Public recursive name server

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

  • speed, compared to using ISP DNS services[1]
  • filtering (security, ad-blocking, porn-blocking, etc.)[2]
  • reporting[3]
  • avoiding censorship[4]
  • redundancy (smart caching)[5]
  • access to unofficial alternative top level domains not found in the official DNS root zone
  • temporary unavailability of the ISP's name server

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS (DoH) and DNS over TLS (DoT).

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

List of public DNS service operators

Provider Nodes Privacy policy DNS over UDP DNSSEC DNS over TLS DNS over HTTPS DNSCrypt Hostnames IPv4 addresses IPv6 addresses Filters Remarks
AdGuard 12[6] Yes[7] Yes Yes[8] Yes Yes[9] Yes[10] dns.adguard.com 94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
Default[11] A free, privacy-oriented DNS resolution system that blocks tracking, ads and phishing.[12]
dns-family.adguard.com 94.140.14.15
94.140.15.16
2a10:50c0::bad1:ff
2a10:50c0::bad2:ff
Family[11]
dns-unfiltered.adguard.com 94.140.14.140
94.140.14.141
2a10:50c0::1:ff
2a10:50c0::2:ff
None[11]
CleanBrowsing 20 Yes[13] Yes Yes Yes[14] Yes[15] Yes[16] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare 200[17] Yes[18] Yes Yes[19] Yes[20] Yes[21] No one.one.one.one[22]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
None
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400
None Intended to be used with IPv6-only network.[23] See NAT64 and DNS64.
security.cloudflare-dns.com 1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002
Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
Malware, Phishing,
Adult content
Comodo No Yes Yes No No Yes ns1.recursive.dnsbycomodo.com
ns2.recursive.dnsbycomodo.com
8.26.56.26
8.20.247.20
Dyn Yes[24] Yes Yes No No No resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com
216.146.35.35
216.146.36.36
Shut down on May 31, 2022
Google 23[25] Yes[26] Yes Yes Yes Yes[27] No dns.google[28]
google-public-dns-a.google.com
google-public-dns-b.google.com
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
None
dns64.dns.google 2001:4860:4860::6464
2001:4860:4860::64
None Intended to be used on networks with NAT64 gateway.[29]
Neustar Yes[30] Yes Yes No No No 64.6.64.6

64.6.65.6

156.154.70.1
156.154.71.1

2620:74:1b::1:1

2620:74:1c::2:2

2610:a1:1018::1
2610:a1:1019::1

None Verisign transferred its public DNS (IPs starting in 64. or 2620:) to Neustar on Dec 3, 2020[31]
156.154.70.2
156.154.71.2
2610:a1:1018::2
2610:a1:1019::2
Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3
2610:a1:1018::3
2610:a1:1019::3
Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4
2610:a1:1018::4
2610:a1:1019::4
Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5
2610:a1:1018::5
2610:a1:1019::5
None Will not redirect non-existent domains to a landing page
OpenDNS 31[32] Yes[33] Yes Yes[34] No Yes[35] Yes[36] dns.opendns.com 208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123
2620:119:35::123
2620:119:53::123
"FamilyShield": adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2
2620:0:ccc::2
2620:0:ccd::2
None Sandbox addresses which provide no filtering
OpenNIC Yes[37] Yes Yes No No Partial[38] Several [39] 185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
List of all OpenNIC Tier 2 DNS Resolvers
Quad9 149[40] Yes[41] Yes Yes[42] Yes[43] Yes[44] Yes[45] dns.quad9.net
rpz-public-resolver1.rrdns.pch.net
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
Malicious domains (phishing, malware, exploit kit domains)
No[46] dns-nosec.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
None
Yandex Yes[47] Yes No No No Yes dns.yandex.ru
secondary.dns.yandex.ru
77.88.8.1
77.88.8.8
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru
77.88.8.2
77.88.8.88
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
"Safe": fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru
77.88.8.3
77.88.8.7
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
"Family": fraudulent / infected / bot / adult sites

References

  1. "How to Change Your Default DNS to Google DNS for Fast Internet Speeds". TechWorm. 2016-08-20. Retrieved 2016-10-22.
  2. "A simple way to get around Rogers' DNS re-directing". IT Business. Retrieved 2016-10-22.
  3. "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". mspmentor.net. Archived from the original on 2016-10-22. Retrieved 2016-10-22.
  4. "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak". TorrentFreak. 2015-12-03. Retrieved 2016-10-22.
  5. Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". The Register. Retrieved 2016-10-22.
  6. AdGuard DNS servers map
  7. AdGuard DNS Privacy Notice
  8. AdGuard DNS FAQ: What is DNSSEC?
  9. The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  10. Adguard DNS now supports DNSCrypt
  11. AdGuard DNS Setup guide
  12. "AdGuard DNS FAQ: What is AdGuard DNS?". adguard.com. Retrieved 2019-08-12.
  13. NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. Retrieved 2019-01-04.
  14. "Parental Control with DNS over TLS Support".
  15. NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  16. NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. Retrieved 2019-01-04.
  17. Cloudflare: Our Anycast Network Map
  18. "Privacy Policy". Cloudflare. Retrieved 2019-01-04.
  19. "The Nitty Gritty - Cloudflare Resolver".
  20. Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  21. Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. Retrieved 2019-01-04.
  22. "Test DNS owner one.one.one.one". 2018-08-21.
  23. Supporting IPv6-only Networks
  24. "Oracle's Privacy Policy". dyn.com. Retrieved 2018-12-31.
  25. Google Public DNS: Where are your servers currently located?
  26. Google Public DNS: Your Privacy
  27. Google Public DNS: DNS-over-HTTPS
  28. "Get Started | Public DNS".
  29. Google Public DNS64
  30. "Privacy Policy | Neustar". home.neustar.
  31. "Verisign Public DNS Offers DNS Stability And Security – Verisign". www.verisign.com. Retrieved 2020-12-05.
  32. OpenDNS: Data Center Locations
  33. Cisco Online Privacy Statement
  34. DNSSEC General Availability - OpenDNS
  35. OpenDNS and DNSCrypt
  36. OpenNIC: Privacy Policy
  37. OpenNIC: DNSCrypt
  38. OpenNIC Tier 2 DNS Resolvers
  39. Quad9 Locations
  40. Quad9: Privacy, Data Collection and Use Policy
  41. Quad9 FAQ: Does Quad9 implement DNSSEC?
  42. Quad9 Frequently Asked Questions
  43. DoH with Quad9 DNS Servers
  44. Quad9 DNSCrypt Now In Testing
  45. Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  46. Terms of use of the Yandex.DNS service
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.