Open main menu

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

List of public DNS service operatorsEdit

Provider Nodes Privacy policy DNS over UDP DNSSEC DNS over TLS DNS over HTTPS DNSCrypt Hostnames IPv4 addresses IPv6 addresses Filters Remarks
CleanBrowsing[6] 20 Yes[7] Yes Yes Yes[8] Yes[9] Yes[10] 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Designed to be used on devices of kids under 13.
185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare 1.1.1.1[11] 165[12] Yes[13] Yes Yes[14] Yes[15] Yes[16] No one.one.one.one[17]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
None
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400
None Intended to be used with IPv6-only network.[18]
Comodo Secure DNS[19] No Yes No No No No ns1.recursive.dnsbycomodo.com
ns2.recursive.dnsbycomodo.com
8.26.56.26
8.20.247.20
CZ.NIC ODVR[20] Yes Yes Yes No No No 217.31.204.130
193.29.206.206
2001:1488:800:400::130
2001:678:1::206
None Servers are located in Prague
Oracle + Dyn[21] Yes[22] Yes Yes resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com
216.146.35.35
216.146.36.36
DNS.WATCH[23] No Yes Yes No No No resolver1.dns.watch
resolver2.dns.watch
84.200.69.80
84.200.70.40
2001:1608:10:25::1c04:b12f
2001:1608:10:25::9249:d69b
None
Google Public DNS[24] 23[25] Yes[26] Yes Yes Yes Yes[27] No dns.google[28]
google-public-dns-a.google.com
google-public-dns-b.google.com
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
None
2001:4860:4860::6464
2001:4860:4860::64
None Intended to be used on networks with NAT64 gateway.[29]
Neustar UltraRecursive[30] Yes[31] Yes Yes No No No 156.154.70.1
156.154.71.1
2610:a1:1018::1
2610:a1:1019::1
None
156.154.70.2
156.154.71.2
2610:a1:1018::2
2610:a1:1019::2
Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3
2610:a1:1018::3
2610:a1:1019::3
Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4
2610:a1:1018::4
2610:a1:1019::4
Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5
2610:a1:1018::5
2610:a1:1019::5
None Will not redirect non-existent domains to a landing page
Norton ConnectSafe[32] Yes[33] Yes No No No No 199.85.126.10
199.85.127.10
Security (malware, phishing sites and scam sites) Shut down on November 15, 2018[34]
199.85.126.20
199.85.127.20
Security and pornography
199.85.126.30
199.85.127.30
Family-friendly: security, pornography and other objectionable content
OpenDNS[35] 31[36] Yes[37] Yes No No No Yes[38] resolver1.opendns.com
resolver2.opendns.com
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
resolver1-fs.opendns.com
resolver2-fs.opendns.com
208.67.222.123
208.67.220.123
"FamilyShield": adult content
resolver1.ipv6-sandbox.opendns.com
resolver2.ipv6-sandbox.opendns.com
2620:0:ccc::2
2620:0:ccd::2
None Sandbox addresses which provide no filtering
OpenNIC[39] Yes[40] Yes No No No Partial[41] Several [42] 185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
List of all OpenNIC Tier 2 DNS Resolvers
Quad9[43] 137[44] Yes[45] Yes Yes[46] Yes[47] Yes[48] Yes[49] dns.quad9.net
rpz-public-resolver1.rrdns.pch.net
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
Malicious domains (phishing, malware, exploit kit domains)
No[50] dns-nosec.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
None
SafeDNS[51] Yes Yes No Soon No No dns1.safedns.com dns2.safedns.com 195.46.39.39 195.46.39.40 Malicious, phishing domains + user defined policies
UncensoredDNS[52] No Yes Yes Yes[53] No No anycast.censurfridns.dk
unicast.censurfridns.dk
91.239.100.100
89.233.43.71
2001:67c:28a4::
2a01:3a0:53:53::
None Hosted in Denmark, servers listen to ports 53 and 5353
VeriSign Public DNS[54] Yes[55] Yes Yes[56] No No No recpubns1.nstld.net
recpubns2.nstld.net
64.6.64.6
64.6.65.6
2620:74:1b::1:1
2620:74:1c::2:2
None
Yandex.DNS[57] Yes[58] Yes No No No No dns.yandex.ru
secondary.dns.yandex.ru
77.88.8.1
77.88.8.8
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru
77.88.8.2
77.88.8.88
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
"Safe": fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru
77.88.8.3
77.88.8.7
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
"Family": fraudulent / infected / bot / adult sites

