keweonDNS - now with improved Certificate (iOS, Mac & Android)

Search This thread

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
keweon & HOLA

keweon now supports hola VPN


I fully support from this week HOLA VPN. The entirey Apps and Plugins are free of charge. Unfortunately I have no contact to them. If one of you can help - let me know.

How do I support?

For example, BBC.CO.UK is now AdFree within the streams and also Pandora Radio. I have had tested a view things but the entire test is now up to all of you.

Have fun, report errors when you see them and enjoy your Weekend!
 

kima09

Senior Member
Jan 20, 2014
137
27
Aizawl

If you want to use IPv4:

Primary DNS: 137.74.155.255 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY
Secondary DNS: 213.32.112.244 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY

or

Primary DNS: 51.254.188.221 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY
Secondary DNS: 213.32.112.244 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY

What do you mean by 'Will be dropped until 20 Nov'? Do you mean this dns is currently not down and will be lived on 20? Or it is currently live and will be dropped by 20 Nov?
I need to use IPv4,
 

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
What do you mean by 'Will be dropped until 20 Nov'? Do you mean this dns is currently not down and will be lived on 20? Or it is currently live and will be dropped by 20 Nov?
I need to use IPv4,

I didn't expect some complains ;)
Can you check if one of this server is working for you?

https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6

If not, let me know why the other one's better.

I have problems with this servers, because one is an OpenVZ based VPS. Own kernel is not possible and because of this my security template will only run into errors.
The other one seems to be damn slow (from Germany) and until today I haven't received any Informations if the server is working or is it in use at all.

Btw...

Every Server is working with IPv6 and IPv4. I hope so because I only have IPv4 from my provider at home. Until today they are not able to offer an IP6 AND IP4 Address.
 
Last edited:
  • Like
Reactions: Wmbruckner

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Why you should use keweonDNS and recommed to your friends?


I'm so proud when I see the traffic on current all available DNS Servers. That will show that the system is in use.

I know that there are still some errors. Things are sometimes not working but I'm on the way to sort out all the errors. During the last week I have received 139.809 wrong blocked domains. At this point let me say thanks to all supporter.

But keep in mind that not every error which happens is my fault. For actual reasons I will give you 2 examples:


1. Homebanking App IngDiba - Romania

With kindly agreement from XDA User dodobila I will show you what this App contains. He has found this "bug".

By using keweonDNS on his mobile phone the App shows an error because it can't contact the Server. Problems on Banking or similar sensitive accounts is a nightmare for me. I don't want that anyone has the feeling that I'm try to do evil things.

Now, with keweonDNS this error happens.

apperror.png


After a tripple check I have found out that this error will only happens if this URL's are blocked:

Code:
bttrack.com
googleads.g.doubleclick.net
pagead46.l.doubleclick.net
partnerad.l.doubleclick.net
securepubads.g.doubleclick.net
stats.l.doubleclick.net
tcp.googlesyndication.com
www-google-analytics.l.google.com
www.google-analytics.com
www.googletagservices.com

I have checked this triple times and I finally created a test system which contains only this addresses to double check this. I told this to dodobila and a few seconds later he was asking by mail the Bank why google is build in within the App.

The answer was incredible:

IngDiba-email.png


Translated to english this would mean:

Hello!
For technical reasons we can not specify how the HomeBank application uses Google Service. We can only confirm that these services are used for security reasons and to have a better performance than other applications, these aspects being the definition in the choice made.

After this mail me and dodobila was shocked and he was asking for a second time what this should be.

The next - and last answer - was (translated to english):

ing-diba2ndmail.jpg


Hello!
Certain functionalities do not work without the technologies provided by these companies. As I have confirmed to you in the previous mail, we can not specify the technical aspects used by the HomeBank App.

Have a good day,

All this addresses where not visible with "Packet Capture" (PlayStore) so this would mean the detected addresses are deep hidden into the App. Reverse Engineering is unfortunately forbidden by Law in Germany so I have no clue how they have done it.

The Google Systems are I/O Online Analytics System. Put Data in, they will somehow use it for some process and then they will forward it to whatever. Think about personalized advertising. Search something within the Internet and the next 3 Month you will get so many advertising about this.

