Page History
...
ID | Hosted by | IP addresses | Ports | Hostname for TLS authentication | Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858) | Logging | Software | Notes |
---|---|---|---|---|---|---|---|---|
1 | getdnsapi.net | UPDATED on 13th April 2017! 185.49.141.37 2a04:b900:0:100::37 | 853 | getdnsapi.net | foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= | Traffic volume only. | Unbound | |
2 | Surfnet | 145.100.185.15 2001:610:1:40ba:145:100:185:15 | 853 | dnsovertls.sinodun.com | 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= | Traffic volume only. | HAProxy + BIND | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
3 | Surfnet | 145.100.185.16 2001:610:1:40ba:145:100:185:16 | 853 | dnsovertls1.sinodun.com | cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= | Traffic volume only. | Nginx + BIND | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
4 | dkg | 199.58.81.218 2001:470:1c:76d::53 | 853 443 53053 | dns.cmrg.net | 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo= | None. | Knot Resolver | Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here. So if port 853 may be blocked then this is a good option. |
5 | UncensoredDNS | 89.233.43.71 2a01:3a0:53:53:: | 853 | unicast.censurfridns.dk | Traffic volume only. | See https://blog.uncensoreddns.org/ | ||
6 | securedns.eu | 146.185.167.43 2a03:b0c0:0:1010::e9a:3001 | 853 | securedns.eu | sduWN2+EK2c5T/ATd6jqNuc/cdiHAxULzjtPu6CqJR0= | None. | Unbound | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
7 | Allnetwork (at KINX, South Korea) | 2402:9e80:19::853 (preferred) 103.214.68.144 | 853 | dns-tls.allnetwork.kr | MCMNJ5B/uWd3TOyhQbGOe+PnqYINML29X2bNiTZC9VY= | Traffic volume only | Unbound | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
8 | dns-tls.bitwiseshift.net | 81.187.221.24 2001:8b0:24:24::24 | 853 | dns-tls.bitwiseshift.net | YmcYWZU5dd2EoblZHNf1jTUPVS+uK3280YYCdz4l4wo= | No logging | Unbound | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
9 | Yeti | 2001:4b98:dc2:43:216:3eff:fea9:41a | 853 | dns-resolver.yeti.eu.org | UPDATED on 26th Jun 2017 YxtXAorQNSo+333ko1ctuXcnpMcplPaOI/GCM+YeMQk= | Yes - see https://dns-resolver.yeti.eu.org/ | Unbound | See https://dns-resolver.yeti.eu.org/ |
10 | Lorraine Data Network | 80.67.188.188 2001:913::8 | 853 | Logging at stunnel | stunnel 4 + BIND | https://ldn-fai.net/serveur-dns-recursif-ouvert/ Uses a self-signed certificate, no key published | ||
11 | OARC | 184.105.193.78 2620:ff:c000:0:1::64:25 | 853 | tls-dns-u.odvr.dns-oarc.net | pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= | Yes - See OARC website | Unbound | NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations. |
12 | Go6Lab | 2001:67c:27e4::35 | 853 | privacydns.go6lab.si | g5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw= | Unbound | Only listening on TLS on port 853 (no UDP or TCP on port 53) |
(1) Since the nameserver is behind a proxy the client IP is not logged inside the nameserver
...