The following are services that have been announced by large organisations - they support DNS Privacy on anycast networks.
A list of experimental DOT test servers (including those run by the Stubby developers) is available on the Test Servers page.
DNS-over-TLS (DOT)
Details are provided in the Stubby config file for users who want to enable them.
| Hosted by | IP addresses | TLS Ports | Hostname for TLS authentication | Base 64 encoded form of SPKI pin(s) for TLS authentication (RFC7858) | Notes | |||
|---|---|---|---|---|---|---|---|---|
| Quad9 'secure' | 9.9.9.9 | 853 | dns.quad9.net | Quad9 do NOT publish or recommend use of SPKI pins with their servers. | See https://quad9.net and their FAQ for details of privacy, logging and filtering policies on the main and alternative addresses(1). UDP and TCP service are also available on these addresses. | |||
| Quad9 'insecure' | 9.9.9.10 | 853 | dns.quad9.net | |||||
| Cloudflare | 1.1.1.1 or 1.0.0.1 | 853 | cloudflare-dns.com | Cloudflare do NOT publish or recommend use of SPKI pins with their servers. | https://blog.cloudflare.com/announcing-1111/ And also see https://labs.apnic.net/?p=1127 for details of the APNIC/Cloudflare agreement as mentioned on the Register. UDP and TCP service are also available on these addresses. DNS-over-HTTPS is also available! NOTE: To use this service by name only (i.e resolve the IP from the name) use 1dot1dot1dot1.cloudflare-dns.com. | |||
| CleanBrowsing | Various, see the CleanBrowsing website | 853 | Various, see the CleanBrowsing website | Not published | https://cleanbrowsing.org/privacy This service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer. NOTE: also does DoH. | |||
DNS-over-HTTPS (DOH)
This list seems to be the most up to date list available of DoH severs https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
Details of Cloudflare service and privacy policies:
| Hosted by | URL | Notes | |||||
|---|---|---|---|---|---|---|---|
| Cloudflare | https://developers.cloudflare.com/1.1.1.1/dns-over-https/
| ||||||
| Cloudflare | https://mozilla.cloudflare-dns.com/dns-query | This server is announced as part of the Firefox Nightly shield study. | |||||
| CleanBrowsing | Various, see the CleanBrowsing website | This service provides different end points with different filters (security, family, adult) so visit the website to select the end point with the filter you prefer. | |||||
Google also support DNS-over-HTTPS in two ways
- A small scale experimental service implementing draft-ietf-doh-dns-over-https on https://dns.google.com/experimental
- A proprietary service using a JSON format, see https://developers.google.com/speed/public-dns/docs/dns-over-https
1 Comment
Andy
Here is another DOH server with a stronger privacy agreement:
Hosted by:
Cloudflare
URL
https://mozilla.cloudflare-dns.com/dns-query
Notes:
Firefox contracted Cloudflare to set up this DOH server with a strong privacy agreement. This makes it different to the other DOH server of Cloudflare that does not have "mozilla" in its URL.
Privacy agreement at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
More information at https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/