Documentation - Settings

Back to Documentation


Settings apply globally to the Refract DNS application and can be configured on the Setting screen. Any changes to the settings are applied to the Refract DNS Windows Service when they are saved without requiring a restart of the Windows Service.


The following can be configured:

  • Upsteam DNS - The IP of the DNS servers that will be queried if Refract DNS cannot handle the query itself.

    By default Refract DNS will be set to automatically detect the upstream DNS server (UDP/TCP). This is the server determined by Windows when the computer connects to a network. It is not possible to automatically detect the Upstream DNS server for DNS over HTTPs.

    The upstream DNS server can be overridden by turning off "Automatically Detect Upstream DNS". This will reveal additional input boxes which can be used to configure the upstream DNS servers to use.

    By default Google's Public DNS is used which has IP and

    DNS servers are queried based on the order they appear in the list. If Refract DNS does not receive a response from a DNS server within the required time limit it queries the next DNS server in the list. The order of the DNS servers is very important and should go from most local to global.

    If your company has an internal DNS server(s) you should add it to the start of this list.

    If you are unsure about the IP of your current upsteam DNS server you can click the Find button next to an active Network Interface. This will find the DNS server using the normal method use by Windows.

  • IPV4 Blacklist Endpoint - the value returned for Blacklisted A Records. The default value is
  • IPV6 Blacklist Endpoint - the value returned for Blacklisted AAAA Records. The default value is ::.
  • Network Interfaces - a list of network interfaces that are available on the current computer.

    You can either decide to let Refract DNS automatically override your network interfaces or configure which interfaces will be overridden manually.

    Automatic override - Refract DNS will automatically override any active Network Interface. If the active Network Interface changes Refract DNS will automatically update to override the new interface. This option is suitable for most users.

    Manual override - To manually configure the network interfaces disable automatic mode. You will then see a set of toggles next to each network interface. Use the toggle next to each interface to indicate if the network interface should use the Refract DNS Windows Service . The interface that is currently active, i.e. connected to a network, will be indicated by the text (Active). If an interface that isn't overridden becomes active then Refract DNS will no longer be able to intercept DNS requests.

DNS Over Https

  • Use DNS over HTTPs - Redirect UDP/TCP DNS requests to HTTPs DNS requests. For more information see the blog post DNS over HTTPs.

    When enabled UDP/TCP DNS requests to Refract DNS that need to be answered by querying an upstream DNS server will use DNS over HTTPs.

    Domains that are marked as "Exclude from DNS over HTTPs" (see Domains) will always use UDP/TCP for upstream DNS checks.

  • Fallback to UDP/TCP

    When Refract DNS cannot make a HTTPs request to an upstream DNS server it will fallback to making a request over UDP/TCP. A DNS over HTTPs request may fail for several reasons, e.g. endpoint unavailable, invalid HTTPs certificate on endpoint, request causes an exception.

    When unchecked Refract DNS will not use UDP/TCP (except for domains marked as "Exclude from DNS over HTTPs") when DNS over HTTPs fails.

  • HTTPs DNS Endpoints

    List of DNS over HTTPs endpoints to query.

    By default both Google's and CloudFlare's HTTPs DNS endpoints are listed. These can be removed and additional endpoints added as required.

Back to Documentation


Remove the frustration of the Windows hosts file and take control of your DNS.

Our Contacts

The Guild Hub, High Street
Bath BA1 5EB