Jump to content

Public recursive name server: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
Mr. TTG (talk | contribs)
174 edits
 
(510 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
{{short description|Name resolver service for the Domain Name System}}
A '''public recursive name server''' is a [[name server]] that devices may use for Internet directory services in place of or in addition to name servers belonging to the [[Internet service provider]]<nowiki/>s to which the devices are connected. Reasons for using an alternative include:
A '''public recursive name server''' (also called '''public DNS resolver''') is a [[name server]] service that networked computers may use to query the [[Domain Name System]] (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local [[Internet service provider]] (ISP) to which the devices are connected. Reasons for using these services include:
* speed<ref>{{Cite news|url=http://www.techworm.net/2016/08/change-default-dns-google-dns-fast-internet-speeds.html|title=How to Change Your Default DNS to Google DNS for Fast Internet Speeds|date=2016-08-20|newspaper=TechWorm|language=en-US|access-date=2016-10-22}}</ref>
* filtering (security, ad-bloking, porn-blocking, etc)<ref>{{Cite news|url=http://www.itbusiness.ca/news/a-simple-way-to-get-around-rogers-dns-re-directing/12025|title=A simple way to get around Rogers’ DNS re-directing|newspaper=IT Business|access-date=2016-10-22}}</ref>
* reporting<ref>{{Cite web|url=http://mspmentor.net/managed-services/110415/opendns-adds-centralized-reporting-ip-layer-enforcement-umbrella|title=OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella|website=mspmentor.net|access-date=2016-10-22}}</ref>
* avoiding censorship<ref>{{Cite news|url=https://torrentfreak.com/austrian-pirate-bay-blockade-censors-slovak-internet-accidentally-151203/|title=Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak|date=2015-12-03|newspaper=TorrentFreak|language=en-US|access-date=2016-10-22}}</ref>
* redundancy (smart caching)<ref>{{Cite web|url=http://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack/|title=DNS devastation: Top websites whacked offline as Dyn dies again|last=Security|last2=Iana|access-date=2016-10-22|last3=Icann|last4=Fcc|last5=Google|last6=again|first6=DNS devastation: Top websites whacked offline as Dyn dies|last7=dates|first7=Coming soon to smart home devices? Best Before labels-with patch cut-off|last8=IoT insecurity: US govt summons tech bosses|first8=bashes heads together}}</ref>


* speed, compared to using ISP DNS services<ref>{{Cite news|url=http://www.techworm.net/2016/08/change-default-dns-google-dns-fast-internet-speeds.html|title=How to Change Your Default DNS to Google DNS for Fast Internet Speeds|date=2016-08-20|newspaper=TechWorm|language=en-US|access-date=2016-10-22}}</ref>
Popular options include;
* filtering (security, [[Ad blocking|ad-blocking]], [[Internet filter|porn-blocking]], etc.)<ref>{{Cite news|url=http://www.itbusiness.ca/news/a-simple-way-to-get-around-rogers-dns-re-directing/12025|title=A simple way to get around Rogers' DNS re-directing|newspaper=IT Business|access-date=2016-10-22}}</ref>
* reporting<ref>{{cite web|url=http://mspmentor.net/managed-services/110415/opendns-adds-centralized-reporting-ip-layer-enforcement-umbrella|title=OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella|website=mspmentor.net|access-date=2016-10-22|archive-url=https://web.archive.org/web/20161022224758/http://mspmentor.net/managed-services/110415/opendns-adds-centralized-reporting-ip-layer-enforcement-umbrella|archive-date=2016-10-22|url-status=dead}}</ref>
* avoiding [[Internet censorship|censorship]]<ref>{{Cite news|url=https://torrentfreak.com/austrian-pirate-bay-blockade-censors-slovak-internet-accidentally-151203/|title=Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak|date=2015-12-03|newspaper=TorrentFreak|language=en-US|access-date=2016-10-22}}</ref>
* redundancy (smart caching)<ref>{{cite web|url=https://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack/|title=DNS devastation: Top websites whacked offline as Dyn dies again|last1=Security|last2=Iana|website=The Register|access-date=2016-10-22}}</ref>
* access to unofficial [[alternative top level domain]]s not found in the official [[DNS root zone]]
*temporary unavailability of the ISP's name server


Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Most services now support secure DNS lookup transport services such as [[DNS over TLS]] (DoT), [[DNS over HTTPS]] (DoH) and [[DNS over QUIC]] (DoQ).
{| class="wikitable sortable"
! Provider
! IPs
! Alexa Traffic Rank
! Blocking
! Features


Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

== Notable public DNS service operators ==
{{sticky header}}{{sort under}}
{{mw-datatable}}
{| class="sortable wikitable mw-datatable sticky-header sort-under" style="font-size: 85%; text-align: center;"
|-
! Provider
! [[Privacy policy]]
! [[Domain Name System#DNS over UDP/TCP/53 (Do53)|DNS over UDP/TCP (Do53)]]
! [[Domain Name System Security Extensions|DNSSEC]]
! [[DNS over TLS|DNS over TLS (DoT)]]
! [[DNS over HTTPS|DNS over HTTPS (DoH)]]
! [[DNS over QUIC|DNS over QUIC (DoQ)]]
![[Extension Mechanisms for DNS#EDNS Padding|EDNS Padding]]
! [[DNSCrypt|DNSCrypt]]
! Hostname
! [[Internet Protocol version 4|IPv4]] addresses
! [[Internet Protocol version 6|IPv6]] addresses
! Filters
! Remarks
|-
! rowspan="3" |[[AdGuard#Products|AdGuard]]
| rowspan="3" ! {{yes}}<ref>[https://adguard.com/en/privacy/dns.html AdGuard DNS Privacy Notice]</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref>[https://adguard.com/en/adguard-dns/overview.html AdGuard DNS FAQ: What is DNSSEC?]</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref name=":10">[https://adguard.com/en/blog/adguard-dns-announcement.html The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS]</ref>
| rowspan="3" ! {{yes}}<ref>[https://adguard.com/en/blog/dns-over-quic.html AdGuard DNS-over-QUIC]</ref>
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}<ref>[https://adguard.com/en/blog/adguard-dns-now-supports-dnscrypt.html Adguard DNS now supports DNSCrypt]</ref>
| dns.adguard-dns.com<ref name=":11" />
| {{IPaddr|94.140.14.14}}<br />{{IPaddr|94.140.15.15}}
| {{IPaddr|2a10:50c0::ad1:ff}}<br />{{IPaddr|2a10:50c0::ad2:ff}}
| Default: ads and trackers<ref name=":11">[https://adguard-dns.io/en/public-dns.html AdGuard DNS Setup guide]</ref>
|
|-
| family.adguard-dns.com
| {{IPaddr|94.140.14.15}}<br />{{IPaddr|94.140.15.16}}
| {{IPaddr|2a10:50c0::bad1:ff}}<br />{{IPaddr|2a10:50c0::bad2:ff}}
| Family: ads, trackers, and adult content<ref name=":11"/>
|
|-
| unfiltered.adguard-dns.com
|{{IPaddr|94.140.14.140}}<br />{{IPaddr|94.140.14.141}}
|{{IPaddr|2a10:50c0::1:ff}}<br />{{IPaddr|2a10:50c0::2:ff}}
| None<ref name=":11"/>
|
|-
! [[Alibaba Group|Alibaba]]
| {{dunno}}
|! {{yes}}
| {{dunno}}
|! {{yes}}
|! {{yes}}
|! {{no}}
| {{dunno}}
|! {{no}}
|dns.alidns.com
|223.5.5.5
223.6.6.6
|2400:3200::1
2400:3200:baba::1
| {{dunno}}
|Chinese regulations
|-
! rowspan="3" | [[CleanBrowsing]]
| rowspan="3" ! {{yes}}<ref name="cbpp">{{cite web|author=NOC.org / dcid |url=https://cleanbrowsing.org/privacy |title=CleanBrowsing Privacy and Terms of Service |publisher=Cleanbrowsing.org |date= |accessdate=2019-01-04}}</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref name="cbdot">{{cite web | url=https://cleanbrowsing.org/dnsovertls | title=Parental Control with DNS over TLS Support}}</ref>
| rowspan="3" ! {{yes}}<ref name="cbdoh">{{cite web|author=NOC.org / dcid |url=https://cleanbrowsing.org/dnsoverhttps |title=Parental Control with DNS Over HTTPS (DoH) Support |publisher=Cleanbrowsing.org |date= |accessdate=2019-01-04}}</ref>
