DNS Switch
File Information
| Property | Value |
|---|---|
| Binary Name | dns-switch |
| Version | 9.0.1 |
| File Size | 3.1MB |
| Author | Warith Al Maawali |
| License | Proprietary |
| Category | Network & Routing |
| Description | Production-ready DNS management with security and portability. A self-contained, portable DNS manage... |
| JSON Data | View Raw JSON |
SHA256 Checksum
Key Features
DNS Server Management
| Feature | Description |
|---|---|
| Extensive Database | Hundreds of vetted DNS servers categorized by security level |
| Smart Selection | Automatic scoring based on latency, reliability, and privacy |
| DNSCrypt Support | Full encryption for DNS queries to prevent eavesdropping |
| Pi-hole Integration | Seamless ad-blocking DNS filtering support |
Why DNS Switch is Critical
| Benefit | Description |
|---|---|
| DNS Leak Protection | Helps prevent DNS queries from bypassing your VPN/Tor |
| Privacy Protection | Uses only non-logging DNS providers |
| Censorship Bypass | Access blocked content with alternative DNS |
| Attack Detection | Identifies DNS poisoning and hijacking attempts |
| Automatic Failover | Switches to backup servers if primary fails |
TL;DR - Essential Commands
Important: Use sudo for DNS operations as they modify system network settings.
# Switch to a random secure DNS server (reputable set)
sudo dns-switch random --type reputable
sudo dns-switch random --type reputable --count 5
# Switch to specific DNS category or provider
sudo dns-switch switch --names cloudflare
sudo dns-switch switch --servers 1.1.1.1 9.9.9.9
# Check current DNS configuration and status
dns-switch status --json # JSON output for automation
dns-switch status --verbose # Detailed status information
# Test DNS server health
dns-switch health --type reputable
# Enable DNSCrypt for encrypted DNS
sudo dns-switch switch --names dnscrypt
# Fetch and update DNS database from remote sources
sudo dns-switch fetch
DNS Management Modes
DNS Switch supports two different DNS management modes depending on your system configuration:
Modern Mode (systemd-resolved)
Modern systems using systemd-resolved for DNS management. This mode provides three configuration methods with automatic fallback:
| Method | Description | Scope |
|---|---|---|
| Global Config | /etc/systemd/resolved.conf modification | All interfaces (DEFAULT, safest) |
| Per-Interface | resolvectl commands per interface | Individual interfaces (fallback) |
| NetworkManager | nmcli configuration | NM-managed connections (alternative) |
Advantages: - Centralized DNS management - Per-interface DNS configuration - Built-in DNS caching - DNSSEC support - Automatic fallback between methods
Requirements: - systemd-resolved installed and active - /etc/resolv.conf symlinked to /run/systemd/resolve/stub-resolv.conf
Legacy Mode (/etc/resolv.conf)
Traditional DNS management through direct /etc/resolv.conf file manipulation:
| Feature | Description |
|---|---|
| Direct File | /etc/resolv.conf is a regular file |
| System-Wide | All interfaces use same DNS |
| Simple | No additional services required |
| Universal | Works on any Linux system |
Advantages: - Simple and straightforward - No additional dependencies - Compatible with all systems - Direct control
Limitations: - No per-interface DNS - No built-in caching - Can conflict with systemd-resolved if active
Mode Detection and Switching
# Check current DNS mode
dns-switch status --json | jq '.dns_mode'
# The system automatically detects the mode based on:
# - Is systemd-resolved active?
# - Is /etc/resolv.conf a symlink?
# Switch to modern mode (enables and starts systemd-resolved)
sudo dns-switch mode-modern
# Switch to legacy mode (creates regular /etc/resolv.conf)
sudo dns-switch mode-legacy
# Check mode health and compatibility
dns-switch mode-status
Mode Migration:
When switching modes, DNS Switch automatically: - Backs up current configuration - Migrates existing DNS servers - Enables/disables systemd-resolved as needed - Verifies the new configuration - Provides rollback instructions if needed
Best Practice: Use Modern Mode if systemd-resolved is available on your system for better flexibility and features.
