Public recursive name server: Difference between revisions
Added remarks for Dyn DNS |
Vit-ali-yan (talk | contribs) →List of public DNS service operators: added details about AdGuard DNS to comply with their official manual and external review contents |
||
Line 30: | Line 30: | ||
! Remarks |
! Remarks |
||
|- |
|- |
||
! {{rh}} |
! rowspan="2" {{rh}} class="table-rh" |[[AdGuard]] DNS<ref>{{cite news |last1=Brinkmann |first1=Martin |title=A look at AdGuard DNS |url=https://www.ghacks.net/2018/12/31/a-look-at-adguard-dns/ |accessdate=2019-08-02 |publisher=Ghacks Technology News |date=2018-12-31}}</ref> |
||
| rowspan="2" | 20 |
|||
| |
|||
| {{yes}} |
| {{yes}} |
||
| {{yes}} |
| {{yes}} |
||
Line 39: | Line 39: | ||
| {{yes}} |
| {{yes}} |
||
| dns.adguard.com |
| dns.adguard.com |
||
<br /> |
|||
⚫ | |||
| {{IPaddr|176.103.130.130}}<br />{{IPaddr|176.103.130.131}} |
| {{IPaddr|176.103.130.130}}<br />{{IPaddr|176.103.130.131}} |
||
| {{IPaddr|2a00:5a60::ad1:0ff}}<br />{{IPaddr|2a00:5a60::ad2:0ff}} |
| {{IPaddr|2a00:5a60::ad1:0ff}}<br />{{IPaddr|2a00:5a60::ad2:0ff}} |
||
|Default (ad servers, malicious, phishing domains) |
|||
|Family |
|||
| rowspan="2" |DNS functionality designed as a part of other AdGuard software, most of which are distributed on a pay-to-use basis. AdGuard DNS is free.<ref>{{Cite web|url=https://adguard.com/en/adguard-dns/overview.html|title=How to set up AdGuard DNS|website=adguard.com|language=en|access-date=2019-08-12}}</ref> |
|||
| |
|||
|-| {{yes}} |
|||
| {{yes}} |
|||
| {{no}} |
|||
| {{yes}} |
|||
| {{yes}} |
|||
| {{yes}} |
|||
⚫ | |||
|''176.103.130.132'' |
|||
''176.103.130.134'' |
|||
|''2a00:5a60::bad1:0ff'' |
|||
''2a00:5a60::bad2:0ff'' |
|||
|Family (Adult websites, ad servers, malicious, phishing domains) |
|||
|- |
|- |
||
! rowspan="3" {{rh}} class="table-rh" | [[CleanBrowsing]]<ref name="cb">{{cite web | url=https://cleanbrowsing.org/ip-address | title=IPv4 and IPv6 Anycast DNS Firewall and Resolver}}</ref> |
! rowspan="3" {{rh}} class="table-rh" | [[CleanBrowsing]]<ref name="cb">{{cite web | url=https://cleanbrowsing.org/ip-address | title=IPv4 and IPv6 Anycast DNS Firewall and Resolver}}</ref> |
Revision as of 21:13, 12 August 2019
A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:
- speed, compared to using ISP DNS services[1]
- filtering (security, ad-blocking, porn-blocking, etc.)[2]
- reporting[3]
- avoiding censorship[4]
- redundancy (smart caching)[5]
- access to unofficial alternative top level domains not found in the official DNS root zone
Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.
Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.
List of public DNS service operators
Provider | Nodes | Privacy policy | DNS over UDP | DNSSEC | DNS over TLS | DNS over HTTPS | DNSCrypt | Hostnames | IPv4 addresses | IPv6 addresses | Filters | Remarks |
---|---|---|---|---|---|---|---|---|---|---|---|---|
AdGuard DNS[6] | 20 | Yes | Yes | No | Yes | Yes | Yes | dns.adguard.com
|
176.103.130.130 176.103.130.131 |
2a00:5a60::ad1:0ff 2a00:5a60::ad2:0ff |
Default (ad servers, malicious, phishing domains) | DNS functionality designed as a part of other AdGuard software, most of which are distributed on a pay-to-use basis. AdGuard DNS is free.[7] |
Yes | No | Yes | Yes | Yes | dns-family.adguard.com | 176.103.130.132
176.103.130.134 |
2a00:5a60::bad1:0ff
2a00:5a60::bad2:0ff |
Family (Adult websites, ad servers, malicious, phishing domains) | ||||
CleanBrowsing[8] | 20 | Yes[9] | Yes | Yes | Yes[10] | Yes[11] | Yes[12] | 185.228.168.168 185.228.169.168 |
2a0d:2a00:1:: 2a0d:2a00:2:: |
Family | Designed to be used on devices of kids under 13. | |
185.228.168.10 185.228.169.11 |
2a0d:2a00:1::1 2a0d:2a00:2::1 |
Adult | ||||||||||
185.228.168.9 185.228.169.9 |
2a0d:2a00:1::2 2a0d:2a00:2::2 |
Security | ||||||||||
Cloudflare 1.1.1.1[13] | 165[14] | Yes[15] | Yes | Yes[16] | Yes[17] | Yes[18] | No | one.one.one.one[19] 1dot1dot1dot1.cloudflare-dns.com |
