DoH Target URL
DOH-ONLY RESOLUTION
EDGE CLUSTER STATUS: HEALTHY
RACING: 8-WAY PARALLEL
Autonomous Resolver Logic • High Availability Network
EDGE CLUSTER STATUS: HEALTHY
RACING: 8-WAY PARALLEL
Browser-based DoH is currently the gold standard for stability. Configuring your specific browser ensures that even if local system policies or DPI attempt to block standard DNS, your web queries stay encrypted, invisible to ISP sniffers, and unaffected by global OS firewall conflicts.
Visit Settings > Security & Privacy. Search for "Secure DNS". Set to "Custom" and input the DOH URL above. Note: This service is specifically for DoH (HTTPS) and does not support port 53 / 853 DOT connections.
Head to Settings > Privacy > DNS over HTTPS. Under "Increased Protection", choose "Custom" and add our Gateway Endpoint. It works best when combined with ECH settings (network.dns.echconfig.enabled).
System-wide DOH encryption on iPhones requires a MobileConfig profile. Downloading this profile integrates our DOH resolving as a Managed DNS Provider within your device settings.
Provision Device ProfileSince Cloudflare Workers cannot serve as a DOT (Port 853) hostname, Native Private DNS in Android Settings will not accept this link directly. Instead, you MUST use one of these trusted DOH-relay apps:
Go to Network Configuration -> Choose DOH. Clear default list and paste the Secure Endpoint. This handles full app-traffic resolution.
Designed purely for DoH bypass. Enter our gateway link in 'Settings > Custom DNS'. This works flawlessly as a standalone bypass tool.
Outbound Object Mapping (Xray-Core / Sing-box / Surfboard)
"dns": {
"servers": [
{
"address": "https://nima.nikmahzar.ir/dns-query",
"skipFallback": true
},
"https://8.8.8.8/dns-query",
"https://1.1.1.1/dns-query"
],
"queryStrategy": "UseIPv4",
"tag": "dns_external"
}