Jump to content

Public recursive name server

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 2001:8e0:2064:bf00:5b1e:216b:1f1f:d925 (talk) at 18:29, 2 December 2023 (Column order changed again). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS (DoH) and DNS over TLS (DoT).

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

Notable public DNS service operators

Providers Privacy policy DNS over UDP/TCP (Do53) DNSSEC DNS over TLS (DoT) DNS over HTTPS (DoH) DNS over QUIC (DoQ) EDNS padding DNSCrypt Hostnames IPv4 addresses IPv6 addresses Filters Remarks
AdGuard Yes[6] Yes Yes[7] Yes Yes[8] Yes[9] No Yes[10] dns.adguard-dns.com[11] 94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
Default: ads and trackers[11]
family.adguard-dns.com 94.140.14.15
94.140.15.16
2a10:50c0::bad1:ff
2a10:50c0::bad2:ff
Family: ads, trackers, and adult content[11]
unfiltered.adguard-dns.com 94.140.14.140
94.140.14.141
2a10:50c0::1:ff
2a10:50c0::2:ff
None[11]
CleanBrowsing Yes[12] Yes Yes Yes[13] Yes[14] No Yes Yes[15] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare Yes[16] Yes Yes[17] Yes[18] Yes[19] No[20] Yes No one.one.one.one[21]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
None
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400
None Intended to be IPv6-only.[22] See NAT64 and DNS64.
security.cloudflare-dns.com 1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002
Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
Malware, Phishing,
Adult content
Google Yes[23] Yes Yes Yes Yes[24] No Yes No dns.google[25] 8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
None
dns64.dns.google 2001:4860:4860::6464
2001:4860:4860::64
None Intended for networks with NAT64 gateway.[26]
Mullvad Only for VPN service available[27] No[28] Yes Yes[28] Yes[28] No No No dns.mullvad.net[28] 194.242.2.2 2a07:e340::2 None Can be used without its VPN service
adblock.dns.mullvad.net 194.242.2.3 2a07:e340::3 Ads, and trackers
base.dns.mullvad.net 194.242.2.4 2a07:e340::4 Ads, trackers, and malware
extended.dns.mullvad.net 194.242.2.5 2a07:e340::5 Ads, trackers, malware, and social media
all.dns.mullvad.net 194.242.2.9 2a07:e340::9 Ads, trackers, malware, social media, gambling and adult content
OpenDNS Yes[29] Yes Yes[30] Yes Yes[31] No Yes Yes[32] dns.opendns.com 208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123
2620:119:35::123
2620:119:53::123
FamilyShield: adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2
2620:0:ccc::2
2620:0:ccd::2
None Sandbox addresses that provide no filtering.
Quad9 Yes[33][34] Yes Yes[35] Yes[36] Yes[37] No No Yes[38] dns.quad9.net 9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
Phishing, malware, and exploit kit domains
Yes[35] dns11.quad9.net 9.9.9.11
149.112.112.11
2620:fe::11
2620:fe::fe:11
Phishing, malware, and exploit kit domains Passes EDNS Client Subnet.
No[39] dns10.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
None
Yandex No[40] Yes No Yes Yes No Yes Yes dns.yandex.ru
secondary.dns.yandex.ru
77.88.8.8
77.88.8.1
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru
77.88.8.88
77.88.8.2
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
Safe: fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru
77.88.8.7
77.88.8.3
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
Family: fraudulent / infected / bot / adult sites

References

  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Archived from the original on 2016-10-22. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. ^ AdGuard DNS Privacy Notice
  7. ^ AdGuard DNS FAQ: What is DNSSEC?
  8. ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  9. ^ AdGuard DNS-over-QUIC
  10. ^ Adguard DNS now supports DNSCrypt
  11. ^ a b c d AdGuard DNS Setup guide
  12. ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  13. ^ "Parental Control with DNS over TLS Support".
  14. ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  15. ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  16. ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  17. ^ "The Nitty Gritty - Cloudflare Resolver". 24 January 2023.
  18. ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  19. ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  20. ^ "DNS over QUIC (DoQ)". Cloudflare Community. Retrieved 2022-09-12.
  21. ^ "Test DNS owner one.one.one.one". 2018-08-21.
  22. ^ "Supporting IPv6-only Networks". Archived from the original on 2020-12-09. Retrieved 2019-01-20.
  23. ^ Google Public DNS: Your Privacy
  24. ^ Google Public DNS: DNS-over-HTTPS
  25. ^ "Get Started | Public DNS".
  26. ^ Google Public DNS64
  27. ^ "Privacy policy - Guides". Mullvad VPN. Retrieved 2023-08-27.
  28. ^ a b c d "DNS over HTTPS and DNS over TLS - Guides". Mullvad. 2023-08-08. Retrieved 2023-08-23.
  29. ^ Cisco Online Privacy Statement
  30. ^ OpenDNS: DNSSEC General Availability
  31. ^ OpenDNS: Querying OpenDNS using DoH
  32. ^ OpenDNS: OpenDNS and DNSCrypt
  33. ^ Quad9: Compliance and Applicable Law
  34. ^ Quad9: Data and Privacy Policy
  35. ^ a b Quad9 FAQ: Does Quad9 implement DNSSEC?
  36. ^ Quad9 FAQ: Does Quad9 support DNS over TLS?
  37. ^ Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?
  38. ^ Quad9 FAQ: Does Quad9 support dnscrypt?
  39. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  40. ^ Terms of use of the Yandex.DNS service