🚀 DoH Proxy Pro

Active and ready - Parallel Racing, Circuit Breaker, geo-selection, and adaptive learning are enabled

This is an advanced DNS over HTTPS (DoH) service with anti-censorship features.
Pro version with Parallel DNS Racing, Circuit Breaker Pattern, geo-based selection, QNAME Minimization, DNS Padding, ECS Stripping, Negative Caching, Adaptive Timeouts, Enhanced Header Randomization, and 15+ other capabilities.

📊 View Live Server Statistics

📍 Your Service Address:

https://cloudflare-e8a.pages.dev/dns-query

✨ Advanced Features:

⚡

Parallel DNS Racing - tests the top 10 servers at the same time

🛡️

Circuit Breaker Pattern - automatically manages unhealthy servers

🌍

Geo-based Selection - chooses the best server based on location

🧠

AI-assisted adaptive learning for smarter server selection

🔄

Smart load balancing based on speed and reliability

🔒

DNS Padding (RFC 8467) - helps prevent traffic analysis

🎯

QNAME Minimization - reduces query information exposure

🚫

ECS Stripping - removes EDNS Client Subnet data

💾

Smart LRU Caching - intelligent cache management

⏱️

Adaptive Timeouts - automatically adjusts wait times

🔄

Negative Caching - intelligent NXDOMAIN caching

⚙️

Uses more than 200 trusted global DNS servers

🎭

Enhanced Header Randomization - anti-fingerprinting protection

📊

Dynamic scoring: 35% health, 30% speed, 20% reliability, 15% region

🔄

Intelligent fallback when racing fails

🌐

Benefits from ECH on Cloudflare servers

🔗

Request Coalescing - merges duplicate requests to reduce latency

🌏

CORS Support - full browser request support without cross-origin limits

📡

JSON DoH API - supports application/dns-json for broader compatibility

🔐

Real RFC 8467 DNS Padding with a standard OPT record

🧹

Advanced ECS Stripping - parses and removes EDNS Client Subnet from OPT records

🎲

Decoy Traffic with 20 varied domains to hide DNS traffic patterns

🌐 DNS Providers Used:

More than 200 trusted DNS servers from multiple countries with geo-location support

• Cloudflare, Google, Quad9, OpenDNS

• AdGuard, NextDNS, Mullvad

• AhaDNS (US, Netherlands, Poland, India, Singapore, Australia)

• BlahDNS (Finland, Japan, Germany, Singapore)

• Pi-DNS (Europe, US)

• 60+ more globally distributed servers...

✅ What this DoH proxy does:

• Fully encrypts DNS requests - your DNS queries are sent over HTTPS
• Bypasses DNS poisoning - helps prevent DNS response tampering
• Opens DNS-filtered websites - works when a site is blocked only at the DNS layer
• Improves privacy - your ISP cannot see the domains you query
• Improves security - helps prevent DNS-layer man-in-the-middle attacks
• Improves speed - Racing Mode, Circuit Breaker, and Smart Caching select faster paths

💡 Understanding filtering types:

Network filtering can happen at several layers:

1. DNS Filtering:
• A site is blocked at the DNS level
• ✓ This DoH proxy can bypass this type of filtering
• Example: many websites in different countries

2. SNI Filtering:
• A site is blocked by Server Name Indication
• ✗ DoH alone is not enough; ECH or additional tooling is needed

3. IP Blocking:
• The server IP address is blocked directly
• ✗ DoH alone is not enough; a VPN may be required

4. Deep Packet Inspection - DPI:
• Network packets are inspected deeply
• ✗ DoH alone is not enough; a VPN or advanced proxy may be required

Bottom line: this DoH is enough when the target site is only DNS-filtered. Other filtering methods may require a VPN or additional tools.

📱 How to Use:

🌐 Browsers (Firefox, Chrome, Edge, Brave)

Open browser settings → Privacy or Security → DNS over HTTPS → choose Custom Provider and enter the address above.