I also have no clue about other Apps from IngDiba. Because of this you can be sure that I never would eihter use the App or the Bank itself. I would never trust someone who decide to use Google AdServer for security reasons.

Feel so free and test it. Every feedback is welcome. But be carefull because on mails from dodobila now the Bank seems not longer responding. Thanks also a lot to him!!



2. DieBahn App - Germany

DieBahn App is the German information App about public train traffic. Good thing because sometimes it's working and sometimes you get valid data.

Bad thing that you can pay your Train tickets via this app. With keweon you will also get an error that this app is not working because the communication to the "Deutsche Bahn Server" is blocked. This happens when you try to pay a ticket via the App. Within the Browser it seems everything is working withou a problem.

This is in simple words a real lie and they cheat there customers. This error happens because the communication to dpm.demdex[.]net is blocked.

Who is demdex?

Demdex was aquired by Adobe at 18. January 2011 for round about 58 Million US$. If you check the Domain by Virustotal and other online Security Portals you will see that they still send out Malware, Spyware and even SMS Spyware things.

Different payment portals even the one from Adobe using this Gateway for payment. Also the "Deutsche Bahn" - but why the hell they are telling the user that the "communication to the Deutsche Bahn Server is interupted"?

Why they are routing the online payment over a Virus/Malware/Spyware Gateway? Why they are telling the user that the communication to there own server is blocked which is in fact a lie because this is not the "Deutsche Bahn Server"? It's now up to all of you to ask them this question.

Keep in mind, currently I'm working alone on this system. I don't have the resources to do other things. Deeper investigations. Harder blacklists. Less errors.

But I guess it's good enough to show you how the dark side is working. This is the sense of keweon. I just want to have a better and safer Internet and it's up to you to decide. It's your system. It's your choice. It's your decision.

Hope you still enjoy keweon and I also hope that you will now understand that not every error which will happens by using keweonDNS is a big error.

Best regards from germany & have a nice Sunday evening!
 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Update for you:

1. Bugfix for https Advertising (works only with keweon Adblock Cert)

2. Adjust the Redirect detection. It seems the other side is not sleeping.

3. Still a bug in aggressive Javascript Popups. The windows is bouncing but it is much more easy to close it now for you. Who the hell decide that this crap is a good idea for advertising??

4. Working on Google Advertising. They have implemented some new and funny features. It seems I can solve this with the current System. The Advertising Links on Google search result are sometimes still a problem.

5. Facebook has also a professional advertising Network. The investigation is in progress and I'm pretty sure I can get rid of the entire Advertising from them.

5. Samsung App Store not proper working. In Germany it's working but other countries claims they have problems.

6. Beta Lists with a lot of false positive still within the system. Database for a "Global GoLive" System is in progress. Expecting to move it in production February 2018. Still waiting for false/positive Emails from your site.

7. The current serves are really not so fast. I hope they are good enough to show how everything is working. The average Traffic doubles from last week to this week. The average traffic is at 12 MB per Day. Each request from your site is round about 90 bytes.

9. Moved "keweon Deep Ads Filter" from Alpha to Beta status. For example, YouTube is entirely free of Advertising. Nothing. Even when they change something the System will take notice about this and adjust itself. Seems not to be a cute thing at the moment but this becomes important for "keweon kidSafe" - Porn and violence free internet for Kids, Schools and Teenager. Now you can imagine what will come.

10. Some cute things are also under developement. Currently the focus is on the website to explain more details to all of you.

Let me say thanks again at this point to everyone who use and support keweon. Thanks a lot to each one of you!

Have a nice weekend!
 

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Server Update

The Server in Atlanta is a dedicated Unit with 2 Xeon CPU and 24 GB RAM.
Thanks to the donator.

This entire keweonDNS System is only for private and personal usage. It is not allowed to use the System within a Business environment.
For any damages and problems within Active Directory or other core systems by using keweonDNS within a business production environment I assume no liability for any damages.
 
