Public recursive name server

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS (DoH) and DNS over TLS (DoT).

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

Notable public DNS service operatorsEdit

Providers Privacy policy DNS over UDP DNSSEC DNS over TLS DNS over HTTPS DNSCrypt Hostnames IPv4 addresses IPv6 addresses Filters Remarks
AdGuard Yes[6] Yes Yes[7] Yes Yes[8] Yes[9] dns.adguard.com 94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
Default[10]
dns-family.adguard.com 94.140.14.15
94.140.15.16
2a10:50c0::bad1:ff
2a10:50c0::bad2:ff
Family[10]
dns-unfiltered.adguard.com 94.140.14.140
94.140.14.141
2a10:50c0::1:ff
2a10:50c0::2:ff
None[10]
CleanBrowsing Yes[11] Yes Yes Yes[12] Yes[13] Yes[14] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare Yes[15] Yes Yes[16] Yes[17] Yes[18] No one.one.one.one[19]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
None
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400
None Intended to be used with IPv6-only network.[20] See NAT64 and DNS64.
security.cloudflare-dns.com 1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002
Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
Malware, Phishing,
Adult content
Dyn Yes[21] Yes Yes No No No resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com
216.146.35.35
216.146.36.36
Planned shutdown on May 31, 2022.
Google Yes[22] Yes Yes Yes Yes[23] No dns.google[24]
google-public-dns-a.google.com
google-public-dns-b.google.com
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
None
dns64.dns.google 2001:4860:4860::6464
2001:4860:4860::64
None Intended to be used on networks with NAT64 gateway.[25]
Neustar Yes[26] Yes Yes No No No 64.6.64.6
64.6.65.6
2620:74:1b::1:1
2620:74:1c::2:2
None Verisign transferred its public DNS to Neustar on December 3, 2020.[27]
156.154.70.1
156.154.71.1
2610:a1:1018::1
2610:a1:1019::1
156.154.70.2
156.154.71.2
2610:a1:1018::2
2610:a1:1019::2
Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3
2610:a1:1018::3
2610:a1:1019::3
Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4
2610:a1:1018::4
2610:a1:1019::4
Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5
2610:a1:1018::5
2610:a1:1019::5
None Will not redirect non-existent domains to a landing page.
OpenDNS Yes[28] Yes Yes[29] No Yes[30] Yes[31] dns.opendns.com

resolver1.opendns.com

resolver2.opendns.com

208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123
2620:119:35::123
2620:119:53::123
"FamilyShield": adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2
2620:0:ccc::2
2620:0:ccd::2
None Sandbox addresses which provide no filtering.
OpenNIC Yes[32] Yes Yes Partial Partial Partial[33] Several 185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
Vary
Quad9 Yes[34][35] Yes Yes[36] Yes[37] Yes[38] Yes[39] dns9.quad9.net 9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
Phishing, malware, and exploit kit domains
Yes[36] dns11.quad9.net 9.9.9.11
149.112.112.11
2620:fe::11
2620:fe::fe:11
Phishing, malware, and exploit kit domains Supports EDNS Client Subnet.
No[40] dns10.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
None
Yandex Yes[41] Yes No No No Yes dns.yandex.ru
secondary.dns.yandex.ru
77.88.8.1
77.88.8.8
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru
77.88.8.2
77.88.8.88
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
"Safe": fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru
77.88.8.3
77.88.8.7
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
"Family": fraudulent / infected / bot / adult sites

ReferencesEdit

  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Archived from the original on 2016-10-22. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. ^ AdGuard DNS Privacy Notice
  7. ^ AdGuard DNS FAQ: What is DNSSEC?
  8. ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  9. ^ Adguard DNS now supports DNSCrypt
  10. ^ a b c AdGuard DNS Setup guide
  11. ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  12. ^ "Parental Control with DNS over TLS Support".
  13. ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  14. ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  15. ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  16. ^ "The Nitty Gritty - Cloudflare Resolver".
  17. ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  18. ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  19. ^ "Test DNS owner one.one.one.one". 2018-08-21.
  20. ^ Supporting IPv6-only Networks
  21. ^ "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
  22. ^ Google Public DNS: Your Privacy
  23. ^ Google Public DNS: DNS-over-HTTPS
  24. ^ "Get Started | Public DNS".
  25. ^ Google Public DNS64
  26. ^ "Privacy Policy | Neustar". home.neustar.
  27. ^ "Verisign Public DNS Offers DNS Stability And Security – Verisign". www.verisign.com. Retrieved 2020-12-05.
  28. ^ Cisco Online Privacy Statement
  29. ^ OpenDNS: DNSSEC General Availability
  30. ^ OpenDNS: Querying OpenDNS using DoH
  31. ^ OpenDNS: OpenDNS and DNSCrypt
  32. ^ OpenNIC: Privacy Policy
  33. ^ OpenNIC: DNSCrypt
  34. ^ Quad9: Compliance and Applicable Law
  35. ^ Quad9: Data and Privacy Policy
  36. ^ a b Quad9 FAQ: Does Quad9 implement DNSSEC?
  37. ^ Quad9 FAQ: Does Quad9 support DNS over TLS?
  38. ^ Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?
  39. ^ Quad9 FAQ: Does Quad9 support dnscrypt?
  40. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  41. ^ Terms of use of the Yandex.DNS service


External linksEdit