Public recursive name server: Difference between revisions

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:

• speed, compared to using ISP DNS services^[1]
• filtering (security, ad-blocking, porn-blocking, etc.)^[2]
• reporting^[3]
• avoiding censorship^[4]
• redundancy (smart caching)^[5]
• access to unofficial alternative top level domains not found in the official DNS root zone

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

List of public DNS service operators

Provider	Nodes	Privacy policy	DNS over UDP	DNSSEC	DNS over TLS	DNS over HTTPS	DNSCrypt	Hostnames	IPv4 addresses	IPv6 addresses	Filters	Remarks
AdGuard DNS[6]	20	Yes	Yes	No	Yes	Yes	Yes	dns.adguard.com	176.103.130.130 176.103.130.131	2a00:5a60::ad1:0ff 2a00:5a60::ad2:0ff	Default (ad servers, malicious, phishing domains)	DNS functionality designed as a part of other AdGuard software, most of which are distributed on a pay-to-use basis. AdGuard DNS is free.[7]
		Yes	No	Yes	Yes	Yes	dns-family.adguard.com	176.103.130.132 176.103.130.134	2a00:5a60::bad1:0ff 2a00:5a60::bad2:0ff	Family (Adult websites, ad servers, malicious, phishing domains)
CleanBrowsing[8]	20	Yes[9]	Yes	Yes	Yes[10]	Yes[11]	Yes[12]		185.228.168.168 185.228.169.168	2a0d:2a00:1:: 2a0d:2a00:2::	Family	Designed to be used on devices of kids under 13.
									185.228.168.10 185.228.169.11	2a0d:2a00:1::1 2a0d:2a00:2::1	Adult
									185.228.168.9 185.228.169.9	2a0d:2a00:1::2 2a0d:2a00:2::2	Security
Cloudflare 1.1.1.1[13]	165[14]	Yes[15]	Yes	Yes[16]	Yes[17]	Yes[18]	No	one.one.one.one[19] 1dot1dot1dot1.cloudflare-dns.com	1.1.1.1 1.0.0.1	2606:4700:4700::1111 2606:4700:4700::1001	None
								dns64.cloudflare-dns.com	—	2606:4700:4700::64 2606:4700:4700::6400	None	Intended to be used with IPv6-only network.[20]
Comodo Secure DNS[21]		No	Yes	No	No	No	Yes	ns1.recursive.dnsbycomodo.com ns2.recursive.dnsbycomodo.com	8.26.56.26 8.20.247.20	—
CZ.NIC ODVR[22]		Yes	Yes	Yes	Yes	Yes	No	odvr.nic.cz [23]	193.17.47.1 185.43.135.1	2001:148f:ffff::1 2001:148f:fffe::1	None	Servers are located in Prague
dnscrypt.ca[24]		Yes[25]	No	Yes	No	No	Yes	dns1.dnscrypt.ca dns2.dnscrypt.ca	192.99.183.132 192.99.183.133	2607:5300:60:4aa8::600 2607:5300:60:4aa8::700	None	Servers located in Beauharnois, Quebec. No query logs.
Dyn DNS[26]		Yes[27]	Yes	Yes	No	No	No	resolver1.dyndnsinternetguide.com resolver2.dyndnsinternetguide.com	216.146.35.35 216.146.36.36	—		Shut down on May 31, 2020
DNS.WATCH[28]		No	Yes	Yes	No	No	No	resolver1.dns.watch resolver2.dns.watch	84.200.69.80 84.200.70.40	2001:1608:10:25::1c04:b12f 2001:1608:10:25::9249:d69b	None
Freenom World[29]		Yes	Yes	Yes	No	No	Yes		80.80.80.80 80.80.81.81		None	present in each global region
Google Public DNS[30]	23[31]	Yes[32]	Yes	Yes	Yes	Yes[33]	No	dns.google[34] google-public-dns-a.google.com google-public-dns-b.google.com	8.8.8.8 8.8.4.4	2001:4860:4860::8888 2001:4860:4860::8844	None
									—	2001:4860:4860::6464 2001:4860:4860::64	None	Intended to be used on networks with NAT64 gateway.[35]
Neustar UltraRecursive[36]		Yes[37]	Yes	Yes	No	No	No		156.154.70.1 156.154.71.1	2610:a1:1018::1 2610:a1:1019::1	None
									156.154.70.2 156.154.71.2	2610:a1:1018::2 2610:a1:1019::2	Malware, ransomware, spyware, phishing
									156.154.70.3 156.154.71.3	2610:a1:1018::3 2610:a1:1019::3	Low security + gambling, pornography, violence, hate
									156.154.70.4 156.154.71.4	2610:a1:1018::4 2610:a1:1019::4	Medium security + gaming, adult, drugs, alcohol, anonymous proxies
									156.154.70.5 156.154.71.5	2610:a1:1018::5 2610:a1:1019::5	None	Will not redirect non-existent domains to a landing page
Norton ConnectSafe[38]		Yes[39]	Yes	No	No	No	No		199.85.126.10 199.85.127.10	—	Security (malware, phishing sites and scam sites)	Shut down on November 15, 2018[40]
									199.85.126.20 199.85.127.20		Security and pornography
									199.85.126.30 199.85.127.30		Family-friendly: security, pornography and other objectionable content
OpenDNS[41]	31[42]	Yes[43]	Yes	No	No	No	Yes[44]	resolver1.opendns.com resolver2.opendns.com	208.67.222.222 208.67.220.220	2620:119:35::35 2620:119:53::53	Basic Security filtering + user defined policies
								resolver1-fs.opendns.com resolver2-fs.opendns.com	208.67.222.123 208.67.220.123		"FamilyShield": adult content
								resolver1.ipv6-sandbox.opendns.com resolver2.ipv6-sandbox.opendns.com		2620:0:ccc::2 2620:0:ccd::2	None	Sandbox addresses which provide no filtering
OpenNIC[45]		Yes[46]	Yes	No	No	No	Partial[47]	Several [48]	185.121.177.177 169.239.202.202	2a05:dfc7:5::53 2a05:dfc7:5::5353		List of all OpenNIC Tier 2 DNS Resolvers
Quad9[49]	137[50]	Yes[51]	Yes	Yes[52]	Yes[53]	Yes[54]	Yes[55]	dns.quad9.net rpz-public-resolver1.rrdns.pch.net	9.9.9.9 149.112.112.112	2620:fe::fe 2620:fe::9	Malicious domains (phishing, malware, exploit kit domains)
				No[56]				dns-nosec.quad9.net	9.9.9.10 149.112.112.10	2620:fe::10 2620:fe::fe:10	None
SafeDNS[57]		Yes	Yes	No	No	No	No	dns1.safedns.com dns2.safedns.com	195.46.39.39 195.46.39.40		Malicious, phishing domains + user defined policies
UncensoredDNS[58]		No	Yes	Yes	Yes[59]	No	No	anycast.censurfridns.dk unicast.censurfridns.dk	91.239.100.100 89.233.43.71	2001:67c:28a4:: 2a01:3a0:53:53::	None	Hosted in Denmark, servers listen to ports 53 and 5353
VeriSign Public DNS[60]		Yes[61]	Yes	Yes[62]	No	No	No	recpubns1.nstld.net recpubns2.nstld.net	64.6.64.6 64.6.65.6	2620:74:1b::1:1 2620:74:1c::2:2	None
Yandex.DNS[63]		Yes[64]	Yes	No	No	No	Yes	dns.yandex.ru secondary.dns.yandex.ru	77.88.8.1 77.88.8.8	2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff	None
								safe.dns.yandex.ru secondary.safe.dns.yandex.ru	77.88.8.2 77.88.8.88	2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad	"Safe": fraudulent / infected / bot sites
								family.dns.yandex.ru secondary.family.dns.yandex.ru	77.88.8.3 77.88.8.7	2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11	"Family": fraudulent / infected / bot / adult sites

