The following are services that have been announced by large organisations -  they support DNS Privacy on anycast networks. 

A list of experimental DoT test servers (including those run by the Stubby developers) is available on the Test Servers page.


DNS-over-TLS (DoT)

Details are provided in the  Stubby config file for users who want to enable them.

Hosted byIP addressesTLS PortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
Notes
Quad9 'secure'

9.9.9.9
2620:fe::fe

853dns.quad9.netQuad9 do NOT publish or recommend use of SPKI pins with their servers.
See https://quad9.net and their FAQ for details of privacy, logging and filtering policies on the main and alternative addresses(1).
UDP and TCP service are also available on these addresses.

Quad9 'insecure'

9.9.9.10
2620:fe::10

853dns.quad9.net
Cloudflare

1.1.1.1 or 1.0.0.1
2606:4700:4700::1111 or 2606:4700:4700::1001

853cloudflare-dns.comCloudflare do NOT publish or recommend use of SPKI pins with their servers.

https://blog.cloudflare.com/announcing-1111/
https://blog.cloudflare.com/dns-resolver-1-1-1-1/
PRIVACY POLICY: https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/

And also see https://labs.apnic.net/?p=1127 for details of the APNIC/Cloudflare agreement as mentioned on the Register.

UDP and TCP service are also available on these addresses. DNS-over-HTTPS is also available!

NOTE: To use this service by name only (i.e resolve the IP from the name) use 1dot1dot1dot1.cloudflare-dns.com.

Google

8.8.8.8 or 8.8.4.4
2001:4860:4860::8888 or
2001:4860:4860::8844

853dns.googleNot published

Google DoT service

Google Privacy policy

CleanBrowsingVarious, see the CleanBrowsing website853Various, see the CleanBrowsing websiteNot published

https://cleanbrowsing.org/privacy

This service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer. NOTE: also does DoH.

AdguardVarious, see https://adguard.com/en/blog/adguard-dns-announcement/853Various, see https://adguard.com/en/blog/adguard-dns-announcement/Not published

https://adguard.com/en/adguard-dns/setup.html#instruction

https://adguard.com/en/privacy.html

This service provides different end points with different filters (default, family) so visit the website to select the end point with the filter you prefer.

Comcast

96.113.151.145
2001:558:fe21:6b:96:113:151:145

853dot.xfinity.comNot published

NOTE: This is currently a Public Beta trial. 
https://corporate.comcast.com/privacy
https://corporate.comcast.com/stories/privacy-with-comcasts-xfinity-internet-service


DNS-over-HTTPS (DoH)

For a more up to date list of available of DoH severs you may want to look at  https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

Details of a few any cast service and privacy policies:

Hosted byURLNotes
Cloudflare

https://cloudflare-dns.com/dns-query

https://developers.cloudflare.com/1.1.1.1/dns-over-https/


PRIVACY POLICY: https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/
And also see https://labs.apnic.net/?p=1127 for details of the APNIC/Cloudflare agreement as mentioned on the Register.

Cloudflarehttps://mozilla.cloudflare-dns.com/dns-query

This server is announced as part of the Firefox Nightly shield study.
It has a different (stronger) privacy policy than the general Cloudflare DoH server above:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

Googlehttps://dns.google/dns-query

RFC8484 (GET and POST)

https://developers.google.com/speed/public-dns/docs/doh/

Quad9VariousPlease see https://www.quad9.net/doh-quad9-dns-servers/ for details
CleanBrowsingVarious, see the CleanBrowsing websiteThis service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer.
AdguardVarious, see https://adguard.com/en/blog/adguard-dns-announcement/
Comcasthttps://doh.xfinity.com/dns-queryNOTE: This is currently a Public Beta trial. 
https://corporate.comcast.com/privacy
https://corporate.comcast.com/stories/privacy-with-comcasts-xfinity-internet-service

Google also run a DoH endpoint at https://dns.google/resolve? using a proprietary JSON API.

  • No labels

3 Comments

  1. Here is another DOH server with a stronger privacy agreement:

    Hosted by:
    Cloudflare

    URL
    https://mozilla.cloudflare-dns.com/dns-query

    Notes:

    Firefox contracted Cloudflare to set up this DOH server with a strong privacy agreement. This makes it different to the other DOH server of Cloudflare that does not have "mozilla" in its URL.

    Privacy agreement at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

    More information at https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/



  2. DNS.SB Project launched by xTom


    Information is available at https://dns.sb/


    DoT

    Hosted By:

    xTom

    IP Address (Anycast):

    185.222.222.222 or 185.184.222.222

    2a09:: or 2a09::1

    TLS Port:

    853

    Hostname:

    dns.sb

    SPKI pin(s):

    /qCm+kZoAyouNBtgd1MPMS/cwpN4KLr60bAtajPLt0k=
    (Expiry Date: Thursday, March 18, 2021)

    DoH

    URL:

    https://doh.dns.sb/dns-query


    ToS:

    https://dns.sb/tos/

    Privacy:

    https://dns.sb/privacy/

  3. Secure DNS Project by PumpleX

    Hosted in the UK OVH 

    No Logging / Ad-Blocking 

    Information at https://dns.oszx.co


    DoT: 


    IPv4:

    51.38.83.141

    IPv6:

    2001:41d0:801:2000::d64

    Port:

    853

    Auth Name:

    dns.oszx.co

    SPKI Pin:

    P/Auj1pm8MiUpeIxGcrEuMJOQV+pgPY0MR4awpclvT4=



    DoH:


    Address:

    https://dns.oszx.co/dns-query

    IPv4 Stamp:

    sdns://AgIAAAAAAAAADDUxLjM4LjgzLjE0MYAAC2Rucy5vc3p4LmNvCi9kbnMtcXVlcnk

    IPv6 Stamp:

    sdns://AgIAAAAAAAAAFzIwMDE6NDFkMDo4MDE6MjAwMDo6ZDY0gAALZG5zLm9zenguY28KL2Rucy1xdWVyeQ



    DNSCrypt v2:


    Address:

    2.dnscrypt-cert.oszx.co

    Port:

    5353

    IPv4 Stamp:

    sdns://AQIAAAAAAAAAETUxLjM4LjgzLjE0MTo1MzUzIMwm9_oYw26P4JIVoDhJ_5kFDdNxX1ke4fEzL1V5bwEjFzIuZG5zY3J5cHQtY2VydC5vc3p4LmNv

    IPv6 Stamp:

    sdns://AQIAAAAAAAAAHDIwMDE6NDFkMDo4MDE6MjAwMDo6ZDY0OjUzNTMgzCb3-hjDbo_gkhWgOEn_mQUN03FfWR7h8TMvVXlvASMXMi5kbnNjcnlwdC1jZXJ0Lm9zenguY28