ReferencesEdit

  1. ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Retrieved 2016-10-22.
  4. ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. ^ "IPv4 and IPv6 Anycast DNS Firewall and Resolver".
  7. ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  8. ^ "Parental Control with DNS over TLS Support".
  9. ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  10. ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  11. ^ "1.1.1.1 — the Internet's Fastest, Privacy-First DNS Resolver".
  12. ^ Cloudflare: Our Anycast Network Map
  13. ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  14. ^ "The Nitty Gritty - Cloudflare Resolver".
  15. ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  16. ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  17. ^ https://community.cloudflare.com/t/test-dns-owner-one-one-one-one/29970/4. Missing or empty |title= (help)
  18. ^ Supporting IPv6-only Networks
  19. ^ Comodo Secure DNS, Managed DNS Service, Secure DNS Provider
  20. ^ CZ.NIC Open DNSSEC Validating Resolvers
  21. ^ "Surf faster with Dyn's Recursive DNS". dyn.com. Retrieved 2018-12-31.
  22. ^ "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
  23. ^ "DNS.WATCH". dns.watch. Retrieved 2019-01-16.
  24. ^ Google Public DNS
  25. ^ Google Public DNS: Where are your servers currently located?
  26. ^ Google Public DNS: Your Privacy
  27. ^ Google Public DNS: DNS-over-HTTPS
  28. ^ https://developers.google.com/speed/public-dns/docs/using. Missing or empty |title= (help)
  29. ^ Google Public DNS64
  30. ^ "Recursive DNS on the Global Anycast Network | Neustar". security.neustar. Retrieved 2018-10-24.
  31. ^ "Privacy Policy | Neustar". home.neustar.
  32. ^ Norton ConnectSafe
  33. ^ Norton ConnectSafe Privacy Notice
  34. ^ "Norton ConnectSafe". connectsafe.norton.com. Retrieved 2018-12-31.
  35. ^ Cloud Delivered Enterprise Security by OpenDNS
  36. ^ OpenDNS: Data Center Locations
  37. ^ Cisco Online Privacy Statement
  38. ^ OpenDNS: DNS Security with DNSCrypt
  39. ^ OpenNIC Project
  40. ^ OpenNIC: Privacy Policy
  41. ^ OpenNIC: DNSCrypt
  42. ^ OpenNIC Tier 2 DNS Resolvers
  43. ^ Quad9 DNS: Internet Security and Privacy in a Few Easy Steps
  44. ^ Quad9’s Year One Success Shows There is a DNS Solution that Provides Both Privacy and Security
  45. ^ Quad9: Privacy, Data Collection and Use Policy
  46. ^ Quad9 FAQ: Does Quad9 implement DNSSEC?
  47. ^ Quad9 Frequently Asked Questions
  48. ^ DoH with Quad9 DNS Servers
  49. ^ Quad9 DNSCrypt Now In Testing
  50. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  51. ^ SafeDNS
  52. ^ UncensoredDNS
  53. ^ DNS over TLS Pubkey Pinning Info for unicast.uncensoreddns.org
  54. ^ Verisign Public DNS
  55. ^ Verisign Public DNS Terms of Service
  56. ^ Verisign Public DNS Forum: employee post
  57. ^ Yandex.DNS
  58. ^ Terms of use of the Yandex.DNS service

External linksEdit