Public recursive name server
A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:
- speed, compared to using ISP DNS services[1]
- filtering (security, ad-blocking, porn-blocking, etc.)[2]
- reporting[3]
- avoiding censorship[4]
- redundancy (smart caching)[5]
- access to unofficial alternative top level domains not found in the official DNS root zone
- temporary unavailability of the ISP's name server
Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS (DoH) and DNS over TLS (DoT).
Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.
Notable public DNS service operators
Providers | Privacy policy | DNS over UDP/TCP (Do53) | DNSSEC | DNS over TLS (DoT) | DNS over HTTPS (DoH) | DNS over QUIC (DoQ) | EDNS padding | DNSCrypt | Hostnames | IPv4 addresses | IPv6 addresses | Filters | Remarks |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AdGuard | Yes[6] | Yes | Yes[7] | Yes | Yes[8] | Yes[9] | No | Yes[10] | dns.adguard-dns.com[11] | 94.140.14.14 94.140.15.15 |
2a10:50c0::ad1:ff 2a10:50c0::ad2:ff |
Default: ads and trackers[11] | |
family.adguard-dns.com | 94.140.14.15 94.140.15.16 |
2a10:50c0::bad1:ff 2a10:50c0::bad2:ff |
Family: ads, trackers, and adult content[11] | ||||||||||
unfiltered.adguard-dns.com | 94.140.14.140 94.140.14.141 |
2a10:50c0::1:ff 2a10:50c0::2:ff |
None[11] | ||||||||||
CleanBrowsing | Yes[12] | Yes | Yes | Yes[13] | Yes[14] | No | Yes | Yes[15] | family-filter-dns.cleanbrowsing.org | 185.228.168.168 185.228.169.168 |
2a0d:2a00:1:: 2a0d:2a00:2:: |
Family | Designed to be used on devices of kids under 13. |
adult-filter-dns.cleanbrowsing.org | 185.228.168.10 185.228.169.11 |
2a0d:2a00:1::1 2a0d:2a00:2::1 |
Adult | ||||||||||
security-filter-dns.cleanbrowsing.org | 185.228.168.9 185.228.169.9 |
2a0d:2a00:1::2 2a0d:2a00:2::2 |
Security | ||||||||||
Cloudflare | Yes[16] | Yes | Yes[17] | Yes[18] | Yes[19] | No[20] | Yes | No | one.one.one.one[21] 1dot1dot1dot1.cloudflare-dns.com |
1.1.1.1 1.0.0.1 |
2606:4700:4700::1111 2606:4700:4700::1001 |
None | |
dns64.cloudflare-dns.com | — | 2606:4700:4700::64 2606:4700:4700::6400 |
None | Intended to be IPv6-only.[22] See NAT64 and DNS64. | |||||||||
security.cloudflare-dns.com | 1.1.1.2 1.0.0.2 |
2606:4700:4700::1112 2606:4700:4700::1002 |
Malware, Phishing | ||||||||||
family.cloudflare-dns.com | 1.1.1.3 1.0.0.3 |
2606:4700:4700::1113 2606:4700:4700::1003 |
Malware, Phishing, Adult content |
||||||||||
Yes[23] | Yes | Yes | Yes | Yes[24] | No | Yes | No | dns.google[25] | 8.8.8.8 8.8.4.4 |
2001:4860:4860::8888 2001:4860:4860::8844 |
None | ||
dns64.dns.google | — | 2001:4860:4860::6464 2001:4860:4860::64 |
None | Intended for networks with NAT64 gateway.[26] | |||||||||
Mullvad | Only for VPN service available[27] | No[28] | Yes | Yes[28] | Yes[28] | No | No | No | dns.mullvad.net[28] | 194.242.2.2 | 2a07:e340::2 | None | Can be used without its VPN service |
adblock.dns.mullvad.net | 194.242.2.3 | 2a07:e340::3 | Ads, and trackers | ||||||||||
base.dns.mullvad.net | 194.242.2.4 | 2a07:e340::4 | Ads, trackers, and malware | ||||||||||
extended.dns.mullvad.net | 194.242.2.5 | 2a07:e340::5 | Ads, trackers, malware, and social media | ||||||||||
all.dns.mullvad.net | 194.242.2.9 | 2a07:e340::9 | Ads, trackers, malware, social media, gambling and adult content | ||||||||||
OpenDNS | Yes[29] | Yes | Yes[30] | Yes | Yes[31] | No | Yes | Yes[32] | dns.opendns.com | 208.67.222.222 208.67.220.220 |
2620:119:35::35 2620:119:53::53 |
Basic Security filtering + user defined policies | |
familyshield.opendns.com | 208.67.222.123 208.67.220.123 |
2620:119:35::123 2620:119:53::123 |
FamilyShield: adult content | ||||||||||
sandbox.opendns.com | 208.67.222.2 208.67.220.2 |
2620:0:ccc::2 2620:0:ccd::2 |
None | Sandbox addresses that provide no filtering. | |||||||||
Quad9 | Yes[33][34] | Yes | Yes[35] | Yes[36] | Yes[37] | No | No | Yes[38] | dns.quad9.net | 9.9.9.9 149.112.112.112 |
2620:fe::fe 2620:fe::9 |
Phishing, malware, and exploit kit domains | |
Yes[35] | dns11.quad9.net | 9.9.9.11 149.112.112.11 |
2620:fe::11 2620:fe::fe:11 |
Phishing, malware, and exploit kit domains | Passes EDNS Client Subnet. | ||||||||
No[39] | dns10.quad9.net | 9.9.9.10 149.112.112.10 |
2620:fe::10 2620:fe::fe:10 |
None | |||||||||
Yandex | No[40] | Yes | No | Yes | Yes | No | Yes | Yes | dns.yandex.ru secondary.dns.yandex.ru |
77.88.8.8 77.88.8.1 |
2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff |
None | |
safe.dns.yandex.ru secondary.safe.dns.yandex.ru |
77.88.8.88 77.88.8.2 |
2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad |
Safe: fraudulent / infected / bot sites | ||||||||||
family.dns.yandex.ru secondary.family.dns.yandex.ru |
77.88.8.7 77.88.8.3 |
2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11 |
Family: fraudulent / infected / bot / adult sites |
References
- ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
- ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
- ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Archived from the original on 2016-10-22. Retrieved 2016-10-22.
- ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
- ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
- ^ AdGuard DNS Privacy Notice
- ^ AdGuard DNS FAQ: What is DNSSEC?
- ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
- ^ AdGuard DNS-over-QUIC
- ^ Adguard DNS now supports DNSCrypt
- ^ a b c d AdGuard DNS Setup guide
- ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ "Parental Control with DNS over TLS Support".
- ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
- ^ "The Nitty Gritty - Cloudflare Resolver". 24 January 2023.
- ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
- ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
- ^ "DNS over QUIC (DoQ)". Cloudflare Community. Retrieved 2022-09-12.
- ^ "Test DNS owner one.one.one.one". 2018-08-21.
- ^ "Supporting IPv6-only Networks". Archived from the original on 2020-12-09. Retrieved 2019-01-20.
- ^ Google Public DNS: Your Privacy
- ^ Google Public DNS: DNS-over-HTTPS
- ^ "Get Started | Public DNS".
- ^ Google Public DNS64
- ^ "Privacy policy - Guides". Mullvad VPN. Retrieved 2023-08-27.
- ^ a b c d "DNS over HTTPS and DNS over TLS - Guides". Mullvad. 2023-08-08. Retrieved 2023-08-23.
- ^ Cisco Online Privacy Statement
- ^ OpenDNS: DNSSEC General Availability
- ^ OpenDNS: Querying OpenDNS using DoH
- ^ OpenDNS: OpenDNS and DNSCrypt
- ^ Quad9: Compliance and Applicable Law
- ^ Quad9: Data and Privacy Policy
- ^ a b Quad9 FAQ: Does Quad9 implement DNSSEC?
- ^ Quad9 FAQ: Does Quad9 support DNS over TLS?
- ^ Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?
- ^ Quad9 FAQ: Does Quad9 support dnscrypt?
- ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
- ^ Terms of use of the Yandex.DNS service