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref name="cbdcr">{{cite web|author=NOC.org / dcid |url=https://cleanbrowsing.org/dnscrypt |title=Parental Control with DNSCrypt Support |publisher=Cleanbrowsing.org |date= |accessdate=2019-01-04}}</ref>
| family-filter-dns.cleanbrowsing.org
| {{IPaddr|185.228.168.168}}<br />{{IPaddr|185.228.169.168}}
| {{IPaddr|2a0d:2a00:1::}}<br />{{IPaddr|2a0d:2a00:2::}}
| Family
| Designed to be used on devices of kids under 13.
|-
|-
| adult-filter-dns.cleanbrowsing.org
! {{rh}} | [[Google Public DNS|Google]]
| {{IPaddr|185.228.168.10}}<br />{{IPaddr|185.228.169.11}}
| 8.8.8.8 8.8.4.4
| {{IPaddr|2a0d:2a00:1::1}}<br />{{IPaddr|2a0d:2a00:2::1}}
| {{sort|000001|1}}<ref>[http://www.alexa.com/siteinfo/google.com Google] at Alexa</ref>
| no
| Adult
|
|
|-
|-
| security-filter-dns.cleanbrowsing.org
! {{rh}} | [[Yandex]]
| {{IPaddr|185.228.168.9}}<br />{{IPaddr|185.228.169.9}}
| 77.88.8.8 77.88.8.1
| {{IPaddr|2a0d:2a00:1::2}}<br />{{IPaddr|2a0d:2a00:2::2}}
| {{sort|001265|1265}}<ref>[http://www.alexa.com/siteinfo/Yandex.com Yandex] at Alexa</ref>
| Security
| optional virus or adult
|
|-
! rowspan="4" | [[1.1.1.1|Cloudflare]]
| rowspan="4" ! {{yes}}<ref>{{cite web|url=https://www.cloudflare.com/privacypolicy/ |title=Privacy Policy |publisher=Cloudflare |date= |accessdate=2019-01-04}}</ref>
| rowspan="4" ! {{yes}}
| rowspan="4" ! {{yes}}<ref>{{cite web | url=https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/#dnssec | title=The Nitty Gritty - Cloudflare Resolver| date=24 January 2023}}</ref>
| rowspan="4" ! {{yes}}<ref>{{cite web|author=Cloudflare Inc |url=https://developers.cloudflare.com/1.1.1.1/dns-over-tls/ |title=DNS over TLS - Cloudflare Resolver |publisher=Developers.cloudflare.com |date=2018-03-31 |accessdate=2019-01-04}}</ref>
| rowspan="4" ! {{yes}}<ref>{{cite web|author=Cloudflare Inc |url=https://developers.cloudflare.com/1.1.1.1/dns-over-https/ |title=DNS over HTTPS - Cloudflare Resolver |publisher=Developers.cloudflare.com |date= |accessdate=2019-01-04}}</ref>
| rowspan="4" ! {{no}}<ref>{{cite web|url=https://community.cloudflare.com/t/dns-over-quic-doq/415627|title=DNS over QUIC (DoQ)|publisher=Cloudflare Community|accessdate=2022-09-12}}</ref>
| rowspan="4" ! {{yes}}
| rowspan="4" ! {{no}}
| one.one.one.one<ref>{{cite web|url=https://community.cloudflare.com/t/test-dns-owner-one-one-one-one/29970/4|title=Test DNS owner one.one.one.one|date=2018-08-21}}</ref><br/ >1dot1dot1dot1.cloudflare-dns.com
| {{IPaddr|1.1.1.1}}<br />{{IPaddr|1.0.0.1}}
| {{IPaddr|2606:4700:4700::1111}}<br />{{IPaddr|2606:4700:4700::1001}}
| None
|
|
|-
|-
| security.cloudflare-dns.com
! {{rh}} | [[OpenDNS]]
| {{IPaddr|1.1.1.2}}<br />{{IPaddr|1.0.0.2}}
| 208.67.222.222 208.67.220.220
| {{IPaddr|2606:4700:4700::1112}}<br />{{IPaddr|2606:4700:4700::1002}}
| {{sort|003421|3421}}<ref>[http://www.alexa.com/siteinfo/opendns.com OpenDNS] at Alexa</ref>
| Malware, Phishing
| optionally customizable
|
| reporting
|-