Enable ECH in Firefox:
1. Type about:config in the address bar
2. Search for network.dns.echconfig.enabled
3. Set it to true

With these settings, many DNS-filtered sites become accessible.

📱 Intra App (Android)

1. Install Intra from Google Play
2. Open the app
3. Tap "Configure custom server URL"
4. Enter this address in the Custom DNS over HTTPS server URL field:

https://cloudflare-e8a.pages.dev/dns-query

5. Turn the ON switch on

This encrypts your DNS and opens sites that are blocked only by DNS filtering.

🍎 iOS, iPadOS, and macOS

For Apple devices, download and install your personal profile:

🍎 Download iOS/macOS Profile

Installation:
• iOS/iPadOS: download the file with Safari → Settings → General → VPN, DNS & Device Management → Downloaded Profile → Install
• macOS: download the file → System Settings → Privacy & Security → Profiles → install the profile

After installation, DNS from your apps will be encrypted.

🔧 Xray Clients - Simple Config (v2rayNG and similar)

For Xray-based clients, you can use this config:

{ "remarks": "🛡️ DoH Proxy Pro", "dns": { "servers": [ { "address": "https://cloudflare-e8a.pages.dev/dns-query", "skipFallback": true } ], "queryStrategy": "UseIP" }, "inbounds": [ { "port": 10808, "listen": "127.0.0.1", "protocol": "socks", "settings": { "auth": "noauth", "udp": true }, "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } } ], "outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "UseIP" }, "tag": "direct" } ], "routing": { "domainStrategy": "AsIs", "rules": [ { "type": "field", "outboundTag": "direct", "network": "udp,tcp" } ] } }

Note: this config secures your DNS and opens sites that are blocked only by DNS filtering.

🚀 Xray Clients - Advanced Fragment Config (Recommended)

This config adds Fragment support alongside DoH to help with more advanced filtering:

{ "remarks": "🛡️ DoH Proxy Pro + Fragment", "log": { "access": "", "error": "", "loglevel": "warning", "dnsLog": false }, "dns": { "tag": "dns-in", "hosts": { "cloudflare-e8a.pages.dev": [ "172.67.73.38", "104.19.155.92", "172.67.73.163", "104.18.155.42", "104.16.124.175", "104.16.248.249", "104.16.249.249", "104.26.13.8" ], "cloudflare-dns.com": [ "1.1.1.1", "1.0.0.1" ] }, "servers": [ "https://cloudflare-e8a.pages.dev/dns-query", "1.1.1.1", "8.8.8.8" ], "queryStrategy": "UseIP" }, "inbounds": [ { "tag": "mixed-in", "port": 10808, "listen": "127.0.0.1", "protocol": "mixed", "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic", "fakedns" ], "routeOnly": true }, "settings": { "auth": "noauth", "udp": true, "userLevel": 8 } } ], "outbounds": [ { "tag": "fragment-out", "protocol": "freedom", "settings": { "domainStrategy": "UseIP", "fragment": { "packets": "1-1", "length": "1", "interval": "13", "maxSplit": "163" } }, "streamSettings": { "sockopt": { "tcpNoDelay": true, "tcpKeepAliveIdle": 100, "mark": 255, "domainStrategy": "ForceIP", "happyEyeballs": { "tryDelayMs": 300, "prioritizeIPv6": true, "interleave": 2, "maxConcurrentTry": 20 } } } }, { "tag": "udp-noises-out", "protocol": "freedom", "settings": { "domainStrategy": "UseIP", "targetStrategy": "ForceIPv6v4", "noises": [ { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv4" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" }, { "type": "rand", "packet": "1200-1230", "delay": "10", "applyTo": "ipv6" } ] }, "streamSettings": { "sockopt": { "mark": 255, "domainStrategy": "UseIP" } } }, { "tag": "direct-out", "protocol": "freedom" }, { "tag": "dns-out", "protocol": "dns" }, { "tag": "block", "protocol": "blackhole" } ], "policy": { "levels": { "8": { "connIdle": 300, "downlinkOnly": 1, "handshake": 4, "uplinkOnly": 1 } }, "system": { "statsOutboundUplink": true, "statsOutboundDownlink": true } }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "outboundTag": "block", "ip": [ "geoip:private" ] }, { "type": "field", "outboundTag": "direct-out", "domain": [ "domain:ir", "geosite:category-ir" ] }, { "type": "field", "outboundTag": "direct-out", "ip": [ "geoip:ir" ] }, { "type": "field", "outboundTag": "dns-out", "port": "53", "network": "udp" }, { "type": "field", "outboundTag": "udp-noises-out", "port": "443", "network": "udp" }, { "type": "field", "outboundTag": "fragment-out", "port": "0-65535" } ] }, "stats": {} }

