Public recursive name server

From HandWiki
Short description: Name resolver service for the Domain Name System

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of (or in addition to) name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

  • speed, compared to using ISP DNS services[1]
  • filtering (security, ad-blocking, porn-blocking, etc.)[2]
  • reporting[3]
  • avoiding censorship[4]
  • redundancy (smart caching)[5]
  • access to unofficial alternative top level domains not found in the official DNS root zone
  • temporary unavailability of the ISP's name server

Public DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Most services now support secure DNS lookup transport services such as DNS over TLS (DoT), DNS over HTTPS (DoH) and DNS over QUIC (DoQ).

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

Notable public DNS service operators

Provider Privacy policy DNS over UDP/TCP (Do53) DNSSEC DNS over TLS (DoT) DNS over HTTPS (DoH) DNS over QUIC (DoQ) EDNS Padding DNSCrypt Hostname IPv4 addresses IPv6 addresses Filters Remarks
AdGuard Yes[6] Yes Yes[7] Yes Yes[8] Yes[9] No Yes[10] dns.adguard-dns.com[11] 94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
Default: ads and trackers[11]
family.adguard-dns.com 94.140.14.15
94.140.15.16
2a10:50c0::bad1:ff
2a10:50c0::bad2:ff
Family: ads, trackers, and adult content[11]
unfiltered.adguard-dns.com 94.140.14.140
94.140.14.141
2a10:50c0::1:ff
2a10:50c0::2:ff
None[11]
CleanBrowsing Yes[12] Yes Yes Yes[13] Yes[14] No Yes Yes[15] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family Designed to be used on devices of kids under 13.
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare Yes[16] Yes Yes[17] Yes[18] Yes[19] No[20] Yes No one.one.one.one[21]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
None
security.cloudflare-dns.com 1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002
Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
Malware, Phishing,
Adult content
dns64.cloudflare-dns.com N/A 2606:4700:4700::64
2606:4700:4700::6400
None Intended to be IPv6-only.[22] See NAT64 and DNS64.
Google Yes[23] Yes Yes Yes Yes[24] No Yes No dns.google[25] 8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
None
dns64.dns.google N/A 2001:4860:4860::6464
2001:4860:4860::64
None Intended for networks with NAT64 gateway.[26]
Gcore Yes[27] Yes Yes No No No No No N/A 95.85.95.85
2.56.220.2
2a03:90c0:999d::1
2a03:90c0:9992::1
None
Mullvad Only for VPN service available[28] No[29] Yes Yes[29] Yes[29] No No No dns.mullvad.net[29] 194.242.2.2 2a07:e340::2 None Can be used without its VPN service
adblock.dns.mullvad.net 194.242.2.3 2a07:e340::3 Ads, and trackers
base.dns.mullvad.net 194.242.2.4 2a07:e340::4 Ads, trackers, and malware
extended.dns.mullvad.net 194.242.2.5 2a07:e340::5 Ads, trackers, malware, and social media
all.dns.mullvad.net 194.242.2.9 2a07:e340::9 Ads, trackers, malware, social media, gambling and adult content
OpenDNS Yes[30] Yes Yes[31] Yes Yes[32] No Yes Yes[33] dns.opendns.com 208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123
2620:119:35::123
2620:119:53::123
FamilyShield: adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2
2620:0:ccc::2
2620:0:ccd::2
None Sandbox addresses that provide no filtering.
Quad9 Yes[34][35] Yes Yes[36] Yes[37] Yes[38] No No Yes[39] dns.quad9.net 9.9.9.9
149.112.112.112
2620:fe::9
2620:fe::fe
Phishing, malware, and exploit kit domains
Yes[36] dns11.quad9.net 9.9.9.11
149.112.112.11
2620:fe::11
2620:fe::fe:11
Phishing, malware, and exploit kit domains Passes EDNS Client Subnet.
No[40] dns10.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
None
Yandex No[41] Yes No Yes Yes No Yes Yes dns.yandex.ru
secondary.dns.yandex.ru
77.88.8.8
77.88.8.1
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
None
safe.dns.yandex.ru
secondary.safe.dns.yandex.ru
77.88.8.88
77.88.8.2
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
Safe: fraudulent / infected / bot sites
family.dns.yandex.ru
secondary.family.dns.yandex.ru
77.88.8.7
77.88.8.3
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
Family: fraudulent / infected / bot / adult sites

