Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hosted byIP addressesPortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
LoggingSoftwareNotes
getdnsapi.net

UPDATED on 13th April 2017!

185.49.141.37

2a04:b900:0:100::37

853getdnsapi.net

foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=

Traffic volume only.Unbound
Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

853dnsovertls.sinodun.com

62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=

Traffic volume only.HAProxy + BIND

Only listening on TLS on port 853

(no UDP or TCP on port 53)

Surfnet

145.100.185.16

2001:610:1:40ba:145:100:185:16

853dnsovertls1.sinodun.com

cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=

Traffic volume only.Nginx + BIND

Only listening on TLS on port 853

(no UDP or TCP on port 53)

dkg

199.58.81.218

2001:470:1c:76d::53

853

443

53053

dns.cmrg.net

3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=

5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=

None.Knot Resolver

https://dns.cmrg.net/

Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here. So if port 853 may be blocked then this is a good option.

OARC

184.105.193.78

2620:ff:c000:0:1::64:25

853

tls-dns-u.odvr.dns-oarc.net

pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=

Yes - See OARC websiteUnbound

NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations.

See OARC website

Yeti

2001:4b98:dc2:43:216:3eff:fea9:41a

853

dns-resolver.yeti.eu.org

8jkVGv5GP34E70/tDu+j2vnZ1bikayym2QvF4mkX11gUPDATED on 26th Jun 2017

YxtXAorQNSo+333ko1ctuXcnpMcplPaOI/GCM+YeMQk=

Yes - see https://dns-resolver.yeti.eu.org/UnboundSee https://dns-resolver.yeti.eu.org/
Yeti2a00:e50:f15c:1000::2:53853yeti-rr.datev.netQFWn+jgr2FfkRjCw8J77QJbChem3FUGwi9Ntp67SnVg=Yes(1) - also see https://yeti-rr.datev.netnginx + UnboundSee https://yeti-rr.datev.net
UncensoredDNS

89.233.43.71 

2a01:3a0:53:53::

853

unicast.censurfridns.dk


Traffic volume only.
See https://blog.uncensoreddns.org/
Lorraine Data Network

80.67.188.188

853

Unknown.

https://ldn-fai.net/serveur-dns-recursif-ouvert/

Uses a self-signed certificate, no key published

Openbsd.se

78.70.167.74

853

dns-tls.openbsd.se

P7nFIM5ocgBnK3/b4Bclp8yUCJp08YIV9THrTZQTgQ8=

None.Unbound

Only listening on TLS on port 853

(no UDP or TCP on port 53)

...