Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IDHosted byIP addressesPortsHostname for TLS
authentication
Base 64 encoded form of SPKI pin(s) for TLS
authentication (RFC7858)
LoggingSoftwareNotes
1getdnsapi.net

UPDATED on 13th April 2017!

185.49.141.37

2a04:b900:0:100::37

853getdnsapi.net

foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=

Traffic volume only.Unbound
2Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

853dnsovertls.sinodun.com

62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=

Traffic volume only.HAProxy + BIND

Only listening on TLS on port 853

(no UDP or TCP on port 53)

3Surfnet

145.100.185.16

2001:610:1:40ba:145:100:185:16

853dnsovertls1.sinodun.com

cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=

Traffic volume only.Nginx + BIND

Only listening on TLS on port 853

(no UDP or TCP on port 53)

4dkg

199.58.81.218

2001:470:1c:76d::53

853

443

53053

dns.cmrg.net

3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=

5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=

None.Knot Resolver

https://dns.cmrg.net/

Note that on port 443 this server can serve both HTTP 1.1 traffic (to securely access the nameserver credentials) on TLS connections and DNS-over-TLS on separate TLS connections due to some nifty, experimental demultiplexing of traffic, described here. So if port 853 may be blocked then this is a good option.

5UncensoredDNS

89.233.43.71 

2a01:3a0:53:53::

853

unicast.censurfridns.dk


Traffic volume only.
See https://blog.uncensoreddns.org/
6securedns.eu

146.185.167.43

2a03:b0c0:0:1010::e9a:3001

853securedns.eusduWN2+EK2c5T/ATd6jqNuc/cdiHAxULzjtPu6CqJR0=None.Unbound

Only listening on TLS on port 853

(no UDP or TCP on port 53)

7Allnetwork
(at KINX, South Korea)
2402:9e80:19::853 (preferred)
103.214.68.144
853dns-tls.allnetwork.krMCMNJ5B/uWd3TOyhQbGOe+PnqYINML29X2bNiTZC9VY=Traffic volume onlyUnbound

UPDATED: As of 1st Oct 2017 this server will no longer be available!

Only listening on TLS on port 853

(no UDP or TCP on port 53)

8dns-tls.bitwiseshift.net

81.187.221.24

2001:8b0:24:24::24

853dns-tls.bitwiseshift.netYmcYWZU5dd2EoblZHNf1jTUPVS+uK3280YYCdz4l4wo=No loggingUnbound

Only listening on TLS on port 853

(no UDP or TCP on port 53)

9Yeti

2001:4b98:dc2:43:216:3eff:fea9:41a

853

dns-resolver.yeti.eu.org

UPDATED on 26th Jun 2017

YxtXAorQNSo+333ko1ctuXcnpMcplPaOI/GCM+YeMQk=

Yes - see https://dns-resolver.yeti.eu.org/UnboundSee https://dns-resolver.yeti.eu.org/
10Lorraine Data Network

80.67.188.188

2001:913::8

853

Logging at stunnelstunnel 4 + BIND

https://ldn-fai.net/serveur-dns-recursif-ouvert/

Uses a self-signed certificate, no key published

11OARC

184.105.193.78

2620:ff:c000:0:1::64:25

853

tls-dns-u.odvr.dns-oarc.net

pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=

Yes - See OARC websiteUnbound

NOTE: As of June 2017 this server does not support Strict Mode because it does not offer the correct cipher suites to match RFC7525 recommendations.

See OARC website

12Go6Lab2001:67c:27e4::35853privacydns.go6lab.sig5lqtwHia/plKqWU/Fe2Woh4+7MO3d0JYqYJpj/iYAw=
Unbound

Only listening on TLS on port 853

(no UDP or TCP on port 53)

...