Get client's DNS server.
部署
需要的东西:
- 一个域名,例子中使用
dnspy.nat.moe
。 - 一台服务器。
- 将
dnspy.nat.moe
的 A 记录指向服务器。 - 将
test.dnspy.nat.moe
的 NS 记录指向服务器。 - 修改
config.json
内的testhost
值为 (2) 中的域名 (test.dnspy.nat.moe
)。 $ node index.js
- 访问服务器的 8080 端口。
Get client's DNS server.
需要的东西:
dnspy.nat.moe
。dnspy.nat.moe
的 A 记录指向服务器。test.dnspy.nat.moe
的 NS 记录指向服务器。config.json
内的 testhost
值为 (2) 中的域名 (test.dnspy.nat.moe
)。$ node index.js
AppWorks provides 2 main services that ca
AppWorks provides 2 main services that cater to startups in 2 different stages. AppWorks
Accelerator helps seed-stage startups go from 0 to 1. AppWorks Funds provide financing
to help growth-stage startups scale faster. On top of that, our AppWorks School provides
education to talents and prepare them for a thriving career in the startup land.
ter to startups in 2 different stages. AppWorks
Accelerator helps seed-stage startups go from 0 to 1. AppWorks Funds provide financing
to help growth-stage startups scale faster. On top of that, our AppWorks School provides
education to talents and prepare them for a thriving career in the startup land.
那些可以科学上网的DNS和hosts,都是使用的自建或者公共SNI代理。
SNI详细的我也不懂,假如你有一台 海外的服务器 IP为: 233.233.233.233
,上面搭建了 SNI Proxy,并且配置正常并启动。
然后你本地Hosts文件在最后添加一条:
保存Hosts文件并打开浏览器访问 https://www.google.com
,然后你就会发现你可以进入 https://www.google.com
网站了。
233.233.233.233 www.google.com
后,浏览器访问 https://www.google.com
=>> 浏览器搜索Hosts文件发现设置的解析IP(233.233.233.233) =>> 浏览器访问 SNI Proxy(233.233.233.233) =>> SNI Proxy收到信息然后去访问 https://www.google.com
并获取网站数据,然后把网站数据原封不动的返回给你 =>> 浏览器收到 SNI Proxy返回的 网站数据并显示出来 =>> 你看到了 https://www.google.com
网页简单的来说,SNI Proxy 会把请求的网站比如 https://www.google.com
获取并原封不动的返回请求者,不需要对证书进行解密和加密,所以不需要配置证书。
SNI Proxy 可以简单的实现这样的 反向代理功能。
本教程只适用于 Ubuntu 14.04 + 以上版本的系统。
Debian 7 / 8 的安装方法请看随后的文章
第二行代码执行后提示大概如下:
继续安装
SNI Proxy的默认配置文件:/etc/sniproxy.conf
vim的具体使用教程:Linux中VIM编辑器的真 · 简单使用教程
我们可以使用 VIM 等编辑器添加修改,也可以直接用 echo写入文件。
VIM操作简单说明(可选):
然后按 I 键
进入编辑模式,复制下面的内容到配置文件中(手动把 echo -e "和 " > /etc/sniproxy.conf 去掉),然后按 Esc 键
推出编辑模式,然后输入 :wq
保存并退出vi。
下面是 echo 方式直接写入配置文件。
泛反向代理,指的是所有请求 SNI Proxy 的域名都会反向代理。
自定义反向代理,指的是自己指定域名,只有通过这些域名请求 SNI Proxy 的才会反向代理。
比如只设置了 (.*.|)google.com$ *
,那么你只能通过www.google.com、google.com 和其他以 google.com 为主的二级 三级域名
访问SNI Proxy并请求反向代理。其他没有设置的域名都会忽略。
要反向代理什么域名就在 table https_hosts {}
中添加规则,例如 我要反向代理任何以 google.com 为主的二级 三级域名
,那么就写:
这样只要是以 google.com
为主的域名都会被反向代理,比如www.google.com news.google.com mail.google.com
都会反向代理。
启动SNI Proxy后,查看一下 网络连接端口监听情况:
当出现大概如下所示的信息时,代表正常启动并监听端口443,注意最后的sniproxy。
如果没有发现 sniproxy 的监听端口信息,那么看一下是否有其他的进程/服务 占用了 443 端口,如果有的话请关闭后再尝试启动 SNI Proxy。
如果没有异常情况,那么我们就可以使用 SNI Proxy 代理了。
建议在运行 SNIProxy前,执行一下这个命令,作用是提高系统的文件符同时打开数量,对于TCP连接过多的时候系统默认的 1024 就会成为速度瓶颈。
这个命令只有临时有效,重启后失效,如果想要永久有效,请执行:
然后最后再执行一下 ulimit -n 51200
即可。
找到你电脑的Hosts文件,并打开(注意Hosts可能是隐藏文件,需要设置显示出来,还有win10修改Hosts文件需要管理员权限)。
Windows xp / 7 / 10 系统Hosts位置:C:\windows\system32\drivers\etc\hosts
在最后一行添加你要反向代理的网站,比如 www.google.com
其他想要反向代理的域名按这个格式添加(233.233.233.233是你的SNI Proxy服务器IP),当然Hosts设置比较麻烦,而且比如 youtube.com
看视频的话要设置很多 Hosts域名,很麻烦,所以如果只是访问谷歌,那么可以使用这个Hosts方法.
-----------
本教程只适用于 Debian7 / 8 系统,其他系统都不适用。
安装SNI Proxy依赖需要 最少150MB大小的空间,所以请确保你的系统硬盘空闲空间有 300MB。
SNI Proxy 简单的来说是一个 反向代理软件,可以把你的请求原封不动的发送给指定网站,然后再把指定网站返回的数据原封不动的返回给你,目前网上可以 科学上网的Hosts和DNS,都是通过把 谷歌等域名指向 SNI Proxy代理的IP来实现“直连”访问谷歌的,所以在某种程度上,SNI Proxy承担一个流量数据搬运工的作用。
因为 Hosts和DNS科学上网,都必须使用 https 来访问,所以过程都是加密的,而SNI Proxy只会原封不动的把流量转发过去,所以不会去解密(也不能),也就不需要担心安全问题了。
SNI Proxy Github项目:https://github.com/dlundquist/sniproxy
首先为了确保依赖安装正常、完整,我们需要更换系统 软件包源为最新的稳定源 jessie
(本步骤必做,否则很容易出错)。
默认下面的代码是 美国的镜像源,可以更换下面代码 us.sources.list 中的 us
,具体可以看这里。
注意:这个更换 镜像源的步骤,Debian 8、Debian 9 不需要执行,可以直接跳过,Debian 7 必须执行!
然后我们更新软件包列表,并开始安装依赖
最后安装完毕,我们可以用 sniproxy -V
来查看是否安装成功,正常情况下会返回版本号。
安装完毕之后,还需要配置一下配置文件,才能使用,具体看这个教程:一个 反代无需证书 适用于DNS/Hosts的小工具 —— SNI Proxy代理 安装教程
启动:/etc/init.d/sniproxy start(如果运行无反应并没有启动,那么请直接使用 sniproxy 来启动试试)
停止:/etc/init.d/sniproxy stop
重启:/etc/init.d/sniproxy restart
查看状态:/etc/init.d/sniproxy status
配置文件:/etc/sniproxy.conf
通过 dpkg -S sniproxy
命令可以查询 SNI Proxy 的所有安装文件。
建议在运行 SNIProxy前,执行一下这个命令,作用是提高系统的文件符同时打开数量,对于TCP连接过多的时候系统默认的 1024 就会成为速度瓶颈。
这个命令只有临时有效,重启后失效,如果想要永久有效,请执行:
然后最后再执行一下 ulimit -n 51200
即可。
--------------------
需要的程序:
dnscrypt-proxy v2.x
unbound
DNSCrypt-proxy的配置
修改文件/usr/local/etc/dnscrypt-proxy.toml,