Last edited:

laura almeida

Senior Member
Jun 30, 2013
1,053
3,087
Toronto
As of November 27, 2017 - 22:30 CET

Australia / Sidney:
45.76.125.130 - Timeout

France / Paris:
45.77.62.37 - Timeout

France / Roubaix:
137.74.155.255 - Timeout

France / Roubaix:
51.254.188.221 - Timeout

France / Roubaix:
213.32.112.244 - Working

Germany / FFM
104.207.131.11- Timeout

Japan / Tokio
45.77.25.72 - Timeout

Netherland / Amsterdam
45.77.138.206 - Timeout

Singapore / Singapore:
45.76.151.221 - Timeout

UK / London
45.32.183.39 - Timeout

US / Atlanta
107.189.45.250 - Working

USA / Dallas
45.76.57.41 - Timeout

USA / New Jersey
45.77.144.132 - Timeout

USA / Silicon Valley
45.32.140.26 - Timeout
 

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
laura almeida;74659576]As of November 27, 2017 - 22:30 CET

Australia / Sidney:
45.76.125.130 - Timeout

....


I have done a complete reboot on the entire Infrastructure down to the root Servers.
It seems everything is back again.

The problem is that everything is based on VPS and currently it's all at the same provider.
Sorry & million thanks to you!!!!!
 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Some facts

Thanks to all users for being patient and using the keweon System. Here are some facts about the last month.

The Data usage overview (inbound) from the DNS Servers:

New Jersy - 160 MB
Dallas - 210 MB
Amsterdam - 270 MB
London - 160 MB
Frankfurt - 200 MB
Silicon Valley - 150 MB
Australia - 100 MB
Paris - 390 MB
Tokyo - 130 MB
Singapore - 140 MB

The average traffic was at the first 2 weeks at 6 MB per Day. The 3rd week it was at 12 MB and this week it was at 18 MB per Day and Server.

The current system and your usage has given a better view to different developements which are in progress.

For better performance I recommend to use the DNS Servers as forwarder on your SOHO/WIFI Router. I know that the current system is really slow compared to Google DNS but it's possible to speed it up. But this must be done at the moment from your site.

Anyway - thanks a lot for all of your support for my baby! ;)

Have a nice weekend!!!
 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Atlanta Server Offline until 8:00 PM GMT +1

The Server has hardware issues. Provider need to take the machine offline and it will be back until 8 PM German Time.
It is so annoying. I want to have my own infrastructure...


US / Atlanta
k1ns-atl-001.keweon.center
107.189.45.250



 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
1.
Tokyo receives a network upgrade by Provider. Don't blame on me please!

Start time:
06-DEC-2017 20:30 UTC

End time:
06-DEC-2017 23:30 UTC



2.
For actual reasons one funny story about low budget providers and things which drives me sometimes crazy:

Server Atlanta has had 2 days ago the first problem and after a reboot everything seems to be fine.

Hours after the reboot the Server seems to be broken. Sh*t could happens and there is no really business on keweonDNS. After 9 hours the Server was replaced by the Provider. And again, everything seems to be fine. Within the ILO Interface I have seen the Server is still the old one but it's OK. Yes, customers are sometimes to stupid to understand.

A view hours later the entire box was gone again. Double
sh*t could also happens and the Support told me that the Rack switch was broken. OK... no other chance than to wait.

Now, everything is back. Hardware replaced. Switch replaced. And everything seems to be fine?

It was required to reinstall the entire Server. After 2 hours playing around with the NIC's I have seen that the brand new Switch has no VLAN
configured for the IPv6 network. IPv4 is running - no IPv6.

I'm waiting. And I guess everything will be fine. I'll be sure.

WOOO-SA... WOOO-SA...
 
Last edited:

ninjanmizuki

Senior Member
Sep 22, 2013
316
120
OnePlus 7T
I couldn't access my Internet connection at all a week ago when I used keweon through DNSchanger. Was it because of this server issues or something wrong on my side?

Edit -
As of now (06dec2017) everything is working perfectly well. I am using UK servers and Amsterdam servers. Thanks for this man.
 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
I couldn't access my Internet connection at all a week ago when I used keweon through DNSchanger. Was it because of this server issues or something wrong on my side?

Edit -
As of now (06dec2017) everything is working perfectly well. I am using UK servers and Amsterdam servers. Thanks for this man.

