Public DNS resolver

Provide data security, confidentiality and protection for DNS requests by means of neutral and recursive resolvers that validate the responses obtained by using DNSSEC technology

Info! On 14 and 21 March 2024, between 7 a.m. and 4 p.m., Restena replaces its servers and This will not cause service unavailability for research and education institutions having configured both servers on their network. Thanks to the new servers, Restena's DNS resolvers will be accessible via DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). To benefit from this, the X.509 certificate signature (SPKI pin) for resolvers has to be implemented. ➔ Read more


In order to access online content or services using a domain name, it is necessary to obtain (or to "resolve") certain information about this domain. This task is assigned to a "recursive resolver" which navigates the domain name system (DNS) to retrieve the data.

Without a reliable and high-performance resolver, it is impossible to quickly display the one hundred or so elements that make up a modern web page, or to send an email to an address at a given domain.

But to browse the internet with total confidence, to avoid coming across a pirate website that might have usurped the identity of the site that we are trying to find, and to avoid having certain content censored, it is essential to use a "validating" and "neutral" recursive resolver. ("Validating" means that it ensures the authenticity of the information obtained during the DNS resolution; "neutral" means that the resolver itself does not lie about the information transmitted).


Via its various connected establishments, the Restena Foundation provides the users of its community with two neutral and recursive resolvers that validate the responses obtained by using DNSSEC (domain name system security extensions) technology. More often than not, these resolvers are configured automatically by the dynamic host configuration protocol (DHCP) during connection to the institution's network, at the same time as the IP address and other parameters. Since January 2019, these resolvers have also used the DNS-over-TLS communication protocol, which enciphers DNS communications in order to offer security and confidentiality for requests from users from institutions in the research, education, culture, health and administration sectors in Luxembourg.

In addition, as part of its objective to contribute to a neutral, open, reliable and decentralised internet, the Restena Foundation officially offers a recursive resolver that is open to the general public and focuses on data security and protection. In addition to validation by DNSSEC, it is accessible solely by using DNS-over-TLS and DNS-over-HTTPS, two technologies that encipher DNS communications between client and server.

More information is available at the DNS Privacy Project website


Validation of the authenticity of obtained data by DNSSEC technology when the latter is activated for queried domain names

Guaranteed neutrality, as the resolver does not deliberately modify the collected information before transmitting it in response

Respect for privacy, as the information collected for the resolution of a request is limited to the minimum necessary for the technical functioning of the service, and it is neither transmitted to third parties nor monetised.

More details on the service

Who can benefit?

Connected establishments, general public

How to benefit?

Manual configuration of the server is required either at system level (for DNS-over-TLS) or at browser level (for DNS-over-HTTPS). For more information, consult our documentation 'Configuring your server for the public DNS resolver'

Assistance and support


Other services that might be of interest to you


Domain names in 1 and 2 characters

Registering a domain name with one or two characters becomes possible.


Registry Lock

Locking and authenticating your domain name.