Understanding DNS Management
DNS Categories
DNS Switch organizes servers into multiple security levels:
# Switch to most secure, privacy-focused servers
sudo dns-switch switch --category reputable
# Use standard secure servers
sudo dns-switch switch --category normal
# Use encrypted DNS servers
sudo dns-switch switch --category encrypted
# Emergency fallback servers
sudo dns-switch fallback
Server Categories:
| Category | Description |
|---|---|
| Reputable | No-logs policy, DNSSEC support, proven privacy track record (Cloudflare, Quad9, AdGuard) |
| Normal | Good security, reasonable performance, some logging |
| Encrypted | DNSCrypt and DoH servers for encrypted queries |
| Fallback | Emergency servers when others fail |
| All | Mixed selection from all categories |
Advanced DNS Switching
# Switch by provider names
sudo dns-switch switch --names cloudflare
sudo dns-switch switch --names opendns
# Switch by IP addresses
sudo dns-switch switch --servers 1.1.1.1 9.9.9.9
# Verify servers work before applying
sudo dns-switch switch --names cloudflare --verify
# Random selection with options
sudo dns-switch random --type reputable --count 5
sudo dns-switch random --type reputable --verify
DNSCrypt for Encrypted DNS
DNSCrypt encrypts your DNS queries, preventing ISPs and attackers from seeing what websites you're visiting:
# Switch DNS to use DNSCrypt proxy
sudo dns-switch switch --names dnscrypt
# Enable DNSCrypt with specific resolver
sudo dns-switch dnscrypt-set --resolver cloudflare
# Check DNSCrypt status
dns-switch dnscrypt
# Restart DNSCrypt service
sudo dns-switch dnscrypt-restart
# Remove DNSCrypt (switches to reputable DNS automatically)
sudo dns-switch dnscrypt-remove
Pi-hole Integration
For network-wide ad blocking:
# Enable Pi-hole DNS filtering
sudo dns-switch pihole-enable
# Disable Pi-hole temporarily
sudo dns-switch pihole-disable
# Check Pi-hole status
dns-switch pihole
# Set Pi-hole admin password
sudo dns-switch pihole-password --password NewSecurePassword123
# Reset Pi-hole configuration
sudo dns-switch pihole-reset
Health Checking & Testing
# Check health of DNS servers by category
dns-switch health --type reputable
# Force fresh health check (bypass cache)
dns-switch health --type reputable --fresh
# Test for DNS poisoning
dns-switch test-poisoning
# Test for DNS hijacking
dns-switch test-hijacking
# Comprehensive DNS testing
dns-switch test-dns
# Test for DNS leaks
dns-leak test --json
dns-switch health --json
dns-switch status --json
Database Management
# Fetch latest DNS servers from remote sources
sudo dns-switch fetch
sudo dns-switch fetch --count 50
# List all available DNS servers
dns-switch list --category reputable
# Count servers by category
dns-switch count
# Clean duplicate entries
sudo dns-switch clean-duplicates
Backup & Recovery
# Create DNS configuration backup
sudo dns-switch backup
# Restore from backup
sudo dns-switch restore-backup
# Restore default DNS settings
sudo dns-switch restore-default
JSON Output and Return Codes
# All dns-switch commands support JSON output
sudo dns-switch status --json # JSON status output
sudo dns-switch health --json --type reputable # JSON health results
sudo dns-switch list --json # JSON server list
# Pretty-printed JSON for readability
sudo dns-switch status --json-pretty
# Parse JSON output with jq
sudo dns-switch status --json | jq '.current_dns'
sudo dns-switch health --json | jq '.health_score'
# Return codes (useful for scripts)
# 0 = Success
# 1 = General error
# 2 = Invalid arguments
# 3 = DNS operation failed
# 4 = Permission denied
Advanced Commands
For advanced users who need access to all available commands and options, please refer to the auto-generated command reference which includes:
| Feature | Description |
|---|---|
| Custom DNS configuration | Advanced DNS server configuration options |
| Scoring parameters | Algorithm parameters for DNS server scoring |
| Batch operations | Batch testing and management operations |
| Database maintenance | Commands for DNS database management |
| DNSCrypt options | Advanced DNSCrypt configuration |
| JSON formatting | JSON output formatting options |
| CLI reference | All command-line flags and parameters |
Security Notes
Important Security Practices:
| Practice | Description |
|---|---|
| Tor DNS Resolution | Use tor-switch for routing DNS through Tor network |
| Database Updates | Regularly update DNS database with fetch command |
| Leak Testing | Test for DNS leaks after VPN/Tor connection |
| Encryption | Use DNSCrypt when on untrusted networks |
| Verification | Verify DNS changes with status command |
| Security Testing | Check for poisoning/hijacking on suspicious networks |
| Backup Strategy | Backup configuration before major changes |
Performance
| Metric | Value |
|---|---|
| Switch Time | < 1 second |
| Memory Usage | ~25MB active, < 5MB idle |
| CPU Usage | < 5% during operations |
| Database Size | ~5MB for full server list |
| Health Check | 2-5 seconds per server |
Support
| Resource | Link |
|---|---|
| Website | digi77.com |
| Anonymity Verifier | kodachi.cloud |
| Discord Support | discord.gg/KEFErEx |
| GitHub | github.com/WMAL |