
    176.9.62.62
    2a01:4f8:150:8023::62

    DNS Server to use with keweon Adblock Root Certificate:
    This Servers block in addition:
    - pixel.facebook.com
    - Amazon data collection and advertising
    - more things which are normally not possible will coming soon step by step

    Germany / Nuernberg
    k1-de-143-nbg.keweon.center (Physical)
    213.239.207.143
    2a01:4f8:a0:8487::143

    USA / Dallas - Texas
    k1-ns2-us02.keweon.center (vServer)
    107.191.55.215
    2001:19f0:6401:175d::215

    (Updated at 21. March 2019)
    View
    44
    MrT69
    MrT69
    Technical Details

    Public available DNS:

    Take a look at this thread:
    https://xdaforums.com/showpost.php?p=73985083&postcount=6

    Background System:

    The current system needs 42 Server (!) in the Background that everything is working.
    Actually the entire infrastructure is hosted on 5 different providers.

    How does it work?

    The entire System works with several Servers. Ubuntu, FreeBSD 11 and my own build Operation System based on UNIX is installed. The entire developement and all source codes are not public available. There is more than 14 yrs of work inside.


    Current Blacklist size:

    39.585.224 Domains (export to TXT)
    Current Virus/Ransomware Blacklist size:
    18.853.587 Domains (export to TXT)


    Current Blacklist contains:

    Tracker, Malware, Spyware, Adware, Advertising, Poison Websites Fake Software (Adobe Flash Updates which is in real Malware/Virus) & a few false/positive Sites.
    To cover all HTTPS errors because a lot of Advertising Vendors display and spread this crap via https to the world I have created the keweon Root Certificate. Allmost every Malware and Spyware will be installed via HTTPS. The Root Certificate is only responsible to suppress all https error messages for all this Advertising and poison things.


    Which Systems are working and acting with keweon?

    The keweon System is tested on almost every Operation System and Devices (iOS, Android, Xbox, Playstation, Samsung TV, etc... ) It's currently running within 3 companies because I know the Admins there. You can use it within you private environment but please DO NOT USE it within a Business environment.


    Why I can't use it within a Business environment?

    There are 2 reasons for it.

    1. I want that the entire system becomes free for private and personal usage and I already have requests from Companies and even from the Public Sector that they are interested about to use the System. As long as there are too many error within the System I don't have the option to sell this as an Business solution. That's the deal.

    2. Private for free, Business needs to license it. Of cause, the current system needs to be a bigger and stable system..


    Does my traffic runs trough the keweon System?

    Not even one byte from you or your device will flows through my servers. Also the same with the HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
    It would not make any sense that I drop all this crap traffic, blame to the advertising Industrie and I do exactly this things which I want to prevent?
    Btw... This fact was also the problem why I have had no success with investors. They want that I enable data sniffing or user sniffing but I would rather throw away the entire system & developement than doing what they want.

    View
    39
    MrT69
    MrT69
    I need your help and support

    1. Support me with Black and White lists

    It’s veryimportant to know that keweonDNS will NEVER (!) do a censorship of the Internet. If you want to have i.e. Facebook blocked via HOSTS file, it’s up to you. But this will never be done via keweonDNS. I have other plans with porn and violence but this is a stage with keweon kidsafe which is currently far, far away.

    IMPORTANT:

    Any list you want to send to me has to be send as an attachment within an EMail. I will give you a short example for this.

    If you have a Raspberry PI and you have a real cute blacklist than copy all the addresses (or URL’s) into a TXT file and send it to me via mail. The same with some important whitelists. Don't care about the size.

    Don’t copy the addresses or URL's into Subject or Body of this Mail because this will never arrive. I don’t want to track and check all the mails and for security reasons only attachments will be processed. Please make sure you only send ZIP files that contains the TXT file or send native TXT files. Everything else will be dropped for security reasons. Don’t care about double entries and it doesn’t matters if you send the same TXT file 5 or 10 times again and again.

    Websites which contains errors or Whitelist needs to be processed within the same way. Send the TXT or ZiP – that’s it.

    If you want to send blacklists please send them to: blackli.wovqusywx173aog9@u.box.com

    If you want to send whitelists please send them to: whiteli.g2o05glywjqt8zfy@u.box.com


    2. Support me with false/positive on keweonDNS

    If you open a Site and this site stay blank than copy the URL into a TXT file and send it to me. You do not need to collect them. If you send me 50 or 100 Mails and each of them contains only 1 link or address this doesn't matters.

    If you want to send URL’s or Links which are blocked and should be not blocked then send them to: whiteli.g2o05glywjqt8zfy@u.box.com

    If you open a Website and this site looks some kind of strange because of missing CSS & other pretty Website things than take the URL, copy to TXT and send this TXT to: site-error@keweon.center


    3. Router Compatibility:

    With a lot of SOHO Router it is possible to change the IPv6 and IPv4 default DNS Server Address. But there are are also a lot of Router outside where this is not possible.
    If you can provide some instructions and screenshots within a PDF I will release this on the Webpage. I have the experience that the AVM FritzBox sometimes will work and sometimes not. That is related to the fact that the Provider support IPv6 and you are only able to change the IPv4 DNS Server Address. With the tiny tool "FBEDITOR" it should be possible to change also the default IPv6 DNS Server Address on AVM Boxes.

    German Telekom Router are also a peace of crap. There you can change nothing except the Password and the WLAN key. The work arround by selecting "Different Provider" (anderer Anbieter) where you can set manualy the DNS Server will not work.

    Unfortunately I only have CISCO, LINKSYS and ASUS Hardware running with i.e. DD-WRT. I appreciate if you can help me with creating instructions how to change DNS v4 & v6 settings on your Home/SOHO/Wireless Router. No rush on this because all this instructions will be released on the Website.


    Million thanks in advance!
    View

New posts