Please read this first!
The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.
The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.
A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.
From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.
For actual reasons and because of many discussions I want to inform you about threat possibilities:
1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.
2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:
Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.
This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.
Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.
This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.
3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.
4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".
Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.
Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.
5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.
6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.
The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.
Thanks a lot to each single user!!

**************************************************************
Business inquires: Please see contact information section below.
***************************************************************
**************************************************************
Keweon quick start.
Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:
**************************************************************
**************************************************************
Available DNS servers (choose one primary and one secondary):
Main Servers:
IP: 176.9.62.58
IP: 176.9.62.62
or
IPv6: 2a01:4f8:150:8023::58
IPv6: 2a01:4f8:150:8023::62
Update November 28, 2018:
If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.
IPv4: 213.239.207.143
IPv6: 2a01:4f8:a0:8487::143
IPv4: 107.191.55.215
IPv6: 2001:19f0:6401:175d::215
These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.
**************************************************************
Available Server List for keweon Privacy & Security
(Server Edition keweonDNS v.6.80.280.LL)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
**************************************************************
**************************************************************
Keweon Root certificate (not required, but will suppress certificate errors):
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
>> CLICK HERE <<
MSI within a ZIP file:
>> CLICK HERE <<
For Android and iOS devices, also for Firefox and Mozilla Browser:
>> CLICK HERE <<
Certificate within a ZIP file:
>> CLICK HERE <<
For Admins to use it within Active Directory as REG file:
>> CLICK HERE <<
REG within a ZIP file:
>> CLICK HERE <<
If you want to have a "AllInOne Package" use this link please:
>> CLICK HERE <<
(End of Quick Start section)
**************************************************************
**************************************************************
About Keweon:
Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."
Keweon is more than a generic adblock system. Keweon does:
Advertising Blocking
Adware Protection
App Protection
Bandwidth Protection for Mobile Phones
Botnets Protection
Cryptoware Protection
Fake Online Shop Filter
Fake Software Protection
Malware Protection
Miningware Protection
Online Worms Protection
Pharming Protection
Phishing Protection
Popup Blocker
Privacy Protection
Ransomware Protection
Remote Keyloggers Protection
Rogue Security Software Protection
Spoofing Protection
Spyware Protection
Tracing Protection
Tracking Protection
Trojan Protection
Virus Protection
and a lot of other things
Things Keweon does not do or does not have:
Acceptible advertising exceptions
A Malware or virus scanner
Data collection
Keweon will:
Save bandwidth. Ads are blocked, not just hidden.
**************************************************************
**************************************************************
Basic instructions:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate (recommended, not required)
3. Change your Internet Router or your Mobile Device to use the servers
4. Reboot (Router and PC)
**************************************************************
**************************************************************
Trusted apps for changing DNS on your device:
- Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
- iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
- Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.
- Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/
**************************************************************
**************************************************************
FAQ:
1) Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
2) Here are some questions from Telegram users which might be interesting for you.
http://downloads.keweon.center/keweon/keweon_questionnaire.pdf
3) If you have questions - please ask!
**************************************************************
**************************************************************
Contact information:
If you want to send blacklists (things that should be blocked) please send them to: [email protected]
If you want to send whitelists (things that shouldn't be blocked) please send them to: whiteli.g2o05glywjq[email protected]
If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: [email protected]
Developer email: [email protected] (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)
**************************************************************
**************************************************************
New license terms because of the EU DSGVO/GDRP (25.05.2018):
Business and Corporate usage is not allowed without my written permission.
The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.
Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.
**************************************************************
Last edited: