The goal of this page is to provide a high level overview of the operations and privacy policies and practices (as published in 2019) of some of the larger DNS Privacy service offerings.
NOTE: An analysis of privacy statements by operators will clearly only provide a snapshot at the time of writing. The page content was last reviewed on 18th Dec 2019. Please email any corrections to firstname.lastname@example.org
UDP/TCP and TLS (port 853) service provided on two addresses:
UDP/TCP and TLS (port 853) service provided on 22.214.171.124, 126.96.36.199, 2606:4700:4700::1111 and 2606:4700:4700::1001.
DoH provided on: https://cloudflare-dns.com/dns-query
Tor endpoint: https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion
UDP/TCP and TLS (port 853) service provided on 188.8.131.52, 184.108.40.206, 2001:4860:4860::8888 and 2001:4860:4860::8844.
UDP/TCP service provided on 220.127.116.11 and 18.104.22.168 (no IPv6).
The following tables provides a high-level comparison of the policy and practice statements above and also some observations of practice measured at dnsprivacy.org.
The data is not exhaustive and has not been reviewed or confirmed by the operators.
The List Items in the title are those from version -01 of the BCP for DNS privacy operators.
A question mark indicates no clear statement or data could be located on the issue. A dash indicates the category is not applicable to the service.
|Redirect NXDOMAIN||IP address are PII||IP address logging||Clear list of what data stored and for how long||Share anonymized data with partners||Share identifiable data with partners||Share or sell data to third parties||Exceptions to collection for attack analysis||non-profit||Partners||Combine DNS data with other data sources||Redirect NXDOMAIN||Block domains|
(1) Only in temporary logs
|Respect client ECS||Local root zone||Auth Domain Name||SPKI pinset||Juristdiction
(1) Only in exceptional circumstances