Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hosted byIP addressesTLS PortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
TLSA record publishedLoggingSoftwareNotes
1) The following are currently enabled in the default Stubby config file because they are run by the stubby/getdns developers and have no known issues.
Sinodun/Surfnet145.100.185.15
2001:610:1:40ba:145:100:185:15
853
443
dnsovertls.sinodun.com62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
YTraffic volume onlyHAProxy + BIND 9.12See https://www.sinodun.com/recursive-operator-privacy-statement-rps/
Sinodun1/Surfnet145.100.185.16
2001:610:1:40ba:145:100:185:16
853
443
dnsovertls1.sinodun.comcE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
YTraffic volume onlyNginx + BIND 9.12See https://www.sinodun.com/recursive-operator-privacy-statement-rps/
getdnsapi.net185.49.141.37
2a04:b900:0:100::37
853getdnsapi.netfoxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=

YTraffic volume onlyUnbound

...

Hosted byIP addressesTLS PortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
TLSA record publishedLoggingSoftwareNotes
UncensoredDNS89.233.43.71 
2a01:3a0:53:53::0
853unicast.censurfridns.dkwikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs=
(also see this file for a full set of pins)
YTraffic volume only
See https://blog.uncensoreddns.org/

Fondation RESTENA
(NREN for Luxemburg)

158.64.1.29
2001:a18:1::29

853kaitain.restena.lu7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4=
Traffic volume onlyUnboundConfigured with qname-minimisation, use-caps-for-id, aggressive-nsec,

prefetch, harden-below-nxdomain and the newest auth-zone for local root
zone caching.

Sinodun3/Surfnet145.100.185.18
2001:610:1:40ba:145:100:185:18
853dnsovertls3.sinodun.com5SpFz7JEPzF71hditH1v2dBhSErPUMcLPJx1uk2svT8=YTraffic volume onlyHAProxy + BIND 9.12Supports TLS 1.3 and TLS 1.2. Our initial stability problems are solved... see here for details.See https://www.sinodun.com/recursive-operator-privacy-statement-rps/
Sinodun4/Surfnet145.100.185.17
2001:610:1:40ba:145:100:185:17
853dnsovertls2.sinodun.comNAXBESvpjZMnPWQcrxa2KFIkHV/pDEIjRkA3hLWogSg=YTraffic volume onlyKnot ResolverSee https://www.sinodun.com/recursive-operator-privacy-statement-rps/
dkg199.58.81.218
2001:470:1c:76d::53
853 443dns.cmrg.net3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=
5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=

NoneKnot ResolverSee https://dns.cmrg.net/ Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here.Has some issues with DNSSEC responses - this is under investigation.
Lorraine Data Network80.67.188.188
2001:913::8
853
443

WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM=
Traffic volume onlystunnel 4 + BINDSee https://ldn-fai.net/serveur-dns-recursif-ouvert/ (note, logging of IP address at stunnel no longer performed).
A self-signed certificate is used, so SPKI pinning is must be used.
dns.neutopia.org89.234.186.112
2a00:5884:8209::2
853
443
dns.neutopia.orgwTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI=
No loggingKnot resolver
BlahDNS108.61.201.119
2001:19f0:7001:1ded:5400:01ff:fe90:945b

853
443

dot-jp.blahdns.com

No logging

https://blahdns.com/

NOTE1: Located in Japan. Also does DoH.
NOTE2: Note that port 443 REQUIRES an authentication name

UPDATED 22nd JAN 2018: note the authentication name has changed

BlahDNS159.69.198.101
2a01:4f8:1c1c:6b4b::1

853
443

dot-de.blahdns.com

No logging

https://blahdns.com/

NOTE1: Located in Frankfurt. Also does DoH.
NOTE2: Note that port 443 REQUIRES an authentication name

Go6Lab2001:67c:27e4::35853privacydns.go6lab.sig5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw=
No loggingUnbound
Secure DNS Project by PumpleX51.38.83.141
2001:41d0:801:2000::d64
853dns.oszx.coP/Auj1pm8MiUpeIxGcrEuMJOQV+pgPY0MR4awpclvT4=
No logging
https://dns.oszx.co
NOTE1: Also does DoH and dnscrypt
NOTE2: Performs ad blocking
Foundation for Applied Privacy146.255.56.98
2a01:4f8:c0c:83ed::1

853
443

dot1.applied-privacy.net
YOnly aggregated logging, no PIIunbound

DETAILS UPDATED 14th Sep 2020

https://appliedprivacy.net/services/dns/

NOTE: Also does DoH and has an .onion endpoint

ibksturm.synology.me

178.82.102.190

853ibksturm.synology.me

No loggingnginx + unbound

https://github.com/ibksturm/dnscrypt-switzerland

NOTE: Also does DoH and dnscrypt
no filters, opennic root copy

dismail.de

159.69.114.157
2a01:4f8:c17:739a::2 

853fdns2.dismail.deyJYDim2Wb6tbxUB3yA5ElU/FsRZZhyMXye8sXhKEd1w=
No logging
https://dismail.de/info.html#dns
dismail.de80.241.218.68
2a02:c205:3001:4558::1
853fdns1.dismail.deMMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=
No logging
https://dismail.de/info.html#dns

...