Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hosted byIP addressesTLS PortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
TLSA record publishedLoggingSoftwareNotes
UncensoredDNS89.233.43.71 
2a01:3a0:53:53::0
853unicast.censurfridns.dkwikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs=
(also see this file for a full set of pins)
YTraffic volume only
See https://blog.uncensoreddns.org/

Fondation RESTENA
(NREN for Luxemburg)

158.64.1.29
2001:a18:1::29

853kaitain.restena.lu7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4=
Traffic volume onlyUnboundConfigured with qname-minimisation, use-caps-for-id, aggressive-nsec,

prefetch, harden-below-nxdomain and the newest auth-zone for local root
zone caching.

Surfnet145.100.185.18
2001:610:1:40ba:145:100:185:18
853dnsovertls3.sinodun.com5SpFz7JEPzF71hditH1v2dBhSErPUMcLPJx1uk2svT8=YTraffic volume onlyHAProxy + BIND 9.12Supports TLS 1.3 and TLS 1.2. Our initial stability problems are solved... see here for details.
Surfnet145.100.185.17
2001:610:1:40ba:145:100:185:17
853dnsovertls2.sinodun.comNAXBESvpjZMnPWQcrxa2KFIkHV/pDEIjRkA3hLWogSg=YTraffic volume onlyKnot Resolver
dkg199.58.81.218
2001:470:1c:76d::53
853 443dns.cmrg.net3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=
5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=

NoneKnot ResolverSee https://dns.cmrg.net/ Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here.Has some issues with DNSSEC responses - this is under investigation.
Lorraine Data Network80.67.188.188
2001:913::8
853
443

WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM=
Traffic volume onlystunnel 4 + BINDSee https://ldn-fai.net/serveur-dns-recursif-ouvert/ (note, logging of IP address at stunnel no longer performed).
A self-signed certificate is used, so SPKI pinning is must be used.
dns.neutopia.org89.234.186.112
2a00:5884:8209::2
853
443
dns.neutopia.orgwTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI=
No loggingKnot resolver
BlahDNS108.61.201.119
2001:19f0:7001:1ded:5400:01ff:fe90:945b

853
443

dot-jp.blahdns.com

No logging

https://blahdns.com/

NOTE1: Located in Japan. Also does DoH.
NOTE2: Note that port 443 REQUIRES an authentication name

UPDATED 22nd JAN 2018: note the authentication name has changed

BlahDNS159.69.198.101
2a01:4f8:1c1c:6b4b::1

853
443

dot-de.blahdns.com

No logging

https://blahdns.com/

NOTE1: Located in Frankfurt. Also does DoH.
NOTE2: Note that port 443 REQUIRES an authentication name

Go6Lab2001:67c:27e4::35853privacydns.go6lab.sig5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw=
No loggingUnbound
Secure DNS Project by PumpleX51.38.83.141
2001:41d0:801:2000::d64
853dns.oszx.coP/Auj1pm8MiUpeIxGcrEuMJOQV+pgPY0MR4awpclvT4=
No logging
https://dns.oszx.co
NOTE1: Also does DoH and dnscrypt
NOTE2: Performs ad blocking
Foundation for Applied Privacy146.255.56.98
2a01:4f8:c0c:83ed::1

853
443

dot1.applied-privacy.net
YOnly aggregated logging, no PIIunbound

DETAILS UPDATED 14th Sep 2020

https://appliedprivacy.net/services/dns/

NOTE: Also does DoH and has an .onion endpoint

ibksturm.synology.me

178.82.102.190

853ibksturm.synology.me

No loggingnginx + unbound

https://github.com/ibksturm/dnscrypt-switzerland

NOTE: Also does DoH and dnscrypt
no filters, opennic root copy

dismail.de

159.69.114.157
2a01:4f8:c17:739a::2 

853fdns2.dismail.deyJYDim2Wb6tbxUB3yA5ElU/FsRZZhyMXye8sXhKEd1w=
No logging
https://dismail.de/info.html#dns
dismail.de80.241.218.68
2a02:c205:3001:4558::1
853fdns1.dismail.deMMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=
No logging
https://dismail.de/info.html#dns

...