Experimental DNS Privacy Recursive Servers
The following servers are configured to support TLS on port 853 for testing purposes.
Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided.
| Hosted by | IP addresses | Hostname for TLS authentication | Base 64 encoded (and hex) form of SPKI pin for TLS authentication (RFC7858) | Supports RFC7858 | Supports RFC7766 fully | Software | Notes |
|---|---|---|---|---|---|---|---|
| getdnsapi.net | 185.49.141.38 2a04:b900:0:100::38 | getdnsapi.net | foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= (7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4) | No | No | Unbound | |
| Surfnet | 145.100.185.15 2001:610:1:40ba:145:100:185:15 | dnsovertls.sinodun.com | oTLTTTTBgXZTN8cLg+Npe5Uk3dsFpxGLQ8AoQDPVoMw= (A132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC) | No | No, but does do concurrent Supports TFO | HAProxy + BIND | Only listening on TLS on port 853 |
| Surfnet | 145.100.185.16 2001:610:1:40ba:145:100:185:16 | dnsovertls1.sinodun.com | ZZtB6wjcxw7p1iTmIZx27jGVTaFUiwyFGerlIoyyQVA= (659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150) | No | No, but does do concurrent processing of queries | Nginx + BIND | Only listening on TLS on port 853 |
| dkg | 199.58.81.218 | dns.cmrg.net | 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= (DC8387492E3C28E73FCE590A1AD238E9AF5363D3CF283546844DD6D994B8259A) | No | No, but does do concurrent | Knot Resolver | |
| OARC | See OARC website | Note the current version of getdns will not authenticate this server using the SPKI pin because it uses a self-signed certificate. This will be fixed soon. | Unbound |