the_simple_computer

A List of DNS Service Providers

Updated July 13, 2015.

This site is no longer being maintained so anything below could still be accurate, or very outdated.


A DNS resolver is a server which translate a website's domain (mozilla.org) into its IP address (63.245.217.105). When any application initially accesses a website by domain, that program contacts a DNS server to look up its IP address. The IP is received back and the page is loaded, the download is started or whatever the application is designed to do. Usually the IP is then cached locally for a certain amount of time.

Most devices connected to the internet are using the DNS resolvers of the ISP of the network they're on, but these can be overridden with settings in either your computer, your router/gateway device. You may find it preferable to set your router to specific DNS addresses instead of your computer. This funnels all devices on your network to the DNS servers you designate. To figure out what DNS service you are using now, see here.


Why would you want to use a different DNS service?

Because first of all, DNSCrypt is extraordinary and everyone should use it whenever possible. Other than that, some ISP’s DNS resolution can be unreliable or generally slow. Some public networks and ISPs reflect various forms of bias or censorship. Some ISPs redirect to their own error pages for unknown URLs after scraping browser information and what it was looking for.

There are DNS services which filter malicious websites and this (aside of using DNSCrypt) would be your security benefit to using alternate resolvers. However, your web browser is filtering traffic by default (Google Safebrowsing and Microsoft SmartScreen), as are many antimalware programs these days so whether DNS filtering is redundant or not would depend on your setup. DNS filtering also won't stop malware written to bypass DNS by connecting directly to an IP address.

On the other hand, alternate DNS dramatically increases privacy if you're using DNSCrypt but you can also gain if your ISP outsources DNS resolution to 3rd parties. In that situation, not only does your ISP have your web history, but so does the contracted DNS company(s). If this describes your ISP then you may find useful the transparency of a DNS provider with a loose or nonexistent logging policy.

Another situation would be if your using a VPN service. Setting your computer to use the VPN provider's designated DNS is how you would keep DNS requests from leaking out of the private tunnel. If you're running your own VPN, then you can use whichever provider you what.


Why would you not want to use a different DNS service?

If your ISP does their own resolution and you’re satisfied with it, why send your web traffic to yet another company and/or geographic region?

Forcing specific DNS settings will interfere with with captive portals which are used as login gateways and Terms of Use checkpoints for guest network access (think coffee shops, hotels, etc.) Totally open WiFi shouldn't have this problem, and some captive networks will allow you to use your own DNS choice but only after you're authenticated.

DNSCrypt providers

Here is where you can find a detailed list of all the publicly available DNSCrypt resolvers, their locations and key info. DNSCrypt currently can not use more than 1 provider so if that primary provider goes down, you're without DNS resolution unless you change to another. You should add other DNSCrypt services to those already in the configuration file so that if problems arise, you can easily switch to a new resolver. An alternative to that would be to set your operating system to use a non-DNSCrypt DNS resolver as a fallback for when the DNSCrypt resolver isn't reachable.


Regular DNS Providers

Alternate DNS

Blocks ads and known phishing and malware sites. Dynadot LLC is the company behind the service and the DNS servers are located at Rackspace Hosting in the United States. http://www.alternate-dns.com/

Censurfridns.dk

Started and operated by a Danish individual for people in places where DNS censorship is used. DNS servers are located at Solido Hosting and Siminn Danmark A/S, both in Denmark. http://www.censurfridns.dk/

Chaos Computer Club

Chaos Computer Club dates back to 1981 and is a German organization for data privacy, security and ethical use of technology. Their DNS server is located at Inter.net Germany GmbH in Germany (dnscache.berlin.ccc.de, see the list at the bottom of the page). http://www.ccc.de/censorship/dns-howto

Comodo SecureDNS

Filters "phishing sites, malware sites, spyware sites, and parked domains that may contain excessive advertising..." The IP address block of Comodo's DNS servers is owned by Level 3 Communications, Inc. A netblock (a subset IP range) containing both server IPs was delegated from L3 to Peak 10, Inc. and Peak 10 then further assigned a smaller netblock containing one DNS server to Elvate LLC, both located in the United States. Elvate provides directional DNS through Comwired, which is "...powered by DNS.com by Comodo." Comwired is part of the Comodo Group. http://www.comodo.com/secure-dns/

Neustar DNS Advantage

Emphasizes a safer "...Internet experience" but DNS Advantage is Neustar's free offering of a paid service and it's not clear if malware filtering is available. Servers at Neustar, Inc. in the U.S. https://www.neustar.biz/services/dns-services/free-recursive-dns