References

  1. "How to Change Your Default DNS to Google DNS for Fast Internet Speeds" (in en-US). TechWorm. 2016-08-20. http://www.techworm.net/2016/08/change-default-dns-google-dns-fast-internet-speeds.html. 
  2. "A simple way to get around Rogers' DNS re-directing". IT Business. http://www.itbusiness.ca/news/a-simple-way-to-get-around-rogers-dns-re-directing/12025. 
  3. "OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella". http://mspmentor.net/managed-services/110415/opendns-adds-centralized-reporting-ip-layer-enforcement-umbrella. 
  4. "Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak" (in en-US). TorrentFreak. 2015-12-03. https://torrentfreak.com/austrian-pirate-bay-blockade-censors-slovak-internet-accidentally-151203/. 
  5. Security; Iana. "DNS devastation: Top websites whacked offline as Dyn dies again". https://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack/. 
  6. AdGuard DNS Privacy Notice
  7. AdGuard DNS FAQ: What is DNSSEC?
  8. The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
  9. AdGuard DNS-over-QUIC
  10. Adguard DNS now supports DNSCrypt
  11. 11.0 11.1 11.2 11.3 AdGuard DNS Setup guide
  12. NOC.org / dcid. "CleanBrowsing Privacy and Terms of Service". Cleanbrowsing.org. https://cleanbrowsing.org/privacy. Retrieved 2019-01-04. 
  13. "Parental Control with DNS over TLS Support". https://cleanbrowsing.org/dnsovertls. 
  14. NOC.org / dcid. "Parental Control with DNS Over HTTPS (DoH) Support". Cleanbrowsing.org. https://cleanbrowsing.org/dnsoverhttps. Retrieved 2019-01-04. 
  15. NOC.org / dcid. "Parental Control with DNSCrypt Support". Cleanbrowsing.org. https://cleanbrowsing.org/dnscrypt. Retrieved 2019-01-04. 
  16. "Privacy Policy". Cloudflare. https://www.cloudflare.com/privacypolicy/. Retrieved 2019-01-04. 
  17. "The Nitty Gritty - Cloudflare Resolver". 24 January 2023. https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/#dnssec. 
  18. Cloudflare Inc (2018-03-31). "DNS over TLS - Cloudflare Resolver". Developers.cloudflare.com. https://developers.cloudflare.com/1.1.1.1/dns-over-tls/. Retrieved 2019-01-04. 
  19. Cloudflare Inc. "DNS over HTTPS - Cloudflare Resolver". Developers.cloudflare.com. https://developers.cloudflare.com/1.1.1.1/dns-over-https/. Retrieved 2019-01-04. 
  20. "DNS over QUIC (DoQ)". Cloudflare Community. https://community.cloudflare.com/t/dns-over-quic-doq/415627. Retrieved 2022-09-12. 
  21. "Test DNS owner one.one.one.one". 2018-08-21. https://community.cloudflare.com/t/test-dns-owner-one-one-one-one/29970/4. 
  22. "Supporting IPv6-only Networks". https://developers.cloudflare.com/1.1.1.1/support-nat64/. 
  23. Google Public DNS: Your Privacy
  24. Google Public DNS: DNS-over-HTTPS
  25. "Get Started | Public DNS". https://developers.google.com/speed/public-dns/docs/using. 
  26. Google Public DNS64
  27. [1]
  28. "Privacy policy - Guides" (in en). https://mullvad.net/en/help/privacy-policy/. 
  29. 29.0 29.1 29.2 29.3 "DNS over HTTPS and DNS over TLS - Guides" (in en). 2023-08-08. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/. 
  30. Cisco Online Privacy Statement
  31. OpenDNS: DNSSEC General Availability
  32. OpenDNS: Querying OpenDNS using DoH
  33. OpenDNS: OpenDNS and DNSCrypt
  34. Quad9: Compliance and Applicable Law
  35. Quad9: Data and Privacy Policy
  36. 36.0 36.1 Quad9 FAQ: Does Quad9 implement DNSSEC?
  37. Quad9 FAQ: Does Quad9 support DNS over TLS?
  38. Quad9 FAQ: Does Quad9 support DNS over HTTPS (DoH)?
  39. Quad9 FAQ: Does Quad9 support dnscrypt?
  40. Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?
  41. Terms of use of the Yandex.DNS service

External links