Open main menu

Public recursive name server

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

List of public DNS service operatorsEdit

Provider IP-Addresses Blocking Nodes Privacy-Policy DNS over UDP DNSSEC DNS over TLS DNS over HTTPS DNSCrypt Alternate TLD Remarks
CleanBrowsing[6] 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Filter Anycast DNS with nodes in 20 cities Yes[7] Yes Yes Yes[8] Yes[9] Yes[10] No Designed to be used on devices of kids under 13.
CleanBrowsing[6] 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult Filter Anycast DNS with nodes in 20 cities Yes[7] Yes Yes Yes[8] Yes[9] Yes[10] No Designed to be used on devices of kids under 13.
CleanBrowsing[6] 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security Filter Anycast DNS with nodes in 20 cities Yes[7] Yes Yes Yes[8] Yes[9] Yes[10] No Designed to be used on devices of kids under 13.
Cloudflare (1.1.1.1)[11] 1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Anycast DNS with 155 nodes[12] Yes[13] Yes Yes[14] Yes[15] Yes[16] No No
Cloudflare Resolver for Firefox[17] Anycast DNS with 155 nodes[12] Yes[18] No Yes No Yes[17] No No
Comodo Secure DNS[19] 8.26.56.26
8.20.247.20
No Yes No No No No No
Google Public DNS[20] 8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
23 nodes, but only three in the southern hemisphere[21] Yes[22] Yes Yes Yes Yes[23] No No
Google Public DNS64[24] 2001:4860:4860::6464
2001:4860:4860::64
23 nodes, but only three in the southern hemisphere[21] Yes[22] Yes Yes No No No No Intended to be used on networks with NAT64 gateway.
Norton ConnectSafe[25] 199.85.126.10
199.85.127.10
Security (malware, phishing sites and scam sites) Yes[26] Yes No No No No No Known for NXDOMAIN hijacking
Norton ConnectSafe[25] 199.85.126.20
199.85.127.20
Security + Pornography Yes[26] Yes No No No No No Known for NXDOMAIN hijacking
Norton ConnectSafe[25] 199.85.126.30
199.85.127.30
Security + Pornography + Other Yes[26] Yes No No No No No Known for NXDOMAIN hijacking
OpenDNS[27] 208.67.222.123
208.67.220.123
FamilyShield (adult content) 27 nodes, but only one each in Latin America, Africa, and Australia[28] Yes[29] Yes No No No Yes[30] No
OpenDNS[27] 208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
27 nodes, but only one each in Latin America, Africa, and Australia[28] Yes[29] Yes No No No Yes[30] No
OpenNIC[31] 185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
No Yes No No No Yes[32] Yes List of all OpenNIC Tier 2 DNS Resolvers
Quad9[33] 9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
malicious domains (phishing, malware, exploit kit domains) Anycast DNS with nodes in 182 cities distributed across six continents Yes[34] Yes Yes Yes[35] Yes[36] Yes[37] No
Quad9[33] 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
Anycast DNS with nodes in 182 cities distributed across six continents Yes[34] Yes Yes Yes[35] Yes[36] Yes[37] No
VeriSign Public DNS[38] 64.6.64.6
64.6.65.6
2620:74:1b::1:1
2620:74:1c::2:2
Yes[39] Yes Yes[40] No No No No
Yandex.DNS [41] Basic 77.88.8.8
77.88.8.1
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
Yes[42] Yes No No No No No
Yandex.DNS [41] Safe 77.88.8.88
77.88.8.2
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
fraudulent / infected / bot sites Yes[42] Yes No No No No No
Yandex.DNS [41] Family 77.88.8.7
77.88.8.3
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
fraudulent / infected / bot / adult sites Yes[42] Yes No No No No No
Neustar UltraRecursive Reliability & Performance 1[43] 156.154.70.1, 156.154.71.1

2610:a1:1018::1, 2610:a1:1019::1

Yes[44] Yes Yes No No No No
Neustar UltraRecursive Reliability & Performance 2[43] (These IPs will not redirect NXDomain (Non-existent Domain) responses to a landing page.[43]) 156.154.70.5, 156.154.71.5