| family.cloudflare-dns.com
| {{IPaddr|1.1.1.3}}<br />{{IPaddr|1.0.0.3}}
| {{IPaddr|2606:4700:4700::1113}}<br />{{IPaddr|2606:4700:4700::1003}}
| Malware, Phishing,<br />Adult content
|
|-
| dns64.cloudflare-dns.com
|{{n/a}}
| {{IPaddr|2606:4700:4700::64}}<br />{{IPaddr|2606:4700:4700::6400}}
| None
| Intended to be IPv6-only.<ref>{{Cite web |url=https://developers.cloudflare.com/1.1.1.1/support-nat64/ |title=Supporting IPv6-only Networks |access-date=2019-01-20 |archive-date=2020-12-09 |archive-url=https://web.archive.org/web/20201209005501/https://developers.cloudflare.com/1.1.1.1/support-nat64 |url-status=dead }}</ref> See [[NAT64]] and [[DNS64]].
|-
! rowspan="2" | [[Google Public DNS|Google]]
| rowspan="2" ! {{yes}}<ref name="googleprivacy">[https://developers.google.com/speed/public-dns/privacy Google Public DNS: Your Privacy]</ref>
| rowspan="2" ! {{yes}}
| rowspan="2" ! {{yes}}
| rowspan="2" ! {{yes}}
| rowspan="2" ! {{yes}}<ref>[https://developers.google.com/speed/public-dns/docs/dns-over-https Google Public DNS: DNS-over-HTTPS]</ref>
| rowspan="2" ! {{no}}
| rowspan="2" ! {{yes}}
| rowspan="2" ! {{no}}
| dns.google<ref>{{cite web|url=https://developers.google.com/speed/public-dns/docs/using|title=Get Started &#124; Public DNS}}</ref>
| {{IPaddr|8.8.8.8}}<br />{{IPaddr|8.8.4.4}}
| {{IPaddr|2001:4860:4860::8888}}<br />{{IPaddr|2001:4860:4860::8844}}
| None
|
|-
| dns64.dns.google
|{{n/a}}
| {{IPaddr|2001:4860:4860::6464}}<br />{{IPaddr|2001:4860:4860::64}}
| None
| Intended for networks with NAT64 gateway.<ref>[https://developers.google.com/speed/public-dns/docs/dns64 Google Public DNS64]</ref>
|-
! | [[Gcore|Gcore]]
| ! {{yes}}<ref name="gcoreprivacy">{{cite web | url=https://gcore.com/legal?tab=privacy_policy | title=Legal Information on Gcore Services }}</ref>
| ! {{yes}}
| ! {{yes}}
| ! {{no}}
| ! {{no}}
| ! {{no}}
| ! {{no}}
| ! {{no}}
| {{n/a}}
| {{IPaddr|95.85.95.85}}<br />{{IPaddr|2.56.220.2}}
| {{IPaddr|2a03:90c0:999d::1}}<br />{{IPaddr|2a03:90c0:9992::1}}
| None
|
|-
! rowspan="5" |[[Mullvad]]
| rowspan="5" {{no|Only for VPN service available}}<ref>{{Cite web |title=Privacy policy - Guides |url=https://mullvad.net/en/help/privacy-policy/ |access-date=2023-08-27 |website=Mullvad VPN |language=en}}</ref>
| rowspan="5" {{no}}<ref name="mullvad" />
| rowspan="5" {{yes}}
| rowspan="5" {{yes}}<ref name="mullvad" />
| rowspan="5" {{yes}}<ref name="mullvad" />
| rowspan="5" {{no}}
| rowspan="5" ! {{no}}
| rowspan="5" {{no}}
| dns.mullvad.net<ref name="mullvad">{{Cite web |date=2023-08-08 |title=DNS over HTTPS and DNS over TLS - Guides |url=https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/ |url-status= |archive-url= |access-date=2023-08-23 |website=Mullvad |language=en}}</ref>
| {{IPaddr|194.242.2.2}}
| {{IPaddr|2a07:e340::2}}
| None
| rowspan="5" | Can be used without its VPN service
|-
| adblock.dns.mullvad.net
| {{IPaddr|194.242.2.3}}
| {{IPaddr|2a07:e340::3}}
| Ads, and trackers
|-
| base.dns.mullvad.net
| {{IPaddr|194.242.2.4}}
| {{IPaddr|2a07:e340::4}}
| Ads, trackers, and malware
|-
| extended.dns.mullvad.net
| {{IPaddr|194.242.2.5}}
| {{IPaddr|2a07:e340::5}}
| Ads, trackers, malware, and social media
|-
| all.dns.mullvad.net
| {{IPaddr|194.242.2.9}}
| {{IPaddr|2a07:e340::9}}
| Ads, trackers, malware, social media, gambling and adult content
|-
! rowspan="6" | Vercara (formerly [[Neustar|Neustar Security Services]])
| rowspan="6" ! {{Yes}}<ref name="Neustar PP">{{cite web |title=Privacy Policy {{!}} Neustar |url=https://www.home.neustar/privacy/privacy-policy#data_in_products_services |website=home.neustar |language=en}}</ref>
| rowspan="6" ! {{Yes}}
