# Free Public DNS resolver list (public DNS servers)



## drmike

Now that Level 3 supposedly is capturing and redirecting folks to their search monetization page on failed lookups, thought it was a good time to introduce other DNS resolver / DNS server options.

*Opennic* - http://www.opennicproject.org/

Different locations all over.  Ran by members.  Many have no logging of queries. THIS IS WHAT I AM NOW USING.

*He.net*, you know the bandwidth provider and IPv6 company 

ordns.he.net or 74.82.42.42

*Level 3* 4.2.2.1 4.2.2.2 4.2.2.3 4.2.2.4  209.244.0.3 209.244.0.4

Long used and easy to remember.  Now doing the same search redirection on failed lookups as others are.

*OpenDNS *208.67.222.222 208.67.220.220

Innovative  DNS company with advanced features like family friendly DNS filtering.  Downside is they do the redirect / fake IP on failed lookup that search redirects.

*Comodo Secure DNS *8.26.56.26 8.20.247.20

SecureDNS references a real-time block list (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, and parked domains that may contain excessive advertising including pop-up and/or pop-under advertisements, etc.) and will warn you whenever you attempt to access a site containing potentially threatening content. Additionally, our 'name cache invalidation' solution signals the Comodo Secure DNS recursive servers whenever a DNS record is updated - fundamentally eliminating the concept of a TTL.

*They do the DNS redirect BS too... blah.*

*Norton.com*
Security
198.153.192.40
198.153.194.40
Security and Pornography
198.153.192.50
198.153.194.50
Security, Pornography and "Non-Family Friendly"
198.153.192.60
198.153.194.60

*Google* 8.8.8.8 8.8.4.4

Hazards: Google's all-knowing policy and single login + capturing your wifi details isn't for fun.  It's about total tracking and monetization of you as the product. I avoid the Google DNS offering.

*Your own ISP... *Don't do it typically.   They are likely selling, reusing the data, etc.  Plus their DNS often is less than great on performance and reliability.


----------



## Mun

you forgot ordns from he.net.

Mun


----------



## DomainBop

http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm


----------



## drmike

Mun said:


> you forgot ordns from he.net.
> 
> Mun


Link for Ordns offering?  Looking in search and not finding it.


----------



## scott2020

Norton DNS also has a service like comodo.

From Wikipedia and dns.norton.com

Security

198.153.192.40
198.153.194.40
 Security and Pornography

198.153.192.50
198.153.194.50
 Security, Pornography and "Non-Family Friendly"

198.153.192.60
198.153.194.60

Use the resolver IP based on what level of security or filtering you are needing.


----------



## budi1413

So @drmike, which one do you use?


----------



## drmike

budi1413 said:


> So @drmike, which one do you use?


I've long used Level 3's   But that's coming to an end....

Comodo Secure DNS sounds interesting.

HE's offering might fit the bill, if I can find it....


----------



## sleddog

opennic - http://www.opennicproject.org/


----------



## drmike

I remember seeing Opennic a long time ago @sleddog.  Thank you for bringing that project back to mind.

Anonymous logs/no logging of DNS queries (depending on server).   That's more my speed.


----------



## mojeda

drmike said:


> Link for Ordns offering?  Looking in search and not finding it.


Don't think there's an actual page for it but it is ordns.he.net or 74.82.42.42


----------



## bizzard

I have been a fan of OpenDNS for a longtime and it worked good. Using their filtered DNS IP's 208.67.220.123 and 208.67.222.123 at home to keep myself and my brothers away from porn  and their default ones at office and the place where I stay.

I hate the redirection at times. Got introduced to the OpenNIC project few days ago and trying those out. The downside I see is that the IP's are't as easy to remember, when compared to Google DNS or OpenDNS.


----------



## wlanboy

Still stick with the ones of google. They are updating my domains quite fast.


----------



## Magiobiwan

If you don't want anyone tracking you, set up your own local recursive resolver (restricted so its not open; of course).


----------



## Mun

Magiobiwan said:


> If you don't want anyone tracking you, set up your own local recursive resolver (restricted so its not open; of course).



Means nothing, there still needs to be another lookup process done to an upper level resolver.

Mun


----------



## drmike

Mun said:


> Means nothing, there still needs to be another lookup process done to an upper level resolver.
> 
> Mun


True.

What you need to do is aggregate lookups.  Plug them into active IPs doing lookups across multiple randomized DNS servers.


