DeCloudUs DNS Resolver

Has anyone looked into DeCloudUs as another DNS resolver? They even have the option to completely block Google, Apple and Microsoft. As far as I am aware, there are no alternatives for completely blocking Google except for an outdated blocklist available on NextDNS.

Good way to break things.

4 Likes

They offer pre-configured DNS profiles that are supposed to be more flexible. On the premium plan, you can access servers like “Echo” and “Zulu”.

According to their website, “Echo servers block ads (including Google Ads), trackers (including all Google trackers), and known malware, phishing, and malicious sites while leaving non-ad and non-tracker Google services and sites running.”

For Zulu servers, “Zulu DNS servers blocks most Google domains and tracking, but will allow some popular Google services to work, such as YouTube, Gmail, Google Search, Google CAPTCHAs, and Android App Notifications.”

On the highest plan, you can use a custom DNS profile and choose what you want to block or allow. I believe you can only block Apple and Microsoft with custom DNS only but I am not sure as I tested this DNS resolver a while ago.

Who’s behind it?

The creator has a reddit profile. Their website also has a Contact form with the email alpha@decloudus.com

Other than that, I cannot find any additional information about the person behind it. I say person because I think they are the only one running it. I cannot be sure though.

You see, not necessarily very trustworthy… :wink:

I wouldn’t say they aren’t necessarily untrustworthy either, just lacking a reputation. What criteria do you want them to achieve for them to be “trustworthy?” You can also email them and ask for clarification on any concerns you may have.

Block all google so nothing works, not even signal from what I know as it uses google servers.

I thought DeCloudUs would be a good addition to the current DNS resolver lists for general blocking. The feature of optionally blocking Google, Microsoft and Apple is a bonus.

Besides, many things work without Google. For your example, there is a fork of signal called Molly that has a FOSS variant that does not depend on any google servers. It can be used with your current Signal contacts.

The free one is Alpha based and blocks Google completely.
Whats about captchas? Is Molly or twinhelix not using it?

This is technically wrong.
You can see the domains used for Signal here: https://github.com/signalapp/Signal-Android/blob/9e3d1005998fec404bd5c3182815a53b58603fc0/app/build.gradle#L166-L181

Amazon:

Akamai:

Google:

Cloudflare:

Microsoft Azure:

Invalid:

(just a quick and dirty host/whois lookup, they probably load balance or switch between clouds on demand/by cost)

The free plan is Alpha based but my impression from the website is that the free plan is supposed to be for testing the service and not for daily use. I don’t know about twinhelix but from my testing, Molly uses hCaptcha and not Google’s reCAPTCHA.

Based on @SkewedZeppelin’s response, I don’t think captchas would be the main issue with using Signal while blocking Google. To rephrase what I said, Molly FOSS does not lack any features without Google Play Services installed (unlike Signal) but does make connections to Google’s servers. I can test Molly FOSS while blocking Google and Microsoft and report back if I notice any issues.

Signal’s censorship circumvention feature masks your signal traffic as a connection to Google.com as well.

OK,
if you want use it, do it.
For me, it makes no sense

That’s fine, everyone’s threat model is different. Who knows, someone may come across this discussion and find it useful.