DNS.Watch

Censorship-free DNS for IPv4 and IPv6 with no query logging. Ideal-Hosting UG located in Germany is the company behind DNS.Watch and are part of AS61957, a global network of IT services and companies. https://dns.watch/index

Digitalcourage

Digitalcourage is the name for what was previously FoeBuD e.V., a 25 year old German organization for data privacy and civil rights. Their DNS service provides uncensored DNS resolution and is located at Strato AG in Germany. https://digitalcourage.de/themen/fruehere-themen/zensur

Fool DNS

Filters malicious site content and comes in a free and paid version. For non-account users, IP addresses are removed from logs within 1 hour. First DNS server at Keyweb AG in Germany and the second is at NS3 s.r.l. in Italy. http://www.fooldns.com/fooldns-community/

FreeDNS

No logging or traffic filtering. Servers at Emerion WebHosting GmbH in Austria. http://freedns.zone/

GreenTeamDNS

GreenTeam is an Israeli comapny which provides web content filtering services and their free offering is GreenTeamDNS. One resolution server is located at Bezeq International in Israel. The other is part of an IP block which belonged to Equant, Inc, a Dutch company (with an address in Virginia, U.S...?) which was absorbed into one of the predecessors of what is now France's Orange S.A.

The second IP is part of a netblock which was reallocated from Equant to BARAK, a now defunct Israeli Telecom company on which this is the only real thing my search-fu can turn up. BARAK seems to then have either become, or was acquired by, NetVision which is still one of Israel's largest ISPs. http://www.greentm.co.uk/

Google

Performs validity checks to mitigate spoofing and denial-of-service attacks. Collects temporary logs and “permanent” logs. Servers in the United States. https://developers.google.com/speed/public-dns

Level 3 Communications

209.244.0.3 | 209.244.0.4

4.2.2.1 | 4.2.2.2

4.2.2.3 | 4.2.2.4

4.2.2.5 | 4.2.2.6

This is/was the default DNS provider for Verizon, one of the United States’s largest telecom companies. Level 3 makes up a large part of the internet backbone of the U.S. and Level 3's DNS service doesn’t have a web page because it's not officially intended for public use. Servers are in the U.S. http://www.level3.com/

Mailshell

Here is a list of Mailshell's IPs and their locations. They work without purchasing their SDK program but then you don’t get HTTPS resolution. http://www.mailshell.com/mail/client/oem2.html/step/dnssdk

Norton ConnectSafe

You can use their nameservers without the ConnectSafe service and there are several different levels of content blocking to choose from. Norton records but is not limited to "...requestor’s IP addresses with the last octet stripped off, requested domains, date/time stamps, etc." Info is shared within the Symantec group and is kept for 2 days. Resolution servers located at Symantec Corporation in the U.S. https://dns.norton.com/

OpenDNS

Nameserver addresses depend on your region, DNSCrypt servers available. OpenDNS collects and shares your connection info with partners. Not necessary to create an account to get the free service's IP address. Servers are at OpenDNS LLC. in the U.S. http://www.opendns.com/

OpenNIC Project

This is a community collaboration, not a single company. Retention policy depends on the individual server and varies from logs not kept, kept for up to 24 hours or not specified. Sharing of recorded logs is also not specified. See OpenNIC's address chart to find servers ideal for you or just use the recommendations given on the homepage. http://www.opennicproject.org/

Public DNS server list

As with OpenNIC Project, this site lists hundreds of nameservers all over the world for both IPv4 and IPv6. You can search by country and resutls will show the city/area and link you to whois info. No mention of logging policies are made. http://public-dns.tk/

Public-Root

Public-Root also has many international servers to choose from. No mention of logging policy. http://public-root.com/root-server-check/index.htm

Xiala (was Swiss Privacy Foundation)

In June 2015, the Swiss Privacy Foundation took down their DNS servers and now recommend resolvers by IG Xiala, also in Switzerland. https://xiala.net/services/dns.html

Yandex DNS

Yandex is one of Russia’s biggest search engines and they have several levels of DNS service: Basic & unfiltered, virus/malware filtering and adult content filtering. Servers at Yandex LLC in Russia. http://dns.yandex.com/

Speed Testing DNS Services

There are several ways to do this depending on your operating system. The many variables involved will mean that results are not 100% reproducible but patterns will be evident. Test each resolver 3 or 5 times to see where it shows up on average.

Linux

Test addresses individually by running dig @dns_ip somesite.com in the terminal. There's no need to mess with /etc/resolv.conf and the query time will be at the bottom of the output. The dig utility is included with the package dnsutils which many distros include by default.

Windows

The easiest way to do this is with Gibson Research's DNS Benchmark. It runs from the download location so there's no installation. Instructions to use the application are given on the linked page.

Share this page.