Page History
...
| Warning |
|---|
Note that they are experimental offerings with no guarantees on the lifetime of the service, service level provided. The level of logging may also vary (see the individual websites where available). Also note that the single SPKI pins published here for many of these servers are subject to change (e.g on Certificate renewal) and should be used with care!! |
| Info |
|---|
| Tip |
Live monitoring of these servers which can all be validated can be found here.A JSON file with the details of the same subset of servers can be downloaded here.on the Test Server Monitoring page |
| Hosted by | IP addresses | Ports | Hostname for TLS authentication | Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858) | LoggingSupports RFC7766 fully | Software | Notes | |
|---|---|---|---|---|---|---|---|---|
| getdnsapi.net | UPDATED on 13th April 2017! 185.49.141.37 2a04:b900:0:100::37 | 853 | getdnsapi.net | foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= | Traffic volume only.No | Unbound | ||
| Surfnet | 145.100.185.15 2001:610:1:40ba:145:100:185:15 | 853 | dnsovertls.sinodun.com | 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= | Traffic volume only. | No, but does do concurrent Supports TFO | HAProxy + BIND | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
| Surfnet | 145.100.185.16 2001:610:1:40ba:145:100:185:16 | 853 | dnsovertls1.sinodun.com | cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= | Traffic volume only.No, but does do concurrentprocessing of queries | Nginx + BIND | Only listening on TLS on port 853 (no UDP or TCP on port 53) | |
| dkg | 199.58.81.218 2001:470:1c:76d::53 | 853 443 53053 | dns.cmrg.net | 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo= | None.No, but does do concurrent processing of queries. | Knot Resolver | Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here. So if port 853 may be blocked then this is a good option. | |
| OARC | 184.105.193.78 2620:ff:c000:0:1::64:25 | 853 | tls-dns-u.odvr.dns-oarc.net | pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= | Yes - See OARC website | No | Unbound | NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations. |
| Yeti | 2001:4b98:dc2:43:216:3eff:fea9:41a | 853 | dns-resolver.yeti.eu.org | 8jkVGv5GP34E70/tDu+j2vnZ1bikayym2QvF4mkX11g= | Yes - see https://dns-resolver.yeti.eu.org/ | No | Unbound | See https://dns-resolver.yeti.eu.org/ |
| Yeti | 2a00:e50:f15c:1000::2:53 | 853 | yeti-rr.datev.net | QFWn+jgr2FfkRjCw8J77QJbChem3FUGwi9Ntp67SnVg= | Yes(1) - also see https://yeti-rr.datev.netNo | nginx + Unbound | See https://yeti-rr.datev.net | |
| UncensoredDNS | 89.233.43.71 2a01:3a0:53:53:: | 853 | unicast.censurfridns.dk | Traffic volume only. | See https://blog.uncensoreddns.org/ | |||
| Lorraine Data Network | 80.67.188.188 | 853 | Unknown. | https://ldn-fai.net/serveur-dns-recursif-ouvert/ Uses a self-signed certificate, no key published | ||||
Openbsd.se | 78.70.167.74 | 853 | dns-tls.openbsd.se | P7nFIM5ocgBnK3/b4Bclp8yUCJp08YIV9THrTZQTgQ8= | None. | Unbound | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
(1) Since the nameserver is behind a proxy the client IP is not logged inside the nameserver
| Info |
|---|
A configuration file for stubby containing a subset of these servers which can all be validated can be found here. A JSON file with the details of the same subset of servers can be downloaded here. |
