Page History
...
| Warning |
|---|
Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided. Also note that the single SPKI pins published here for many of these servers are subject to change (e.g on Certificate renewal) and should be used with care!! |
| Hosted by | IP addresses | Hostname for TLS authentication | Base 64 encoded (and hex) form of SPKI pin for TLS authentication (RFC7858) | Supports RFC7766 fully | Software | Notes | ||
|---|---|---|---|---|---|---|---|---|
| getdnsapi.net | 185.49.141.38 2a04:b900:0:100::38 | getdnsapi.net | foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= | No | Unbound | |||
| Surfnet | 145.100.185.15 2001:610:1:40ba:145:100:185:15 | dnsovertls.sinodun.com | oTLTTTTBgXZTN8cLg62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+Npe5Uk3dsFpxGLQ8AoQDPVoMwcBL4= | No, but does do concurrent Supports TFO | HAProxy + BIND | Only listening on TLS on port 853 | ||
| Surfnet | 145.100.185.16 2001:610:1:40ba:145:100:185:16 | dnsovertls1.sinodun.com | ZZtB6wjcxw7p1iTmIZx27jGVTaFUiwyFGerlIoyyQVAcE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= | No, but does do concurrent processing of queries | Nginx + BIND | Only listening on TLS on port 853 | ||
| dkg | 199.58.81.218 | dns.cmrg.net | 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= (DC8387492E3C28E73FCE590A1AD238E9AF5363D3CF283546844DD6D994B8259A) | No, but does do concurrent | Knot Resolver | |||
| OARC | See OARC website | The certificate is self-signed therefore hostname validation is not supported | 184.105.193.78 2620:ff:c000:0:1::64:25 | tls-dns-u.odvr.dns-oarc.net | pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= | No | Unbound | See OARC website |
| Yeti | 2001:4b98:dc2:43:216:3eff:fea9:41a | dns-resolver.yeti.eu.org | pin-sha256="VftYcSCtgKdaHJI/P2mtcBjOt9rRc8KSjNh+cejCEwU=" | No | Unbound | See https://dns-resolver.yeti.eu.org/ |
