Jump to content

Public recursive name server

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Michaeldkfowler (talk | contribs) at 20:08, 12 December 2019 (Updated support for DNSSec). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:

  • speed, compared to using ISP DNS services[1]
  • filtering (security, ad-blocking, porn-blocking, etc.)[2]
  • reporting[3]
  • avoiding censorship[4]
  • redundancy (smart caching)[5]
  • access to unofficial alternative top level domains not found in the official DNS root zone
  • temporary unavailability of the ISP's name server

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

List of public DNS service operators

Provider Nodes Privacy policy DNS over UDP DNSSEC DNS over TLS DNS over HTTPS DNSCrypt Hostnames IPv4 addresses IPv6 addresses Filters Remarks
AdGuard DNS[6] 12[7] Yes[8] Yes Yes[9] Yes Yes[10] Yes[11] dns.adguard.com 176.103.130.130
176.103.130.131 		2a00:5a60::ad1:0ff
2a00:5a60::ad2:0ff 		Default[12] A free, privacy-oriented DNS resolution system that blocks tracking, ads and phishing.[13]
dns-family.adguard.com 176.103.130.132

176.103.130.134

2a00:5a60::bad1:0ff

2a00:5a60::bad2:0ff

Family[12]
CleanBrowsing[14] 20 Yes[15] Yes Yes Yes[16] Yes[17] Yes[18] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168 		2a0d:2a00:1::
2a0d:2a00:2:: 		Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11 		2a0d:2a00:1::1
2a0d:2a00:2::1 		Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9 		2a0d:2a00:1::2
2a0d:2a00:2::2 		Security
Cloudflare 1.1.1.1[19] 194[20] Yes[21] Yes Yes[22] Yes[23] Yes[24] No one.one.one.one[25]
1dot1dot1dot1.cloudflare-dns.com 		1.1.1.1
1.0.0.1 		2606:4700:4700::1111
2606:4700:4700::1001 		None
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400 		None Intended to be used with IPv6-only network.[26] See NAT64 and DNS64.
Comodo Secure DNS[27] No Yes Yes No No Yes ns1.recursive.dnsbycomodo.com
ns2.recursive.dnsbycomodo.com 		8.26.56.26
8.20.247.20
CZ.NIC ODVR[28] Yes Yes Yes Yes Yes No odvr.nic.cz [29] 193.17.47.1
185.43.135.1 		2001:148f:ffff::1
2001:148f:fffe::1 		Security (Rebinding protection) Servers are located in Prague
Digitale Gesellschaft Schweiz [30] 2 Yes[31] No Yes Yes Yes No dns.digitale-gesellschaft.ch 185.95.218.42
185.95.218.43 		2a05:fc84::42
2a05:fc84::43 		None Servers are located in Switzerland
dnscrypt.ca[32] Yes[33] No Yes No Yes Yes dns1.dnscrypt.ca
dns2.dnscrypt.ca 		192.99.183.132
149.56.228.45 		2607:5300:60:4aa8::600
2607:5300:120:b9b::200 		None Servers located in Beauharnois, Quebec. No query logs.
Dyn DNS[34] Yes[35] Yes Yes No No No resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com 		216.146.35.35
216.146.36.36 		Shut down on May 31, 2020
DNS.SB Yes Yes Yes Yes Yes No public-dns-a.dns.sb

public-dns-b.dns.sb

185.222.222.222

185.184.222.222

2a09::

2a09::1

None Planned provider for Chromium 78 DOH experiments [36].
DNS.WATCH[37] No Yes Yes No No No resolver1.dns.watch
resolver2.dns.watch 		84.200.69.80
84.200.70.40 		2001:1608:10:25::1c04:b12f
2001:1608:10:25::9249:d69b 		None
Freenom World[38] Yes Yes Yes No No Yes 80.80.80.80
80.80.81.81 		None present in each global region
Google Public DNS[39] 23[40] Yes[41] Yes Yes Yes Yes[42] No dns.google[43]
google-public-dns-a.google.com
google-public-dns-b.google.com 		8.8.8.8
8.8.4.4 		2001:4860:4860::8888
2001:4860:4860::8844 		None
2001:4860:4860::6464
2001:4860:4860::64 		None Intended to be used on networks with NAT64 gateway.[44]
Neustar DNS Advantage[45] Yes[46] Yes Yes No No No 156.154.70.1
156.154.71.1 		2610:a1:1018::1
2610:a1:1019::1 		None
156.154.70.2
156.154.71.2 		2610:a1:1018::2
2610:a1:1019::2 		Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3 		2610:a1:1018::3
2610:a1:1019::3 		Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4 		2610:a1:1018::4
2610:a1:1019::4 		Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5 		2610:a1:1018::5
2610:a1:1019::5 		None Will not redirect non-existent domains to a landing page
NextDNS[47] 20 Yes[48] Yes Yes Yes Yes No dns1.nextdns.io

