SecDNS
Protective DNS · DoH/DoT · Blocklists · Optional zone hosting

Secure DNS that blocks threats beforethey reach you

SecDNS filters malware, phishing, ads, and trackers at the resolver. Per-device profiles, encrypted DNS, and enterprise-grade control on a globally distributed protective DNS network.

Get Protected DNSView PlansFeatures
Malware · Phishing · Ads

Threat categories

DoH · DoT · UDP/53

Protocols

Global edge · Recursive · Authoritative

Architecture

One platform, three capabilities

Protect

Recursive filtering

Encrypted DoH/DoT edges, in-region recursive resolvers, RPZ blocklists, DNSSEC validation, and per-profile policies.

Learn more →

Host

Authoritative DNS

Coming soon

Managed authoritative DNS with primary/secondary NS, AXFR/IXFR replication, and optional DNSSEC signing for your zones.

Audit

DNS Security Audit

25+ configuration checks—SPF, DMARC, DNSSEC, AXFR exposure—with compliance mapping. Available under Tools.

Learn more →

Built for privacy-first protective DNS

Block threats at the resolver, manage devices and profiles, and keep logs under your control.

Blocklists & RPZ

Merged threat feeds with local allow/deny overrides per profile.

Device profiles

Assign policies per phone, laptop, or network with unique DoH endpoints.

Encrypted DNS

DNS-over-HTTPS and DNS-over-TLS at the edge with per-profile rate limiting.

Privacy controls

IP anonymization, configurable retention, and optional no-log mode.

Soon

Family & safe browsing

Adult, gambling, and SafeSearch enforcement—rolling out on roadmap.

Org & SSO

Teams, RBAC, audit log, and Enterprise SSO already in the SaaS control plane.

How traffic flows

  1. 1.Client (browser, phone, router) → SecDNS edge (DoH/DoT/UDP)
  2. 2.Filtered queries → SecDNS recursive resolver (RPZ + cache) → upstream
  3. 3.Your zones → SecDNS authoritative DNS (when enabled)
  4. 4.Control plane: SaaS dashboard, API, and global blocklist sync

Get started in three steps

  1. 1Create an account and pick a plan.
  2. 2Create a DNS profile and register devices—get your personal DoH/DoT endpoint.
  3. 3Point Private DNS or your router to SecDNS and monitor blocks in the dashboard.
Pricing

Scales with your team

14-day unconditional money-back guarantee. DoH, DoT and DoQ ship in every plan.

Best for households

Family

$4.08 /mo

Per-room profiles, parental controls, SafeSearch.

  • 10 profiles · per-room policies
  • SafeSearch & YouTube restricted
  • Time-based parental rules
See full plan
Most popular

Business

$5 /seat/mo

SAML SSO + SCIM provisioning for growing teams.

  • Everything in Team
  • SAML 2.0 SSO · SCIM 2.0
  • Webhooks · scheduled reports
See full plan

Enterprise

Custom

Anycast SLA, dedicated PoPs, white-glove onboarding.

  • Dedicated Anycast PoPs
  • 99.99% SLA · custom retention
  • Unlimited zones / devices
See full plan
Compare every feature →

Need a configuration audit?

Run DNS Security Audit from Tools—SPF, DMARC, dangling CNAMEs, and more—from your SecDNS dashboard.

Open DNS Security Audit

Ready for protective DNS?

Start free, upgrade when you need more profiles, zones, or compliance features.

Create accountTalk to sales