Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The goal of this page is to provide a high level overview of the current operations and privacy policies and practices (as published in 2019) of some of the larger DNS Privacy service offerings. 

...

Warning

NOTE: An analysis of privacy statements by operators will clearly only provide a snapshot at the time of writing. The page content was last reviewed on 14th 18th Dec 20182019. Please email any corrections to sara@sinodun.com

Operators

Table of Contents

Quad9

UDP/TCP and TLS (port 853) service provided on two addresses:

...

Cloudflare

UDP/TCP and TLS (port 853) service provided on 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111 and 2606:4700:4700::1001.

...

Tor endpoint: https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion

Google

UDP/TCP  and TLS (port 853) service provided on 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888 and 2001:4860:4860::8844.

Policy: https://developers.google.com/speed/public-dns/privacy

OpenDNS

UDP/TCP service provided on 208.67.222.222 and 208.67.220.220 (no IPv6).

...

Policy: https://www.cisco.com/c/en/us/about/legal/privacy-full.html

Comparison

The following tables provides a high-level comparison of the policy and practice statements above and also some observations of practice measured at dnsprivacy.org

...

A question mark indicates no clear statement or data could be located on the issue. A dash indicates the category is not applicable to the service.

Policy

List Item1234567
Redirect NXDOMAINIP address are PIIIP address loggingClear list of what data stored and for how longShare anonymized data with partnersShare identifiable data with partnersShare or sell data to third partiesExceptions to collection for attack analysisnon-profitPartnersCombine DNS data with other data sourcesRedirect NXDOMAINBlock domains
Quad9 SecureYNYYNNYY

IBM
PCH
GCA

NNY
Quad9 UnsecuredYNYYNNYYNNN
Cloudflare

YNYYNNNNAPNICNN?
Cloudflare DoHYNYYNNNNMozilla/
Firefox
NN?
GoogleNY(1)Y???NN?NNN(1)
OpenDNSYYN?YY?N?YN?

(1) Only in temporary logs

Practice

List Item23456

DNSSECEDNS(0) PaddingOOOR

EDNS(0)
Keepalive

Query
Name Minimization

Send

ECS

Respect client ECSLocal root zoneAuth Domain NameSPKI pinsetJuristdiction
(TBD) 
Obtaining consent
(TBD) 
Quad9 SecureYNNNNN?NYN

Quad9 UnsecuredNNNNNN?NYN

Cloudflare

YYYNYN-YYN

Cloudflare DoHYYYNYN-Y--

GoogleYNYNNYYNYN

OpenDNSN---????--

...