dns2.nextdns.io

45.90.28.0

45.90.30.0

2a07:a8c0::1

2a07:a8c1::1

Configurable User can create configurations to customize blocklist (malware, tracker/adblock, parental control etc.) and other features like ECS, logging level etc.
Norton ConnectSafe[49] Yes[50] Yes No No No No 199.85.126.10
199.85.127.10 		Security (malware, phishing sites and scam sites) Shut down on November 15, 2018[51]
199.85.126.20
199.85.127.20 		Security and pornography
199.85.126.30
199.85.127.30 		Family-friendly: security, pornography and other objectionable content
OpenDNS[52] 31[53] Yes[54] Yes No No Yes[55] Yes[56] resolver1.opendns.com
resolver2.opendns.com 		208.67.222.222
208.67.220.220 		2620:119:35::35
2620:119:53::53 		Basic Security filtering + user defined policies
resolver1-fs.opendns.com
resolver2-fs.opendns.com 		208.67.222.123
208.67.220.123 		"FamilyShield": adult content
resolver1.ipv6-sandbox.opendns.com
resolver2.ipv6-sandbox.opendns.com 		2620:0:ccc::2
2620:0:ccd::2 		None Sandbox addresses which provide no filtering
OpenNIC[57] Yes[58] Yes Yes No No Partial[59] Several [60] 185.121.177.177
169.239.202.202 		2a05:dfc7:5::53
2a05:dfc7:5::5353 		List of all OpenNIC Tier 2 DNS Resolvers
Quad9[61] 137[62] Yes[63] Yes Yes[64] Yes[65] Yes[66] Yes[67] dns.quad9.net
rpz-public-resolver1.rrdns.pch.net 		9.9.9.9
149.112.112.112 		2620:fe::fe
2620:fe::9 		Malicious domains (phishing, malware, exploit kit domains)
No[68] dns-nosec.quad9.net 9.9.9.10
149.112.112.10 		2620:fe::10
2620:fe::fe:10 		None
SafeDNS[69] Yes Yes Yes No No No dns1.safedns.com
dns2.safedns.com 		195.46.39.39
195.46.39.40 		Malicious, phishing domains + user defined policies
UncensoredDNS[70] No Yes Yes Yes[71] No No anycast.censurfridns.dk
unicast.censurfridns.dk 		91.239.100.100
89.233.43.71 		2001:67c:28a4::
2a01:3a0:53:53:: 		None Hosted in Denmark, servers listen to ports 53 and 5353
VeriSign Public DNS[72] Yes[73] Yes Yes[74] No No No recpubns1.nstld.net
recpubns2.nstld.net 		64.6.64.6
64.6.65.6 		2620:74:1b::1:1
2620:74:1c::2:2 		None
Yandex.DNS[75] Yes[76] Yes No No No Yes dns.yandex.ru
secondary.dns.yandex.ru 		77.88.8.1
77.88.8.8 		2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff 		None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru 		77.88.8.2
77.88.8.88 		2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad 		"Safe": fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru 		77.88.8.3
77.88.8.7 		2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11 		"Family": fraudulent / infected / bot / adult sites