2610:a1:1018::5, 2610:a1:1019::5

Yes[44] Yes Yes No No No No
Neustar UltraRecursive Threat Protection[43] 156.154.70.2, 156.154.71.2

2610:a1:1018::2, 2610:a1:1019::2

Malware, Ransomware, Spyware & Phishing Yes[44] Yes Yes No No No No
Neustar UltraRecursive Family Secure[43] 156.154.70.3, 156.154.71.3

2610:a1:1018::3, 2610:a1:1019::3

Low + Gambling, Pornography, Violence & Hate/Discrimination Yes[44] Yes Yes No No No No
Neustar UltraRecursive Business Secure[43] 156.154.70.4, 156.154.71.4

2610:a1:1018::4, 2610:a1:1019::4

Medium + Gaming, Adult, Drugs, Alcohol & Anonymous Proxies Yes[44] Yes Yes No No No No

ReferencesEdit

  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana; Icann; Fcc; Google; again, DNS devastation: Top websites whacked offline as Dyn dies; dates, Coming soon to smart home devices? Best Before labels-with patch cut-off; IoT insecurity: US govt summons tech bosses, bashes heads together. "DNS devastation: Top websites whacked offline as Dyn dies again". Retrieved 2016-10-22.
  6. ^ a b c CleanBrowsing: IPv4 and IPv6 Anycast DNS Firewall and Resolver
  7. ^ a b c CleanBrowsing Privacy and Terms of Service
  8. ^ a b c CleanBrowsing: Parental Control with DNS over TLS Support
  9. ^ a b c CleanBrowsing: Parental Control with DNS Over HTTPS (DoH) Support
  10. ^ a b c CleanBrowsing: Parental Control with DNSCrypt Support
  11. ^ 1.1.1.1 - the Internet’s Fastest, Privacy-First DNS Resolver
  12. ^ a b Cloudflare: Our Anycast Network Map
  13. ^ Cloudflare: Resolver Privacy Frequently Asked Questions
  14. ^ Cloudflare: DNSSEC
  15. ^ Cloudflare: DNS over TLS
  16. ^ Cloudflare: DNS over HTTPS
  17. ^ a b Firefox Nightly News: Improving DNS Privacy in Firefox
  18. ^ Cloudflare: Resolver for Firefox
  19. ^ Comodo Secure DNS, Managed DNS Service, Secure DNS Provider
  20. ^ Google Public DNS
  21. ^ a b Google Public DNS: Where are your servers currently located?
  22. ^ a b Google Public DNS: Your Privacy
  23. ^ Google Public DNS: DNS-over-HTTPS
  24. ^ Google Public DNS64
  25. ^ a b c Norton ConnectSafe
  26. ^ a b c Norton ConnectSafe Privacy Notice
  27. ^ a b Cloud Delivered Enterprise Security by OpenDNS
  28. ^ a b OpenDNS: Data Center Locations
  29. ^ a b Cisco Online Privacy Statement
  30. ^ a b OpenDNS: DNS Security with DNSCrypt
  31. ^ OpenNIC Project
  32. ^ OpenNIC: DNSCrypt
  33. ^ a b Quad9 DNS: Internet Security and Privacy in a Few Easy Steps
  34. ^ a b Quad9: Privacy, Data Collection and Use Policy
  35. ^ a b Quad9 Frequently Asked Questions
  36. ^ a b DoH with Quad9 DNS Servers
  37. ^ a b Quad9 DNSCrypt Now In Testing
  38. ^ Verisign Public DNS
  39. ^ Verisign Public DNS Terms of Service
  40. ^ Verisign Public DNS Forum: employee post
  41. ^ a b c Yandex.DNS
  42. ^ a b c Terms of use of the Yandex.DNS service
  43. ^ a b c d e f "Recursive DNS on the Global Anycast Network | Neustar". security.neustar. Retrieved 2018-10-24.
  44. ^ a b c d e "Privacy Policy | Neustar". home.neustar.

External linksEdit