First at all - thank a lot for your comment!!!

The current problems are not really my problems. The most and biggest problem is the hosting or the provider.

I was seeking out for an Investor for my system but the all only want to collect Data from users and other evil things. That's a no go! On the one hand I prevent the entire data collection and on the other I need to collect them? Never! I rather would trash the entire system than doing this.

Actually I'm working on the Website and I'm planing to start a crowd funding project because to establish the entire and global Infrastructure would need a lot of money. At the moment the entire system is so incredible slow but with physicaly Server and within a Datacenter location the Server becomes up to 20 times faster than GoogleDNS. It's already tested within an EQUINIX DC in Munich but a global system is lightyears away from my budget. If this system would be in place I guess you can't imagine how fast your Internet will be.

The current keweon system is not the end. Actually I'm only able to provide 15 to 20% of the full power of it. I cross the fingers and the ads and data collection industrie better prays that this system will never grow up.

Please keep in mind that this system is only for demonstration. Of cause it's working (...sometimes not ;) ) but at the moment it's not the solution I want to have at the end.

Anyway. Thanks a lot!!!!
 

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
Server Upgrade

Update for all of you:

- It's Christmas time and that means shopping time. Added 17.637 Fake Shops from 2 public sources.
( https://www.watchlist-internet.at/fake-shops/liste-betruegerischer-online-shops )
- Fixed Firewall performance
- Added on all Servers a Daily reboot at 3:30 AM local time. EU Servers will have a different of 5 minutes on each server. The reboot will take not longer than 20 seconds but this will increase the performence.
- Upgrade security on all DNS Server (some idiots still try to hack them...)
- All France Server are now global available
- Will reduce security on this server at the weekend:

France / Roubaix:
k1ns-fr-002.keweon.center
137.74.155.255
2001:41d0:1000:16a6::6538:02b6

France / Roubaix:
k1ns-fr-003.keweon.center
51.254.188.221
2001:41d0:1000:16a6::693d:1b0e

France / Roubaix:
k1ns-fr-004.keweon.center
213.32.112.244
2001:41d0:8:1a95::244

Then you can use them with IPTable forwarding and all other things you want to do. Not sure if the Servers are fast enough for other Countries than EMEA but it's up to you to test.

The daily Whitelisting was not running this night. At the moment I have a list of 12.588 URL's. They will be processed during this night.

Thanks a lot to all of you and have a nice weekend!!!
 
Last edited:

MrT69

Senior Member
May 9, 2006
1,731
4,392
52
Königsbrunn
www.keweon.de
To all who want to play around with IPTABLES, FORWARDING and other funny things:

The Servers below should now be available for more things than requests. ANY REQUESTS and a view other things are still blocked for security reasons.
All 3 Servers are protected by 750GBit DDoS protection which should be enough for all attacks. I still have fears to open them but I will give it a try.
I cross the fingers that this servers can stay open within this way.

France / Roubaix:
k1ns-fr-002.keweon.center
137.74.155.255
2001:41d0:1000:16a6::6538:02b6

France / Roubaix:
k1ns-fr-003.keweon.center
51.254.188.221
2001:41d0:1000:16a6::693d:1b0e

France / Roubaix:
k1ns-fr-004.keweon.center
213.32.112.244
2001:41d0:8:1a95::244

Enjoy it and have fun. If they are still not working for you than let me know this.

All other servers needs to stay locked down for security reasons. If you are not able to work with the France Servers than I need to say sorry at the moment. There is currently no option to do this.

Let me know if it's working. Enjoy it!
 
  • Like
Reactions: Indha Lezzio

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    where can i see the telegram
    Members are not allowed to share that and this thread doesn't qualify for Telegram (or other social) link sharing. Please review our policy on this here: WhatsApp/Telegram Groups and Channels - Going Forward
    Last seen Dec 22, 2020

    I assume @MrT69 abandoned the project?
    It does appear so, at least on XDA. I personally regret this as I had been an avid supporter of keweonDNS for a very long time. I in turn have moved to RethinkDNS.
  • 245
    Please read this first!


    The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.

    The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.

    A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.

    From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.