References

  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. ^ Brinkmann, Martin (2018-12-31). "A look at AdGuard DNS". Ghacks Technology News. Retrieved 2019-08-02.
  7. ^ AdGuard DNS servers map
  8. ^ AdGuard DNS Privacy Notice
  9. ^ AdGuard DNS FAQ: What is DNSSEC?
  10. ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  11. ^ Adguard DNS now supports DNSCrypt
  12. ^ a b AdGuard DNS Setup guide
  13. ^ "AdGuard DNS FAQ: What is AdGuard DNS?". adguard.com. Retrieved 2019-08-12.
  14. ^ "IPv4 and IPv6 Anycast DNS Firewall and Resolver".
  15. ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  16. ^ "Parental Control with DNS over TLS Support".
  17. ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  18. ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  19. ^ "1.1.1.1 — the Internet's Fastest, Privacy-First DNS Resolver".
  20. ^ Cloudflare: Our Anycast Network Map
  21. ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  22. ^ "The Nitty Gritty - Cloudflare Resolver".
  23. ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  24. ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  25. ^ "Test DNS owner one.one.one.one". 2018-08-21.
  26. ^ Supporting IPv6-only Networks
  27. ^ Comodo Secure DNS, Managed DNS Service, Secure DNS Provider
  28. ^ CZ.NIC Open DNSSEC Validating Resolvers
  29. ^ "CZ.NIC - Otevřené DNSSEC Validující Resolvery".
  30. ^ Öffentliche DNS-over-TLS- und HTTPS-DNS-Resolver
  31. ^ "Digitale Gesellschaft Schweiz: DNS Privacy Notice".
  32. ^ dnscrypt.ca
  33. ^ "dnscrypt.ca: Privacy Policy".
  34. ^ "Surf faster with Dyn's Recursive DNS". dyn.com. Retrieved 2018-12-31.
  35. ^ "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
  36. ^ "Chromium DNS over HTTPS". Retrieved 2019-09-11.
  37. ^ "DNS.WATCH". dns.watch. Retrieved 2019-01-16.
  38. ^ Freenom World
  39. ^ Google Public DNS
  40. ^ Google Public DNS: Where are your servers currently located?
  41. ^ Google Public DNS: Your Privacy
  42. ^ Google Public DNS: DNS-over-HTTPS
  43. ^ "Get Started | Public DNS".
  44. ^ Google Public DNS64
  45. ^ "Recursive DNS on the Global Anycast Network | Neustar". security.neustar. Retrieved 2018-10-24.
  46. ^ "Privacy Policy | Neustar". home.neustar.
  47. ^ NextDNS
  48. ^ "Privacy Policy ― NextDNS". nextdns.io. Retrieved 2019-09-08.
  49. ^ Norton ConnectSafe
  50. ^ Norton ConnectSafe Privacy Notice
  51. ^ "Norton ConnectSafe". connectsafe.norton.com. Retrieved 2018-12-31.
  52. ^ Cloud Delivered Enterprise Security by OpenDNS
  53. ^ OpenDNS: Data Center Locations
  54. ^ Cisco Online Privacy Statement
  55. ^ [1]
  56. ^ OpenDNS and DNSCrypt
  57. ^ OpenNIC Project
  58. ^ OpenNIC: Privacy Policy
  59. ^ OpenNIC: DNSCrypt
  60. ^ OpenNIC Tier 2 DNS Resolvers
  61. ^ Quad9 DNS: Internet Security and Privacy in a Few Easy Steps
  62. ^ Quad9’s Year One Success Shows There is a DNS Solution that Provides Both Privacy and Security
  63. ^ Quad9: Privacy, Data Collection and Use Policy
  64. ^ Quad9 FAQ: Does Quad9 implement DNSSEC?
  65. ^ Quad9 Frequently Asked Questions
  66. ^ DoH with Quad9 DNS Servers
  67. ^ Quad9 DNSCrypt Now In Testing
  68. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  69. ^ SafeDNS
  70. ^ UncensoredDNS
  71. ^ DNS over TLS Pubkey Pinning Info for unicast.uncensoreddns.org
  72. ^ Verisign Public DNS
  73. ^ Verisign Public DNS Terms of Service
  74. ^ Verisign Public DNS Forum: employee post
  75. ^ Yandex.DNS
  76. ^ Terms of use of the Yandex.DNS service
Retrieved from "https://en.wikipedia.org/w/index.php?title=Public_recursive_name_server&oldid=930481978"