1.1.1.1 1.0.0.1 |
2606:4700:4700::1111 2606:4700:4700::1001 |
None | |
dns64.cloudflare-dns.com | — | 2606:4700:4700::64 2606:4700:4700::6400 |
None | Intended to be used with IPv6-only network.[20] | ||||||||
Comodo Secure DNS[21] | No | Yes | No | No | No | Yes | ns1.recursive.dnsbycomodo.com ns2.recursive.dnsbycomodo.com |
8.26.56.26 8.20.247.20 |
— | |||
CZ.NIC ODVR[22] | Yes | Yes | Yes | Yes | Yes | No | odvr.nic.cz [23] | 193.17.47.1 185.43.135.1 |
2001:148f:ffff::1 2001:148f:fffe::1 |
None | Servers are located in Prague | |
dnscrypt.ca[24] | Yes[25] | No | Yes | No | No | Yes | dns1.dnscrypt.ca dns2.dnscrypt.ca |
192.99.183.132 192.99.183.133 |
2607:5300:60:4aa8::600 2607:5300:60:4aa8::700 |
None | Servers located in Beauharnois, Quebec. No query logs. | |
Dyn DNS[26] | Yes[27] | Yes | Yes | No | No | No | resolver1.dyndnsinternetguide.com resolver2.dyndnsinternetguide.com |
216.146.35.35 216.146.36.36 |
— | Shut down on May 31, 2020 | ||
DNS.WATCH[28] | No | Yes | Yes | No | No | No | resolver1.dns.watch resolver2.dns.watch |
84.200.69.80 84.200.70.40 |
2001:1608:10:25::1c04:b12f 2001:1608:10:25::9249:d69b |
None | ||
Freenom World[29] | Yes | Yes | Yes | No | No | Yes | 80.80.80.80 80.80.81.81 |
None | present in each global region | |||
Google Public DNS[30] | 23[31] | Yes[32] | Yes | Yes | Yes | Yes[33] | No | dns.google[34] google-public-dns-a.google.com google-public-dns-b.google.com |
8.8.8.8 8.8.4.4 |
2001:4860:4860::8888 2001:4860:4860::8844 |
None | |
— | 2001:4860:4860::6464 2001:4860:4860::64 |
None | Intended to be used on networks with NAT64 gateway.[35] | |||||||||
Neustar UltraRecursive[36] | Yes[37] | Yes | Yes | No | No | No | 156.154.70.1 156.154.71.1 |
2610:a1:1018::1 2610:a1:1019::1 |
None | |||
156.154.70.2 156.154.71.2 |
2610:a1:1018::2 2610:a1:1019::2 |
Malware, ransomware, spyware, phishing | ||||||||||
156.154.70.3 156.154.71.3 |
2610:a1:1018::3 2610:a1:1019::3 |
Low security + gambling, pornography, violence, hate | ||||||||||
156.154.70.4 156.154.71.4 |
2610:a1:1018::4 2610:a1:1019::4 |
Medium security + gaming, adult, drugs, alcohol, anonymous proxies | ||||||||||
156.154.70.5 156.154.71.5 |
2610:a1:1018::5 2610:a1:1019::5 |
None | Will not redirect non-existent domains to a landing page | |||||||||
Norton ConnectSafe[38] | Yes[39] | Yes | No | No | No | No | 199.85.126.10 199.85.127.10 |
— | Security (malware, phishing sites and scam sites) | Shut down on November 15, 2018[40] | ||
199.85.126.20 199.85.127.20 |
Security and pornography | |||||||||||
199.85.126.30 199.85.127.30 |
Family-friendly: security, pornography and other objectionable content | |||||||||||
OpenDNS[41] | 31[42] | Yes[43] | Yes | No | No | No | Yes[44] | resolver1.opendns.com resolver2.opendns.com |
208.67.222.222 208.67.220.220 |
2620:119:35::35 2620:119:53::53 |
Basic Security filtering + user defined policies | |
resolver1-fs.opendns.com resolver2-fs.opendns.com |
208.67.222.123 208.67.220.123 |
"FamilyShield": adult content | ||||||||||
resolver1.ipv6-sandbox.opendns.com resolver2.ipv6-sandbox.opendns.com |
2620:0:ccc::2 2620:0:ccd::2 |
None | Sandbox addresses which provide no filtering | |||||||||
OpenNIC[45] | Yes[46] | Yes | No | No | No | Partial[47] | Several [48] | 185.121.177.177 169.239.202.202 |
2a05:dfc7:5::53 2a05:dfc7:5::5353 |
List of all OpenNIC Tier 2 DNS Resolvers | ||
Quad9[49] | 137[50] | Yes[51] | Yes | Yes[52] | Yes[53] | Yes[54] | Yes[55] | dns.quad9.net rpz-public-resolver1.rrdns.pch.net |
9.9.9.9 149.112.112.112 |
2620:fe::fe 2620:fe::9 |
Malicious domains (phishing, malware, exploit kit domains) | |
No[56] | dns-nosec.quad9.net | 9.9.9.10 149.112.112.10 |
2620:fe::10 2620:fe::fe:10 |
None | ||||||||
SafeDNS[57] | Yes | Yes | No | No | No | No | dns1.safedns.com dns2.safedns.com |
195.46.39.39 195.46.39.40 |
Malicious, phishing domains + user defined policies | |||
UncensoredDNS[58] | No | Yes | Yes | Yes[59] | No | No | anycast.censurfridns.dk unicast.censurfridns.dk |