Fragment config benefits:
• Fragment support for bypassing DPI
• Splits TLS Hello packets
• Improves resistance to advanced filtering

💻 Windows 10/11

Settings → Network & Internet → Properties → DNS server assignment → Edit → Preferred DNS encryption: Encrypted only (DNS over HTTPS), then enter the address above.

🐧 Linux

Using systemd-resolved:
1. Edit the configuration file:
sudo nano /etc/systemd/resolved.conf

2. Add these lines:
[Resolve] DNS=https://cloudflare-e8a.pages.dev/dns-query DNSOverTLS=yes

3. Restart the service:
sudo systemctl restart systemd-resolved

🔧 Router

Depending on your router model, DoH may be supported. Check your router DNS settings. Configuring DoH on the router encrypts DNS for all devices connected to the network.

🛡️ Security Recommendations:

For maximum security and access:

Scenario 1 - DNS filtering only:
✓ Use this DoH proxy
✓ Many sites become accessible

Scenario 2 - More advanced filtering:
✓ Use this DoH proxy
✓ Enable ECH in your browser
✓ Use the Fragment config in Xray
✓ Use a VPN for other layers when needed

General tips:
• Use up-to-date browsers
• Keep HTTPS enabled
• Use reputable security software
• Use strong passwords

❓ FAQ:

Q: Can I access filtered sites with this DoH?
A: Yes, if the site is filtered only by DNS. If it is filtered by other methods like IP blocking or DPI, you may need a VPN.

Q: What is Fragment and how does it help?
A: Fragment is an anti-filtering technique that splits TLS Hello packets and makes DPI detection harder. Using Fragment alongside DoH can help against more advanced filtering.

Q: What is ECH and how does it help?
A: ECH, or Encrypted Client Hello, encrypts SNI and helps prevent SNI-based filtering. Both the browser and server must support it.

Q: How is this DoH different from 1.1.1.1?
A: This is your personal DoH proxy running on Cloudflare Workers, with advanced anti-censorship techniques such as 10-server Parallel Racing, Circuit Breaker, geo-selection, adaptive learning, DNS Padding, QNAME Minimization, Negative Caching, Adaptive Timeouts, and 15+ other capabilities. It still uses trusted DNS providers, but with much more control.

Q: Is this service free?
A: Yes, as long as you stay within the Cloudflare Workers free tier, such as 100,000 requests per day.

Q: Will using this DoH reduce speed?
A: Usually no. It may improve speed because Smart Caching and Racing Mode use the first fast response.

Q: What is the difference between the simple config and the Fragment config?
A: The simple config only enables DoH and is enough for DNS filtering. The Fragment config adds Fragment support, which helps with more advanced DPI filtering. For maximum resilience, the Fragment config is recommended.

Q: Can anyone see that I use this service?
A: Your DNS requests are encrypted, so your ISP cannot see their contents. It can only see that you connect to Cloudflare.

Q: How does Parallel Racing work?
A: The system sends each query to the top 10 DNS servers at the same time, scored by region, speed, health, and reliability, then accepts the first fast response. This reduces latency and improves reliability.

Q: What is Request Coalescing?
A: When multiple users or apps query the same domain at the same moment, the Worker sends one upstream request and shares the response with all waiting callers. This reduces server load and latency.