    For actual reasons and because of many discussions I want to inform you about threat possibilities:


    1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.​


    2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:

    Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.

    This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.​


    3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.


    4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".


    Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.


    5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.

    6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.​


    The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.


    Thanks a lot to each single user!!






    keweonShield.png





    **************************************************************

    Business inquires: Please see contact information section below.

    ***************************************************************


    **************************************************************

    Keweon quick start.
    Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:

    **************************************************************


    **************************************************************

    Available DNS servers (choose one primary and one secondary):

    Main Servers:
    IP: 176.9.62.58
    IP: 176.9.62.62

    or

    IPv6: 2a01:4f8:150:8023::58
    IPv6: 2a01:4f8:150:8023::62


    Update November 28, 2018:

    If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.

    IPv4: 213.239.207.143
    IPv6: 2a01:4f8:a0:8487::143

    IPv4: 107.191.55.215
    IPv6: 2001:19f0:6401:175d::215

    These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.

    **************************************************************

    Available Server List for keweon Privacy & Security
    (Server Edition keweonDNS v.6.80.280.LL)

    Australia / Sidney: (vServer)
    k1ns-au-001.keweon.center
    45.76.125.130
    2001:19f0:5801:b45::130

    France / Paris: (vServer)
    k1ns-fr-001.keweon.center
    45.77.62.37
    2001:19f0:6801:95e::37

    Germany / Frankfurt (vServer)
    k1ns-de-001.keweon.center
    104.207.131.11
    2001:19f0:6c01:61f::11

    India / Bangalore (vServer)
    k1ns-in-001.keweon.center
    IPv4: 139.59.33.236
    IPv6: 2400:6180:100:d0::30d:5001

    Japan / Tokio (vServer)
    k1ns-jp-001.keweon.center
    45.77.25.72
    2001:19f0:7001:22a8::72

    Netherland / Amsterdam (vServer)
    k1ns-nl-001.keweon.center
    45.77.138.206
    2001:19f0:5001:d8d::206

    Singapore / Singapore: (vServer)
    k1ns-sp-001.keweon.center
    45.76.151.221
    2001:19f0:4400:4f31::221

    UK / London (vServer)
    k1ns-lon-001.keweon.center
    45.32.183.39
    2001:19f0:7402:a61::39

    USA / Dallas (vServer)
    k1ns-tx-001.keweon.center
    45.76.57.41
    2001:19f0:6401:9ed::41

    USA / New Jersey (vServer)
    k1ns-ny-001.keweon.center
    45.77.144.132
    2001:19f0:5:2962::132

    USA / Silicon Valley (vServer)
    k1ns-sv-001.keweon.center
    45.32.140.26
    2001:19f0:ac01:639::26
    **************************************************************


    **************************************************************
    Keweon Root certificate (not required, but will suppress certificate errors):

    http://pki.keweon.center

    For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
    >> CLICK HERE <<

    MSI within a ZIP file:
    >> CLICK HERE <<

    For Android and iOS devices, also for Firefox and Mozilla Browser:
    >> CLICK HERE <<

    Certificate within a ZIP file:
    >> CLICK HERE <<

    For Admins to use it within Active Directory as REG file:
    >> CLICK HERE <<

    REG within a ZIP file:
    >> CLICK HERE <<

    If you want to have a "AllInOne Package" use this link please:
    >> CLICK HERE <<


    (End of Quick Start section)

    **************************************************************


    **************************************************************
    About Keweon:

    Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."

    Keweon is more than a generic adblock system. Keweon does:

     Advertising Blocking
     Adware Protection
     App Protection
     Bandwidth Protection for Mobile Phones
     Botnets Protection
     Cryptoware Protection
     Fake Online Shop Filter
     Fake Software Protection
     Malware Protection
     Miningware Protection
     Online Worms Protection
     Pharming Protection
     Phishing Protection
     Popup Blocker
     Privacy Protection
     Ransomware Protection
     Remote Keyloggers Protection
     Rogue Security Software Protection
     Spoofing Protection
     Spyware Protection
     Tracing Protection
     Tracking Protection
     Trojan Protection
     Virus Protection
     and a lot of other things

    Things Keweon does not do or does not have:
     Acceptible advertising exceptions
     A Malware or virus scanner
     Data collection

    Keweon will:
     Save bandwidth. Ads are blocked, not just hidden.