----------



## terafire

Thanks @drmike! I was looking for something like this


----------



## drmike

Keep them coming folks.   I'll rearrange the list in a bit.   

Will try to work with Mann to get a list of these reference resources socked away for long term reuse.

I think vpsBoard needs a wiki or something to highlight key stuff.


----------



## adly

Would people be interested in a free (maybe anycast?) resolver service?

--Adam


----------



## drmike

admdly said:


> Would people be interested in a free (maybe anycast?) resolver service?
> 
> --Adam


Always good to have options.  Make sure the service has clear ToS + Privacy Policy.  No logging.   Hey logs just slow things down anyways and provides a government interest pile / attack vector.


----------



## noen

Powertech (Norwegian ISP) offers public DNS servers, both IPv4 and IPv6:

195.159.0.100
195.159.0.200

2001:840:0:100::1
2001:840:0:200::1

More (norwegian) info here: http://www.powertech.no/bedrift/powertechs-dns-servere/

Maybe not the best alternative from around the world, but still works 
I prefer them over my own ISP's DNS-servers..


----------



## ebhakt

List of public DNS servers:

and

Steps to Configure a Windows based PC with DNS Servers of choice in the TCP/IP stack:

 

http://www.skar.us/thepost/system_admin/isp-watch/list-of-public-dns-servers/


----------



## drmike

ebhakt said:


> List of public DNS servers:
> 
> and
> 
> Steps to Configure a Windows based PC with DNS Servers of choice in the TCP/IP stack:
> 
> 
> 
> http://www.skar.us/thepost/system_admin/isp-watch/list-of-public-dns-servers/


404 error for that link... Try again.


----------



## dano

Just started using a couple of my own VPS's as recursive DNS now -- one in Dallas & one in Northern VA, so I should be ok on either route. Locked it down via Iptables and PowerDNS to only allow my current IP on my wan router to be able to recurse off of it -- prolly need a better solution, but I haven't quite figured out exactly how-to make it automated, yet.


----------



## tchen

Maybe I missed it, but how does opennicproject actually deal with rogue or compromised DNS servers?


----------



## wlanboy

tchen said:


> Maybe I missed it, but how does opennicproject actually deal with rogue or compromised DNS servers?


Not at all:



> Code:
> 
> 
> There should be no doubt in anyone's mind that OpenNIC is just that
> (like many F/OSS projects):
> A hobby network, borne on the shoulders of volunteers who work on
> OpenNIC projects because it's something that interests them.





> Code:
> 
> 
> If OpenNIC were to become a legalized entity, then OpenNIC as a organization
> would need to exercise due diligence to ensure that its servers weren't
> compromised or malicious.  But at this point in time (and in the foreseeable future),
> it's pretty much "user beware."  Just as most F/OSS...


----------



## drmike

Opennic does concern me.

Their 2nd tier public server count has fallen quickly lately.  Was 55, and now 42 at last check.  

I've had 3 servers I've plucked suddenly go away.  Way too much churn.


----------



## tchen

Thanks wlanboy.  I looked more closely into it as well.  Tier 2 servers are currently NOT audited.  Going by the T2 list, I've only come across one person I'd even remotely trust after tracerouting the IP and verifying whois, LinkedIn, etc.

drmike's list (from the other thread) had one from a university student who's dropped off the T2 list - who's obviously having technical difficulties keeping the server alive.  It's been popping in and out and the few times I was able to get a dig on it, was returning slightly off results. 

I like the idea, but I can't bring myself to use it as-is.  I wish them the best of luck.


----------



## wlanboy

tchen said:


> I like the idea, but I can't bring myself to use it as-is.  I wish them the best of luck.


Me too but that is all about why we have to pay for SSL.

Open communities chain of trust doesn't work all the time.


----------



## Echelon

One tool I'd like to toss out there if you guys haven't heard of it as well is namebench, for benchmarking dns servers. Helps you find ones that will serve you best.

Just keep in mind that some CDNs will base the server they direct you on the DNS server that the request is received from, so your mileage may vary on CDN content.

https://code.google.com/p/namebench/


----------



## AuroraZero

*Opennic* - http://www.opennicproject.org/ trying some of these now. Probably will not make much difference on my shitty connection but you never know.


----------



## jebat_ks

Anyone using OpenNIC on their server? Is it reliable(in term of uptime & performance)?

I always use Google with OpenDNS as failover. But might not want big brother anywhere near my *** box


----------

