The following are services that have been announced by large organisations - they support DNS Privacy on anycast networks.
Details are provided in the Stubby config file for users who want to enable them.
|Hosted by||IP addresses||TLS Ports||Hostname for TLS
|Base 64 encoded form of SPKI pin(s) for TLS
|853||dns.quad9.net||Quad9 do NOT publish or recommend use of SPKI pins with their servers.||
See https://quad9.net and their FAQ for details of privacy, logging and filtering policies on the main and alternative addresses(1).
UDP and TCP service are also available on these addresses.
220.127.116.11 or 18.104.22.168
|853||cloudflare-dns.com||Cloudflare do NOT publish or recommend use of SPKI pins with their servers.||
UDP and TCP service are also available on these addresses. DNS-over-HTTPS is also available!
NOTE: To use this service by name only (i.e resolve the IP from the name) use 1dot1dot1dot1.cloudflare-dns.com.
22.214.171.124 or 126.96.36.199001:4860:4860::8888 or2001:4860:4860::8844
|CleanBrowsing||Various, see the CleanBrowsing website||853||Various, see the CleanBrowsing website||Not published||
This service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer. NOTE: also does DoH.
|Adguard||Various, see https://adguard.com/en/blog/adguard-dns-announcement/||853||Various, see https://adguard.com/en/blog/adguard-dns-announcement/||Not published||
This service provides different end points with different filters (default, family) so visit the website to select the end point with the filter you prefer.
NOTE: This is currently a Public Beta trial.
For a more up to date list of available of DoH severs you may want to look at https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
Details of a few any cast service and privacy policies:
This server is announced as part of the Firefox Nightly shield study.
RFC8484 (GET and POST)
|Quad9||Various||Please see https://www.quad9.net/doh-quad9-dns-servers/ for details|
|CleanBrowsing||Various, see the CleanBrowsing website||This service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer.|
|Adguard||Various, see https://adguard.com/en/blog/adguard-dns-announcement/|
|Comcast||https://doh.xfinity.com/dns-query||NOTE: This is currently a Public Beta trial.
Google also run a DoH endpoint at https://dns.google/resolve? using a proprietary JSON API.
AdGuard launched the first DoQ public resolver in 2020: https://adguard.com/en/blog/dns-over-quic.html