    **************************************************************


    **************************************************************

    Basic instructions:

    1. Take the DNS Servers
    2. Install the keweon Adblock Root Certificate (recommended, not required)
    3. Change your Internet Router or your Mobile Device to use the servers
    4. Reboot (Router and PC)


    **************************************************************


    **************************************************************

    Trusted apps for changing DNS on your device:

    - Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger

    - iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093

    - Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.

    - Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/

    **************************************************************


    **************************************************************
    FAQ:

    1) Does my traffic runs trough the keweon System?

    Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.

    2) Here are some questions from Telegram users which might be interesting for you.

    http://downloads.keweon.center/keweon/keweon_questionnaire.pdf


    3) If you have questions - please ask!
    **************************************************************


    **************************************************************

    Contact information:

    If you want to send blacklists (things that should be blocked) please send them to: [email protected]

    If you want to send whitelists (things that shouldn't be blocked) please send them to: [email protected]

    If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: [email protected]

    Developer email: [email protected] (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
    This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)

    **************************************************************


    **************************************************************

    New license terms because of the EU DSGVO/GDRP (25.05.2018):

    Business and Corporate usage is not allowed without my written permission.
    The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.

    Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.

    **************************************************************
    51
    How to use keweon?

    It's very easy:

    1. Take the DNS Servers
    2. Install the keweon Adblock Root Certificate ( <<< THIS IS ONLY A RECOMMENDATION)
    3. Change your Internet Router or your Mobile Device to it
    4. Reboot (Router and PC)
    5. Done! That's it.
    6. See the Internet within a never seen way

    In the meantime the keweon AdBlock Root Certificate has more than 4 Millions global downloads. This certificate is not required but for a few websites it is mandatory.
    This certificate will only surpress the certificate errors. Not all of them because I'm still working on this.

    On iOS Devices just open Safari. With Android use the default Browser and go to http://pki.keweon.center and after 3 sec. the download of the certificate will start. JUST THE DOWNLOAD!! You need to install it by yourself. More facts about the keweon Root Certificate will comming soon on the website.


    Test the DNS Servers within this List and choose the one which is the fastest for you:

    https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6


    How to use it on Android devices:

    Use an App of your choice or use this. I also use this app and from my point of view this is the worldwide best App to change the DNS settings on Android devices. No Root Access is required. The developer is from Germany and I have had a good contact to him. The app is free of charge and also free of advertising. The source code for this app is also available on GitHub. If you have troubles with it or want to have additonal features than contact the developer. He would be happy about every feedback.

    https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger


    How to use it on iOS/Apple devices:

    All my iOS Tester using this App. If you have a better one or you are able to translate the Android App to XCode - your welcome.

    https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093


    You are using Chrome and the DNS thing is not working? (thanks a lot @NamitNayan for this info)

    Google wants to prevent Adblocking via DNS. Therefore they have enabled an experimental Switch by default to prevent DNS blocking.
    Take a look at here if it's not working >>> HERE <<< and fix the problem within seconds.

    50
    keweonDNS & installation Information

    ALL keweonDNS Servers:

    Version: DoT Server - DNS over TLS (updated 03/21/2019)
    Used Certificate: Let'sEncrypt Certificate
    Server Address: dot.asecdns.com
    Port: 853 & 443
    IP Addresses:
    dot.asecdns.com (159.69.48.240 - HETTNER RZ Falkenstein)
    dot.asecdns.com (116.203.117.199 - HETTNER RZ Nuernberg)
    dot.asecdns.com (95.216.192.253 - HETTNER RZ Helsinki)
    dot.asecdns.com (2a01:4f8:1c17:6e44::240 - HETTNER RZ Falkenstein)
    dot.asecdns.com (2a01:4f8:c2c:491::199 - HETTNER RZ Nuernberg)
    dot.asecdns.com (2a01:4f9:c010:3071::253 - HETTNER RZ Helsinki)