| rowspan="6" ! {{Yes}}
| rowspan="6" ! {{No}}
| rowspan="6" ! {{No}}
| rowspan="6" ! {{No}}
| rowspan="6" ! {{No}}
| rowspan="6" ! {{No}}
| rowspan="6" {{dunno}}
| ''64.6.64.6''<br>''64.6.65.6''
| ''2620:74:1b::1:1''<br>''2620:74:1c::2:2''
| rowspan="2" | None
| Verisign transferred its public DNS to Neustar.<ref>{{Cite web|title=Verisign Public DNS Offers DNS Stability And Security – Verisign|url=https://www.verisign.com/en_US/security-services/public-dns/index.xhtml|access-date=2020-12-05|website=www.verisign.com|language=en-US|archive-date=2021-03-31|archive-url=https://web.archive.org/web/20210331041511/https://www.verisign.com/en_US/security-services/public-dns/index.xhtml|url-status=dead}}</ref>
|-
| {{IPaddr|156.154.70.1}}<br />{{IPaddr|156.154.71.1}}
| {{IPaddr|2610:a1:1018::1}}<br />{{IPaddr|2610:a1:1019::1}}
|
|-
|-
| {{IPaddr|156.154.70.2}}<br />{{IPaddr|156.154.71.2}}
! {{rh}} | [[Dyn (company)|Dyn]]
| {{IPaddr|2610:a1:1018::2}}<br />{{IPaddr|2610:a1:1019::2}}
| 216.146.35.35 216.146.36.36
| Malware, ransomware, spyware, phishing
| {{sort|011049|11049}}<ref>[http://www.alexa.com/siteinfo/dyn.com Dyn] at Alexa</ref>
|
|-
| {{IPaddr|156.154.70.3}}<br />{{IPaddr|156.154.71.3}}
| {{IPaddr|2610:a1:1018::3}}<br />{{IPaddr|2610:a1:1019::3}}
| Low security + gambling, pornography, violence, hate
|
|-
| {{IPaddr|156.154.70.4}}<br />{{IPaddr|156.154.71.4}}
| {{IPaddr|2610:a1:1018::4}}<br />{{IPaddr|2610:a1:1019::4}}
| Medium security + gaming, adult, drugs, alcohol, anonymous proxies
|
|-
| {{IPaddr|156.154.70.5}}<br />{{IPaddr|156.154.71.5}}
| {{IPaddr|2610:a1:1018::5}}<br />{{IPaddr|2610:a1:1019::5}}
| None
| Will not redirect non-existent domains to a landing page.
|-
! rowspan="3" | Cisco Umbrella ([[OpenDNS]])
| rowspan="3" ! {{yes}}<ref name="opendnsprivacy">[https://www.cisco.com/c/en/us/about/legal/privacy-full.html Cisco Online Privacy Statement]</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref>[https://support.opendns.com/hc/en-us/articles/360039659971 OpenDNS: DNSSEC General Availability]</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref name="opendnsdoh">[https://support.opendns.com/hc/en-us/articles/360038463251 OpenDNS: Querying OpenDNS using DoH]</ref>
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}<ref name="opendnscrypt">[https://support.opendns.com/hc/en-us/articles/227989147 OpenDNS: OpenDNS and DNSCrypt]</ref>
| dns.opendns.com<br />dns.umbrella.com<ref>[https://umbrella.cisco.com/blog/enhancing-support-dns-encryption-with-dns-over-https Cisco Umbrella Enhances Support of DNS Encryption with DNS Over HTTPS]</ref>
| {{IPaddr|208.67.222.222}}<br />{{IPaddr|208.67.220.220}}
| {{IPaddr|2620:119:35::35}}<br />{{IPaddr|2620:119:53::53}}
| Basic Security filtering + user defined policies
|
|-
| familyshield.opendns.com
| {{IPaddr|208.67.222.123}}<br />{{IPaddr|208.67.220.123}}
| {{IPaddr|2620:119:35::123}}<br />{{IPaddr|2620:119:53::123}}
| FamilyShield: adult content
|
|-
| sandbox.opendns.com
| {{IPaddr|208.67.222.2}}<br />{{IPaddr|208.67.220.2}}
| {{IPaddr|2620:0:ccc::2}}<br />{{IPaddr|2620:0:ccd::2}}
| None
| Sandbox addresses that provide no filtering.
|-
! |[[Oracle Corporation|Oracle]] (formerly [[Dyn (company)|Dyn]])
| {{yes}}<ref>{{cite web|url=https://dyn.com/legal/dyn-privacy-policy/|title=Oracle's Privacy Policy|website=dyn.com|language=en-US|access-date=2018-12-31}}</ref>
| {{yes}}
| {{yes}}
| {{no}}
| {{no}}
| {{no}}
| {{no}}
| {{no}}
| resolver1.dyndnsinternetguide.com<br />resolver2.dyndnsinternetguide.com<br />rdns.dynect.net
| {{IPaddr|216.146.35.35}}<br />{{IPaddr|216.146.36.36}}
|{{n/a}}
| None
|
|-
! rowspan="3" | [[Quad9]]
