Page History
...
| Hosted by | IP addresses | TLS Ports | Hostname for TLS authentication | Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858) | TLSA record published | Logging | Software | Notes |
| UncensoredDNS | 89.233.43.71 2a01:3a0:53:53::0 | 853 | unicast.censurfridns.dk | wikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs= | Y | Traffic volume only | See https://blog.uncensoreddns.org/ | |
Fondation RESTENA | 158.64.1.29 | 853 | kaitain.restena.lu | 7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4= | Traffic volume only | Unbound | Configured with qname-minimisation, use-caps-for-id, aggressive-nsec, prefetch, harden-below-nxdomain and the newest auth-zone for local root | |
| Surfnet | 145.100.185.18 2001:610:1:40ba:145:100:185:18 | 853 | dnsovertls3.sinodun.com | 5SpFz7JEPzF71hditH1v2dBhSErPUMcLPJx1uk2svT8= | Y | Traffic volume only | HAProxy + BIND 9.12 | Supports TLS 1.3 and TLS 1.2. We think our stability problems are solved... see here for details. NOTE: This is using OpenSSL master branch, commit 3e524bf. This is using TLS 1.3 draft-23 revision - you may experience interop problems if your client is using an earlier draft implementation. |
| Surfnet | 145.100.185.17 2001:610:1:40ba:145:100:185:17 | 853 | dnsovertls2.sinodun.com | NAXBESvpjZMnPWQcrxa2KFIkHV/pDEIjRkA3hLWogSg= | Y | Traffic volume only | Knot Resolver | Has some issues with DNSSEC responses - this is under investigation. |
| dkg | 199.58.81.218 2001:470:1c:76d::53 | 853 44353053 | dns.cmrg.net | 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo= | None | Knot Resolver | See https://dns.cmrg.net/ Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here.Has some issues with DNSSEC responses - this is under investigation. | |
| dns.larsdebruin.net (Previously dns1.darkmoon.is) | 51.15.70.167 | 853 | UPDATED on 30 Jan 2018 dns.larsdebruin.net | UPDATED on 30 Jan 2018 AAT+rHoKx5wQkWhxlfrIybFocBu3RBrPD2/ySwIwmvA= | Traffic volume only | Unbound | ||
| securedns.eu | 146.185.167.43 2a03:b0c0:0:1010::e9a:3001 | 853 | dot.securedns.eu | h3mufC43MEqRD6uE4lz6gAgULZ5/riqH/E+U+jE3H8g= | None | HaProxy + Bind | NOTE 1: SecureDNS has support for additional TLDs of OpenNIC, Emercoin, and NamecoinNOTE 2: While both secure.eu and dot.secure.eu are running pin only validation for dot.secure.eu will not work! | |
| dns-tls.bitwiseshift.net | 81.187.221.24 2001:8b0:24:24::24 | 853 | dns-tls.bitwiseshift.net | YmcYWZU5dd2EoblZHNf1jTUPVS+uK3280YYCdz4l4wo= | None | Unbound | ||
| ns1.dnsprivacy.at | 94.130.110.185 2a01:4f8:c0c:3c03::2 | 853 | ns1.dnsprivacy.at | vqVQ9TcoR9RDY3TpO0MTXw1YQLjF44zdN3/4PkLwtEY= | None | Unbound | See https://dnsprivacy.at/ | |
| ns2.dnsprivacy.at | 94.130.110.178 2a01:4f8:c0c:3bfc::2 | 853 | ns2.dnsprivacy.at | s5Em89o0kigwfBF1gcXWd8zlATSWVXsJ6ecZfmBDTKg= | None | Unbound | ||
| dns.bitgeek.in (India) | 139.59.51.46 | 853 | dns.bitgeek.in | FndaG4ezEBQs4k0Ya3xt3z4BjFEyQHd7B75nRyP1nTs= | Traffic volume only | Nginx + BIND | ||
| Lorraine Data Network | 80.67.188.188 2001:913::8 | 853 443 | WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM= | Traffic volume only | stunnel 4 + BIND | See https://ldn-fai.net/serveur-dns-recursif-ouvert/ (note, logging of IP address at stunnel no longer performed). A self-signed certificate is used, so SPKI pinning is must be used. | ||
| dns.neutopia.org | 89.234.186.112 2a00:5884:8209::2 | 853 443 | dns.neutopia.org | wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI= | No logging | Knot resolver | ||
| BlahDNS | 108.61.201.119 2001:19f0:7001:1ded:5400:01ff:fe90:945b | 853 | dns.jp.blahdns.com | No logging | NOTE: Located in Japan. Also does DoH. | |||
| BlahDNS | 217.61.0.97 2a03:a140:10:2461::1 | 853 | dns.de.blahdns.com | No logging | NOTE: Located in Frankfurt. Also does DoH. | |||
| Go6Lab | 2001:67c:27e4::35 | 853 | privacydns.go6lab.si | g5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw= | No logging | Unbound |
Servers with minimal logging/limitations
...
| Hosted by | IP addresses | TLS Ports | Hostname for TLS authentication | Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858) | TLSA record published | Logging | Software | Notes | Go6Lab | 2001:67c:27e4::35 | 853 | privacydns.go6lab.si | g5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw= | Unknown | Unbound|
| NIC Chile dnsotls.lab.nic.cl | 200.1.123.46 2001:1398:1:0:200:1:123:46 | 853 | sG6kj+XJToXwt1M6+9BeCz1SOj/1/mdZn56OZvCyZZc= | Y | Yes, for research purposes | Unbound | Self-signed certificate, use SPKI pinning. | ||||||||
| Yeti | 2001:4b98:dc2:43:216:3eff:fea9:41a | 853 | dns-resolver.yeti.eu.org | UPDATED on 26th Jun 2017 YxtXAorQNSo+333ko1ctuXcnpMcplPaOI/GCM+YeMQk= | Yes, see Yeti website | Unbound | See https://dns-resolver.yeti.eu.org/ | ||||||||
| OARC | 184.105.193.78 2620:ff:c000:0:1::64:25 | 853 | tls-dns-u.odvr.dns-oarc.net | pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= | Yes, see OARC website | Unbound | See OARC website NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations. |