References

1. "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
2. "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
3. "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Retrieved 2016-10-22.
4. "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
5. Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
6. Brinkmann, Martin (2018-12-31). "A look at AdGuard DNS". Ghacks Technology News. Retrieved 2019-08-02.
7. "How to set up AdGuard DNS". adguard.com. Retrieved 2019-08-12.
8. "IPv4 and IPv6 Anycast DNS Firewall and Resolver".
9. NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
10. "Parental Control with DNS over TLS Support".
11. NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
12. NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
13. "1.1.1.1 — the Internet's Fastest, Privacy-First DNS Resolver".
14. Cloudflare: Our Anycast Network Map
15. "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
16. "The Nitty Gritty - Cloudflare Resolver".
17. Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
18. Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
19. "Test DNS owner one.one.one.one". 2018-08-21.
20. Supporting IPv6-only Networks
21. Comodo Secure DNS, Managed DNS Service, Secure DNS Provider
22. CZ.NIC Open DNSSEC Validating Resolvers
23. "CZ.NIC - Otevřené DNSSEC Validující Resolvery".
24. dnscrypt.ca
25. "dnscrypt.ca: Privacy Policy".
26. "Surf faster with Dyn's Recursive DNS". dyn.com. Retrieved 2018-12-31.
27. "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
28. "DNS.WATCH". dns.watch. Retrieved 2019-01-16.
29. Freenom World
30. Google Public DNS
31. Google Public DNS: Where are your servers currently located?
32. Google Public DNS: Your Privacy
33. Google Public DNS: DNS-over-HTTPS
34. "Get Started | Public DNS".
35. Google Public DNS64
36. "Recursive DNS on the Global Anycast Network | Neustar". security.neustar. Retrieved 2018-10-24.
37. "Privacy Policy | Neustar". home.neustar.
38. Norton ConnectSafe
39. Norton ConnectSafe Privacy Notice
40. "Norton ConnectSafe". connectsafe.norton.com. Retrieved 2018-12-31.
41. Cloud Delivered Enterprise Security by OpenDNS
42. OpenDNS: Data Center Locations
43. Cisco Online Privacy Statement
44. OpenDNS and DNSCrypt
45. OpenNIC Project
46. OpenNIC: Privacy Policy
47. OpenNIC: DNSCrypt
48. OpenNIC Tier 2 DNS Resolvers
49. Quad9 DNS: Internet Security and Privacy in a Few Easy Steps
50. Quad9’s Year One Success Shows There is a DNS Solution that Provides Both Privacy and Security
51. Quad9: Privacy, Data Collection and Use Policy
52. Quad9 FAQ: Does Quad9 implement DNSSEC?
53. Quad9 Frequently Asked Questions
54. DoH with Quad9 DNS Servers
55. Quad9 DNSCrypt Now In Testing
56. Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
57. SafeDNS
58. UncensoredDNS
59. DNS over TLS Pubkey Pinning Info for unicast.uncensoreddns.org
60. Verisign Public DNS
61. Verisign Public DNS Terms of Service
62. Verisign Public DNS Forum: employee post
63. Yandex.DNS
64. Terms of use of the Yandex.DNS service

External links

• Home page of the DNSCrypt project: Public DNS servers