| rowspan="3" ! {{yes}}<ref name="quad9applicable-law">[https://quad9.net/privacy/compliance-and-applicable-law/ Quad9: Compliance and Applicable Law]</ref><ref name="quad9privacy">[https://quad9.net/privacy/policy/ Quad9: Data and Privacy Policy]</ref>
| rowspan="3" ! {{yes}}
| {{yes}}<ref name="quad9dnssec">[https://www.quad9.net/support/faq/#dnssec Quad9 FAQ: Does Quad9 implement DNSSEC?]</ref>
| rowspan="3" ! {{yes}}<ref name="quad9tls">[https://www.quad9.net/support/faq/#dns_tls Quad9 FAQ: Does Quad9 support DNS over TLS?]</ref>
| rowspan="3" ! {{yes}}<ref name="quad9https">[https://www.quad9.net/support/faq/#doh Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?]</ref>
| rowspan="3" ! {{no}}
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}<ref name="quad9dnscrypt">[https://www.quad9.net/support/faq/#dns_crypt Quad9 FAQ: Does Quad9 support dnscrypt?]</ref>
| dns.quad9.net
| {{IPaddr|9.9.9.9}}<br />{{IPaddr|149.112.112.112}}
| {{IPaddr|2620:fe::9}}<br />{{IPaddr|2620:fe::fe}}
| Phishing, malware, and exploit kit domains
|
|-
| {{yes}}<ref name="quad9dnssec"/>
| dns11.quad9.net
| {{IPaddr|9.9.9.11}}<br />{{IPaddr|149.112.112.11}}
| {{IPaddr|2620:fe::11}}<br />{{IPaddr|2620:fe::fe:11}}
| Phishing, malware, and exploit kit domains
| Passes [[EDNS Client Subnet]].
|-
| {{No}}<ref>[https://www.quad9.net/support/faq/#services Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?]</ref>
| dns10.quad9.net
| {{IPaddr|9.9.9.10}}<br />{{IPaddr|149.112.112.10}}
| {{IPaddr|2620:fe::10}}<br />{{IPaddr|2620:fe::fe:10}}
| None
|
|-
! | [[Wikimedia]]
| {{no|Informal}}<ref name="wikimedia-dns-privacy-policy">[https://meta.wikimedia.org/wiki/Wikimedia_DNS#Privacy_policy Wikimedia DNS: Privacy Policy]</ref>
| {{no}}<ref name="wikimedia-encrypted-dns">[https://wikitech.wikimedia.org/wiki/Wikimedia_DNS#Encrypted_DNS Wikimedia DNS: Encrypted DNS"]</ref>
| {{yes}}<ref name="wikimedia-dnssec">[https://wikitech.wikimedia.org/wiki/Wikimedia_DNS#DNSSEC Wikitech: Wikimedia DNS: DNSSEC]</ref>
| {{yes}}<ref name="wikimedia-tls">[https://wikitech.wikimedia.org/wiki/Wikimedia_DNS Wikitech: Wikimedia DNS]</ref>
| {{yes}}<ref name="wikimedia-https">[https://wikitech.wikimedia.org/wiki/Wikimedia_DNS Wikitech: Wikimedia DNS]</ref>
| {{no}}
| {{no}}<ref name="wikimedia-edns">[https://wikitech.wikimedia.org/wiki/Wikimedia_DNS#EDNS.280.29_Padding Wikitech: Wikimedia DNS: EDNS.280.29 Padding]</ref>
| {{no}}
| wikimedia-dns.org<ref name="wikimedia-dns-instructions">[https://meta.wikimedia.org/wiki/Wikimedia_DNS/Instructions Wikimedia DNS: Instructions]</ref>
| {{IPaddr|185.71.138.138}}<ref name="wikimedia-dns-instructions"></ref>
| {{IPaddr|2001:67c:930::1}}<ref name="wikimedia-dns-instructions"></ref>
| None<ref name="wikimedia-dns">[https://meta.wikimedia.org/wiki/Wikimedia_DNS Wikimedia DNS]</ref>
|
|-
! rowspan="3" |[[Yandex]]
| rowspan="3" ! {{no}}<ref name="yandextou">[https://yandex.com/legal/dns_termsofuse/ Terms of use of the Yandex.DNS service]</ref>
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{no}}
| rowspan="3" ! {{yes}}
| rowspan="3" ! {{yes}}
| common.dot.dns.yandex.net
| {{IPaddr|77.88.8.8}}<br />{{IPaddr|77.88.8.1}}
| {{IPaddr|2a02:6b8::feed:0ff}}<br />{{IPaddr|2a02:6b8:0:1::feed:0ff}}
| None
|
|-
| safe.dot.dns.yandex.net
| {{IPaddr|77.88.8.88}}<br />{{IPaddr|77.88.8.2}}
| {{IPaddr|2a02:6b8::feed:bad}}<br />{{IPaddr|2a02:6b8:0:1::feed:bad}}
| Safe: fraudulent / infected / bot sites
|
|-
| family.dot.dns.yandex.net
| {{IPaddr|77.88.8.7}}<br />{{IPaddr|77.88.8.3}}
| {{IPaddr|2a02:6b8::feed:a11}}<br />{{IPaddr|2a02:6b8:0:1::feed:a11}}
| Family: fraudulent / infected / bot / adult sites
|
|
| reporting