91.239.100.100 89.233.43.71 |
2001:67c:28a4:: 2a01:3a0:53:53:: |
None | Hosted in Denmark, servers listen to ports 53 and 5353 | |
VeriSign Public DNS[60] | Yes[61] | Yes | Yes[62] | No | No | No | recpubns1.nstld.net recpubns2.nstld.net |
64.6.64.6 64.6.65.6 |
2620:74:1b::1:1 2620:74:1c::2:2 |
None | ||
Yandex.DNS[63] | Yes[64] | Yes | No | No | No | Yes | dns.yandex.ru secondary.dns.yandex.ru |
77.88.8.1 77.88.8.8 |
2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff |
None | ||
safe.dns.yandex.ru secondary.safe.dns.yandex.ru |
77.88.8.2 77.88.8.88 |
2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad |
"Safe": fraudulent / infected / bot sites | |||||||||
family.dns.yandex.ru secondary.family.dns.yandex.ru |
77.88.8.3 77.88.8.7 |
2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11 |
"Family": fraudulent / infected / bot / adult sites |
References
- ^ "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
- ^ "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
- ^ "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Retrieved 2016-10-22.
- ^ "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
- ^ Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
{{cite web}}
: Cite has empty unknown parameter:|dead-url=
(help) - ^ Brinkmann, Martin (2018-12-31). "A look at AdGuard DNS". Ghacks Technology News. Retrieved 2019-08-02.
- ^ "How to set up AdGuard DNS". adguard.com. Retrieved 2019-08-12.
- ^ "IPv4 and IPv6 Anycast DNS Firewall and Resolver".
- ^ NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ "Parental Control with DNS over TLS Support".
- ^ NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
- ^ "1.1.1.1 — the Internet's Fastest, Privacy-First DNS Resolver".
- ^ Cloudflare: Our Anycast Network Map
- ^ "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
- ^ "The Nitty Gritty - Cloudflare Resolver".
- ^ Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
- ^ Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
- ^ "Test DNS owner one.one.one.one". 2018-08-21.
- ^ Supporting IPv6-only Networks
- ^ Comodo Secure DNS, Managed DNS Service, Secure DNS Provider
- ^ CZ.NIC Open DNSSEC Validating Resolvers
- ^ "CZ.NIC - Otevřené DNSSEC Validující Resolvery".
- ^ dnscrypt.ca
- ^ "dnscrypt.ca: Privacy Policy".
- ^ "Surf faster with Dyn's Recursive DNS". dyn.com. Retrieved 2018-12-31.
- ^ "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
- ^ "DNS.WATCH". dns.watch. Retrieved 2019-01-16.
- ^ Freenom World
- ^ Google Public DNS
- ^ Google Public DNS: Where are your servers currently located?
- ^ Google Public DNS: Your Privacy
- ^ Google Public DNS: DNS-over-HTTPS
- ^ "Get Started | Public DNS".
- ^ Google Public DNS64
- ^ "Recursive DNS on the Global Anycast Network | Neustar". security.neustar. Retrieved 2018-10-24.
- ^ "Privacy Policy | Neustar". home.neustar.
- ^ Norton ConnectSafe
- ^ Norton ConnectSafe Privacy Notice
- ^ "Norton ConnectSafe". connectsafe.norton.com. Retrieved 2018-12-31.
- ^ Cloud Delivered Enterprise Security by OpenDNS
- ^ OpenDNS: Data Center Locations
- ^ Cisco Online Privacy Statement
- ^ OpenDNS and DNSCrypt
- ^ OpenNIC Project
- ^ OpenNIC: Privacy Policy
- ^ OpenNIC: DNSCrypt
- ^ OpenNIC Tier 2 DNS Resolvers
- ^ Quad9 DNS: Internet Security and Privacy in a Few Easy Steps
- ^ Quad9’s Year One Success Shows There is a DNS Solution that Provides Both Privacy and Security
- ^ Quad9: Privacy, Data Collection and Use Policy
- ^ Quad9 FAQ: Does Quad9 implement DNSSEC?
- ^ Quad9 Frequently Asked Questions
- ^ DoH with Quad9 DNS Servers
- ^ Quad9 DNSCrypt Now In Testing
- ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
- ^ SafeDNS
- ^ UncensoredDNS
- ^ DNS over TLS Pubkey Pinning Info for unicast.uncensoreddns.org
- ^ Verisign Public DNS
- ^ Verisign Public DNS Terms of Service
- ^ Verisign Public DNS Forum: employee post
- ^ Yandex.DNS
- ^ Terms of use of the Yandex.DNS service