Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search

DNS Privacy Project

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Hosted by	IP addresses	Ports	Hostname for TLS authentication	Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858)	Logging	Software	Notes
getdnsapi.net	UPDATED on 13th April 2017! 185.49.141.37 2a04:b900:0:100::37	853	getdnsapi.net	foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=	Traffic volume only.	Unbound
Surfnet	145.100.185.15 2001:610:1:40ba:145:100:185:15	853	dnsovertls.sinodun.com	62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=	Traffic volume only.	HAProxy + BIND	Only listening on TLS on port 853 (no UDP or TCP on port 53)
Surfnet	145.100.185.16 2001:610:1:40ba:145:100:185:16	853	dnsovertls1.sinodun.com	cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=	Traffic volume only.	Nginx + BIND	Only listening on TLS on port 853 (no UDP or TCP on port 53)
Surfnet	145.100.185.17 2001:610:1:40ba:145:100:185:17	853	dnsovertls2.sinodun.com	NAXBESvpjZMnPWQcrxa2KFIkHV/pDEIjRkA3hLWogSg=	None	Knot Resolver	Only listening on TLS on port 853 (no UDP or TCP on port 53)
dkg	199.58.81.218 2001:470:1c:76d::53	853 443 53053	dns.cmrg.net	3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=	None.	Knot Resolver	https://dns.cmrg.net/ Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here. So if port 853 may be blocked then this is a good option.
UncensoredDNS	89.233.43.71 2a01:3a0:53:53::	853	unicast.censurfridns.dk		Traffic volume only.		See https://blog.uncensoreddns.org/
securedns.eu	146.185.167.43 2a03:b0c0:0:1010::e9a:3001	853	securedns.eu	sduWN2+EK2c5T/ATd6jqNuc/cdiHAxULzjtPu6CqJR0=	None.	Unbound	Only listening on TLS on port 853 (no UDP or TCP on port 53)
dns-tls.bitwiseshift.net	81.187.221.24 2001:8b0:24:24::24	853	dns-tls.bitwiseshift.net	YmcYWZU5dd2EoblZHNf1jTUPVS+uK3280YYCdz4l4wo=	No logging	Unbound	Only listening on TLS on port 853 (no UDP or TCP on port 53)
Yeti	2001:4b98:dc2:43:216:3eff:fea9:41a	853	dns-resolver.yeti.eu.org	UPDATED on 26th Jun 2017 YxtXAorQNSo+333ko1ctuXcnpMcplPaOI/GCM+YeMQk=	Yes - see https://dns-resolver.yeti.eu.org/	Unbound	See https://dns-resolver.yeti.eu.org/
Lorraine Data Network	80.67.188.188 2001:913::8	853			Logging at stunnel	stunnel 4 + BIND	https://ldn-fai.net/serveur-dns-recursif-ouvert/ Uses a self-signed certificate, no key published
OARC	184.105.193.78 2620:ff:c000:0:1::64:25	853	tls-dns-u.odvr.dns-oarc.net	pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=	Yes - See OARC website	Unbound	NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations. See OARC website
Go6Lab	2001:67c:27e4::35	853	privacydns.go6lab.si	g5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw=		Unbound	Only listening on TLS on port 853 (no UDP or TCP on port 53)
NIC Chile	200.1.123.46 2001:1398:1:0:200:1:123:46	853	dnsotls.lab.nic.cl	sG6kj+XJToXwt1M6+9BeCz1SOj/1/mdZn56OZvCyZZc=	Yes, for research purposes	Unbound	Only TLS. Self-signed certificate, please use SPKI pinning.

...

Powered by Atlassian Confluence 7.3.3, themed by RefinedTheme 7.0.5