|-
|-
! {{rh}} | [[OpenNIC]]
| 96.90.175.167 104.238.153.178 27.100.36.191 45.63.25.55 <br />
89.36.220.220 185.121.177.53 41.79.69.13 77.66.108.93 ...
| {{sort|251951|251951}}<ref>[http://www.alexa.com/siteinfo/opennicproject.org OpenNIC] at Alexa</ref>
| no
| many nodes

|- class="sortbottom"
! Provider
! IPs
! Alexa Traffic Rank
! Blocking
! Features
|}
|}


==References==
== References ==
{{Reflist}}
{{Reflist|30em}}

== External links ==
* [https://dnscrypt.info/public-servers Home page of the DNSCrypt project: Public DNS servers]


[[Category:Domain Name System]]
[[Category:Alternative Internet DNS services]]
[[Category:Alternative Internet DNS services]]
[[Category:Distributed data structures]]
[[Category:Distributed data structures]]

Latest revision as of 19:28, 11 November 2024

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Most services now support secure DNS lookup transport services such as DNS over TLS (DoT), DNS over HTTPS (DoH) and DNS over QUIC (DoQ).

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

Notable public DNS service operators

[edit]
Provider Privacy policy DNS over UDP/TCP (Do53) DNSSEC DNS over TLS (DoT) DNS over HTTPS (DoH) DNS over QUIC (DoQ) EDNS Padding DNSCrypt Hostname IPv4 addresses IPv6 addresses Filters Remarks
AdGuard Yes[6] Yes Yes[7] Yes Yes[8] Yes[9] No Yes[10] dns.adguard-dns.com[11] 94.140.14.14
94.140.15.15 		2a10:50c0::ad1:ff
2a10:50c0::ad2:ff 		Default: ads and trackers[11]
family.adguard-dns.com 94.140.14.15
94.140.15.16 		2a10:50c0::bad1:ff
2a10:50c0::bad2:ff 		Family: ads, trackers, and adult content[11]
unfiltered.adguard-dns.com 94.140.14.140
94.140.14.141 		2a10:50c0::1:ff
2a10:50c0::2:ff 		None[11]
Alibaba ? Yes ? Yes Yes No ? No dns.alidns.com 223.5.5.5

223.6.6.6

2400:3200::1

2400:3200:baba::1

? Chinese regulations
CleanBrowsing Yes[12] Yes Yes Yes[13] Yes[14] No Yes Yes[15] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168 		2a0d:2a00:1::
2a0d:2a00:2:: 		Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11 		2a0d:2a00:1::1
2a0d:2a00:2::1 		Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9 		2a0d:2a00:1::2
2a0d:2a00:2::2 		Security
Cloudflare Yes[16] Yes Yes[17] Yes[18] Yes[19] No[20] Yes No one.one.one.one[21]
1dot1dot1dot1.cloudflare-dns.com 		1.1.1.1
1.0.0.1 		2606:4700:4700::1111
2606:4700:4700::1001 		None
security.cloudflare-dns.com 1.1.1.2
1.0.0.2 		2606:4700:4700::1112
2606:4700:4700::1002 		Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3 		2606:4700:4700::1113
2606:4700:4700::1003 		Malware, Phishing,
Adult content
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400 		None Intended to be IPv6-only.[22] See NAT64 and DNS64.
Google Yes[23] Yes Yes Yes Yes[24] No Yes No dns.google[25] 8.8.8.8
8.8.4.4 		2001:4860:4860::8888
2001:4860:4860::8844 		None
dns64.dns.google 2001:4860:4860::6464
2001:4860:4860::64 		None Intended for networks with NAT64 gateway.[26]
Gcore Yes[27] Yes Yes No No No No No 95.85.95.85
2.56.220.2 		2a03:90c0:999d::1
2a03:90c0:9992::1 		None
Mullvad Only for VPN service available[28] No[29] Yes Yes[29] Yes[29] No No No dns.mullvad.net[29] 194.242.2.2 2a07:e340::2 None Can be used without its VPN service
adblock.dns.mullvad.net 194.242.2.3 2a07:e340::3 Ads, and trackers
base.dns.mullvad.net 194.242.2.4 2a07:e340::4 Ads, trackers, and malware
extended.dns.mullvad.net 194.242.2.5 2a07:e340::5 Ads, trackers, malware, and social media
all.dns.mullvad.net 194.242.2.9 2a07:e340::9 Ads, trackers, malware, social media, gambling and adult content
Vercara (formerly Neustar Security Services) Yes[30] Yes Yes No No No No No ? 64.6.64.6
64.6.65.6 		2620:74:1b::1:1
2620:74:1c::2:2 		None Verisign transferred its public DNS to Neustar.[31]
156.154.70.1
156.154.71.1 		2610:a1:1018::1
2610:a1:1019::1
156.154.70.2
156.154.71.2 		2610:a1:1018::2
2610:a1:1019::2 		Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3 		2610:a1:1018::3
2610:a1:1019::3 		Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4 		2610:a1:1018::4
2610:a1:1019::4 		Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5 		2610:a1:1018::5
2610:a1:1019::5 		None Will not redirect non-existent domains to a landing page.
Cisco Umbrella (OpenDNS) Yes[32] Yes Yes[33] Yes Yes[34] No Yes Yes[35] dns.opendns.com
dns.umbrella.com[36] 		208.67.222.222
208.67.220.220 		2620:119:35::35
2620:119:53::53 		Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123 		2620:119:35::123
2620:119:53::123 		FamilyShield: adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2 		2620:0:ccc::2
2620:0:ccd::2 		None Sandbox addresses that provide no filtering.
Oracle (formerly Dyn) Yes[37] Yes Yes No No No No No resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com
rdns.dynect.net 		216.146.35.35
216.146.36.36 		None
Quad9 Yes[38][39] Yes Yes[40] Yes[41] Yes[42] No No Yes[43] dns.quad9.net 9.9.9.9
149.112.112.112 		2620:fe::9
2620:fe::fe 		Phishing, malware, and exploit kit domains
Yes[40] dns11.quad9.net 9.9.9.11
149.112.112.11 		2620:fe::11
2620:fe::fe:11 		Phishing, malware, and exploit kit domains Passes EDNS Client Subnet.
No[44] dns10.quad9.net 9.9.9.10
149.112.112.10 		2620:fe::10
2620:fe::fe:10 		None
Wikimedia Informal[45] No[46] Yes[47] Yes[48] Yes[49] No No[50] No wikimedia-dns.org[51] 185.71.138.138[51] 2001:67c:930::1[51] None[52]
Yandex No[53] Yes No Yes Yes No Yes Yes common.dot.dns.yandex.net 77.88.8.8
77.88.8.1 		2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff 		None
safe.dot.dns.yandex.net 77.88.8.88
77.88.8.2 		2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad 		Safe: fraudulent / infected / bot sites
family.dot.dns.yandex.net 77.88.8.7
77.88.8.3 		2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11 		Family: fraudulent / infected / bot / adult sites