    Version: DoH Server - DNS over HTTPS (updated 03/21/2019)
    Used Certificate: Let'sEncrypt Certificate
    Server Address: doh.asecdns.com/nebulo
    Port: 443
    IP Addresses:
    doh.asecdns.com (159.69.49.250 - HETTNER RZ Falkenstein)
    doh.asecdns.com (116.203.126.207 - HETTNER RZ Nuernberg)
    doh.asecdns.com (95.216.165.29 - HETTNER RZ Helsinki)
    doh.asecdns.com (2a01:4f8:1c17:6fc7::250 - HETTNER RZ Falkenstein)
    doh.asecdns.com (2a01:4f8:c2c:e25::207 - HETTNER RZ Nuernberg)
    doh.asecdns.com (2a01:4f9:c010:1cbd::29 - HETTNER RZ Helsinki)


    Version: keweonDNS v.6.80.280.LL (updated 03/21/2019)

    Australia / Sidney: (vServer)
    k1ns-au-001.keweon.center

    45.76.125.130
    2001:19f0:5801:b45::130

    France / Paris: (vServer)
    k1ns-fr-001.keweon.center

    45.77.62.37
    2001:19f0:6801:95e::37

    Germany / Frankfurt (vServer)
    k1ns-de-001.keweon.center

    104.207.131.11
    2001:19f0:6c01:61f::11

    India / Bangalore (vServer)
    k1ns-in-001.keweon.center

    IPv4: 139.59.33.236
    IPv6: 2400:6180:100:d0::30d:5001

    Japan / Tokio (vServer)
    k1ns-jp-001.keweon.center

    45.77.25.72
    2001:19f0:7001:22a8::72

    Netherland / Amsterdam (vServer)
    k1ns-nl-001.keweon.center

    45.77.138.206
    2001:19f0:5001:d8d::206

    Singapore / Singapore: (vServer)
    k1ns-sp-001.keweon.center

    45.76.151.221
    2001:19f0:4400:4f31::221

    UK / London (vServer)
    k1ns-lon-001.keweon.center

    45.32.183.39
    2001:19f0:7402:a61::39

    USA / Dallas (vServer)
    k1ns-tx-001.keweon.center

    45.76.57.41
    2001:19f0:6401:9ed::41

    USA / New Jersey (vServer)
    k1ns-ny-001.keweon.center

    45.77.144.132
    2001:19f0:5:2962::132

    USA / Silicon Valley (vServer)
    k1ns-sv-001.keweon.center

    45.32.140.26
    2001:19f0:ac01:639::26

    Physical Instance:

    Germany / Falkenstein
    k1-de-058-fsn.keweon.center (Physical)

    176.9.62.58
    2a01:4f8:150:8023::58
    and
    176.9.62.62
    2a01:4f8:150:8023::62

    DNS Server to use with keweon Adblock Root Certificate:
    This Servers block in addition:
    - pixel.facebook.com
    - Amazon data collection and advertising
    - more things which are normally not possible will coming soon step by step


    Germany / Nuernberg
    k1-de-143-nbg.keweon.center (Physical)

    213.239.207.143
    2a01:4f8:a0:8487::143

    USA / Dallas - Texas
    k1-ns2-us02.keweon.center (vServer)

    107.191.55.215
    2001:19f0:6401:175d::215

    (Updated at 21. March 2019)
    44
    Technical Details

    Public available DNS:

    Take a look at this thread:
    https://forum.xda-developers.com/showpost.php?p=73985083&postcount=6

    Background System:

    The current system needs 42 Server (!) in the Background that everything is working.
    Actually the entire infrastructure is hosted on 5 different providers.

    How does it work?

    The entire System works with several Servers. Ubuntu, FreeBSD 11 and my own build Operation System based on UNIX is installed. The entire developement and all source codes are not public available. There is more than 14 yrs of work inside.


    Current Blacklist size:

    39.585.224 Domains (export to TXT)
    Current Virus/Ransomware Blacklist size:
    18.853.587 Domains (export to TXT)


    Current Blacklist contains:

    Tracker, Malware, Spyware, Adware, Advertising, Poison Websites Fake Software (Adobe Flash Updates which is in real Malware/Virus) & a few false/positive Sites.
    To cover all HTTPS errors because a lot of Advertising Vendors display and spread this crap via https to the world I have created the keweon Root Certificate. Allmost every Malware and Spyware will be installed via HTTPS. The Root Certificate is only responsible to suppress all https error messages for all this Advertising and poison things.