References

[edit]
  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Archived from the original on 2016-10-22. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. ^ AdGuard DNS Privacy Notice
  7. ^ AdGuard DNS FAQ: What is DNSSEC?
  8. ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  9. ^ AdGuard DNS-over-QUIC
  10. ^ Adguard DNS now supports DNSCrypt
  11. ^ a b c d AdGuard DNS Setup guide
  12. ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  13. ^ "Parental Control with DNS over TLS Support".
  14. ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  15. ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  16. ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  17. ^ "The Nitty Gritty - Cloudflare Resolver". 24 January 2023.
  18. ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  19. ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  20. ^ "DNS over QUIC (DoQ)". Cloudflare Community. Retrieved 2022-09-12.
  21. ^ "Test DNS owner one.one.one.one". 2018-08-21.
  22. ^ "Supporting IPv6-only Networks". Archived from the original on 2020-12-09. Retrieved 2019-01-20.
  23. ^ Google Public DNS: Your Privacy
  24. ^ Google Public DNS: DNS-over-HTTPS
  25. ^ "Get Started | Public DNS".
  26. ^ Google Public DNS64
  27. ^ "Legal Information on Gcore Services".
  28. ^ "Privacy policy - Guides". Mullvad VPN. Retrieved 2023-08-27.
  29. ^ a b c d "DNS over HTTPS and DNS over TLS - Guides". Mullvad. 2023-08-08. Retrieved 2023-08-23.
  30. ^ "Privacy Policy | Neustar". home.neustar.
  31. ^ "Verisign Public DNS Offers DNS Stability And Security – Verisign". www.verisign.com. Archived from the original on 2021-03-31. Retrieved 2020-12-05.
  32. ^ Cisco Online Privacy Statement
  33. ^ OpenDNS: DNSSEC General Availability
  34. ^ OpenDNS: Querying OpenDNS using DoH
  35. ^ OpenDNS: OpenDNS and DNSCrypt
  36. ^ Cisco Umbrella Enhances Support of DNS Encryption with DNS Over HTTPS
  37. ^ "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
  38. ^ Quad9: Compliance and Applicable Law
  39. ^ Quad9: Data and Privacy Policy
  40. ^ a b Quad9 FAQ: Does Quad9 implement DNSSEC?
  41. ^ Quad9 FAQ: Does Quad9 support DNS over TLS?
  42. ^ Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?
  43. ^ Quad9 FAQ: Does Quad9 support dnscrypt?
  44. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  45. ^ Wikimedia DNS: Privacy Policy
  46. ^ Wikimedia DNS: Encrypted DNS"
  47. ^ Wikitech: Wikimedia DNS: DNSSEC
  48. ^ Wikitech: Wikimedia DNS
  49. ^ Wikitech: Wikimedia DNS
  50. ^ Wikitech: Wikimedia DNS: EDNS.280.29 Padding
  51. ^ a b c Wikimedia DNS: Instructions
  52. ^ Wikimedia DNS
  53. ^ Terms of use of the Yandex.DNS service
[edit]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Public_recursive_name_server&oldid=1256826269"