    Which Systems are working and acting with keweon?

    The keweon System is tested on almost every Operation System and Devices (iOS, Android, Xbox, Playstation, Samsung TV, etc... ) It's currently running within 3 companies because I know the Admins there. You can use it within you private environment but please DO NOT USE it within a Business environment.


    Why I can't use it within a Business environment?

    There are 2 reasons for it.

    1. I want that the entire system becomes free for private and personal usage and I already have requests from Companies and even from the Public Sector that they are interested about to use the System. As long as there are too many error within the System I don't have the option to sell this as an Business solution. That's the deal.

    2. Private for free, Business needs to license it. Of cause, the current system needs to be a bigger and stable system..


    Does my traffic runs trough the keweon System?

    Not even one byte from you or your device will flows through my servers. Also the same with the HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
    It would not make any sense that I drop all this crap traffic, blame to the advertising Industrie and I do exactly this things which I want to prevent?
    Btw... This fact was also the problem why I have had no success with investors. They want that I enable data sniffing or user sniffing but I would rather throw away the entire system & developement than doing what they want.

    39
    I need your help and support

    1. Support me with Black and White lists

    It’s veryimportant to know that keweonDNS will NEVER (!) do a censorship of the Internet. If you want to have i.e. Facebook blocked via HOSTS file, it’s up to you. But this will never be done via keweonDNS. I have other plans with porn and violence but this is a stage with keweon kidsafe which is currently far, far away.

    IMPORTANT:

    Any list you want to send to me has to be send as an attachment within an EMail. I will give you a short example for this.

    If you have a Raspberry PI and you have a real cute blacklist than copy all the addresses (or URL’s) into a TXT file and send it to me via mail. The same with some important whitelists. Don't care about the size.

    Don’t copy the addresses or URL's into Subject or Body of this Mail because this will never arrive. I don’t want to track and check all the mails and for security reasons only attachments will be processed. Please make sure you only send ZIP files that contains the TXT file or send native TXT files. Everything else will be dropped for security reasons. Don’t care about double entries and it doesn’t matters if you send the same TXT file 5 or 10 times again and again.

    Websites which contains errors or Whitelist needs to be processed within the same way. Send the TXT or ZiP – that’s it.

    If you want to send blacklists please send them to: [email protected]

    If you want to send whitelists please send them to: [email protected]


    2. Support me with false/positive on keweonDNS

    If you open a Site and this site stay blank than copy the URL into a TXT file and send it to me. You do not need to collect them. If you send me 50 or 100 Mails and each of them contains only 1 link or address this doesn't matters.

    If you want to send URL’s or Links which are blocked and should be not blocked then send them to: [email protected]

    If you open a Website and this site looks some kind of strange because of missing CSS & other pretty Website things than take the URL, copy to TXT and send this TXT to: [email protected]


    3. Router Compatibility:

    With a lot of SOHO Router it is possible to change the IPv6 and IPv4 default DNS Server Address. But there are are also a lot of Router outside where this is not possible.
    If you can provide some instructions and screenshots within a PDF I will release this on the Webpage. I have the experience that the AVM FritzBox sometimes will work and sometimes not. That is related to the fact that the Provider support IPv6 and you are only able to change the IPv4 DNS Server Address. With the tiny tool "FBEDITOR" it should be possible to change also the default IPv6 DNS Server Address on AVM Boxes.

    German Telekom Router are also a peace of crap. There you can change nothing except the Password and the WLAN key. The work arround by selecting "Different Provider" (anderer Anbieter) where you can set manualy the DNS Server will not work.

    Unfortunately I only have CISCO, LINKSYS and ASUS Hardware running with i.e. DD-WRT. I appreciate if you can help me with creating instructions how to change DNS v4 & v6 settings on your Home/SOHO/Wireless Router. No rush on this because all this instructions will be released on the Website.


    Million thanks in advance!