127.0.0.1:5353 就是下面 unbound 的配置里 DNSCrypt 的监听地址。
Unbound的配置
修改文件/usr/local/etc/unbound/unbound.conf。没有这个文件的话,一般需要找一下。
软件包里提供的配置 example 文件复制过去。这里列出的仅包含需要修改的部分,
其他的按照默认配置一般没有问题。
num-threads: 2 # 线程数可以修改为物理核心数
interface: 0.0.0.0 # 侦听所有 IPv4 地址
interface: ::0 # 侦听所有 IPv6 地址
# 如果只需要本机使用,则一个 interface: 127.0.0.1 即可
so-rcvbuf: 4m
so-sndbuf: 4m # 本机使用的话,这俩 buf 可以取消注释
so-reuseport: yes # 如果开了多线程,就写 yes
msg-cache-size: 64m # 本机可以设置 4m 或者更小
rrset-cache-size: 128m # 本机可以设置 4m 或者更小
cache-max-ttl: 3600 # 建议设置一个不太大的值...专治各种运营商 DNS 缓存不服
outgoing-num-tcp: 256 # 限制每个线程向上级查询的 TCP 并发数
incoming-num-tcp: 1024 # 限制每个线程接受查询的 TCP 并发数
# 下面这四个不需要解释了吧,不想用那个就写 no
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
tcp-upstream: no # 默认是 no,隧道状态比较稳的话也不需要写 yes。一些情况下强制使用 tcp 连上游的话写 yes
access-control: 0.0.0.0/0 allow # 本机用的话建议设置 127.0.0.0/8 allow,局域网用适当调整
root-hints: "/etc/unbound/root.hints" # 没有的话在 ftp://FTP.INTERNIC.NET/domain/named.cache 下载一份
hide-identity: yes # 不返回对 id.server 和 hostname.bind 的查询。
hide-version: yes # 不返回对 version.server 和 version.bind 的查询。
# 不过下面有 identity 和 version 的自定义选项,不隐藏这些的话,修改下选项还可以卖个萌(´・ω・`)
harden-glue: yes # 建议打开
module-config: "iterator" # 禁用 DNSSEC 检查,如果上游不支持 DNSSEC 就关掉。注意这个选项有可能在其他 include 的文件里
unwanted-reply-threshold: 10000000 # 针对各种网络不服,数值为建议值,具体可以自己修改看看效果
do-not-query-localhost: no # 一般是为了防止扯皮丢包开着,不过等下要用 DNSCrypt 所以关掉
prefetch: yes # 蛮好用的,开着吧
minimal-responses: yes # 省带宽,开着吧。本机用可以关掉
# 关键部分来了,把默认查询全部丢给 DNSCrypt。使用 [地址]@[端口] 指定查询地址和端口,默认端口 53。
# 然后把国内的地址丢给国内的缓存服务器。这两个选项的顺序不能错哟。
# 如果使用隧道查询,把这个地址改为隧道对端的地址,或者一个国外的 DNS 服务器都可以,例如 8.8.8.8。
# 具体看是在对端开 DNS 还是直接用国外的服务器。后者的话,前面 outgoing-interface 可以直接设置隧道本地端的地址,
不过要配合 dnsmasq-china-list 的话,还是写路由表比较合适,否则不够灵活。
include: "/etc/unbound/accelerated-domains.china.unbound.conf"
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
如果需要 edns-client-subnet 支持的话,需要手动编译源码安装。命令:
# 克隆源码
svn co http://unbound.nlnetlabs.nl/svn/branches/edns-subnet/
# 编译安装
./configure --enable-subnet --with-libevent && make && sudo make install
配置文件的格式:
# 默认向所有服务器发送 edns-client-subnet
send-client-subnet: 0.0.0.0/0
如果只对特定权威 DNS 发送 edns-client-subnet 请求,则按照此格式写多行 IP.
----------------------------------------------------
brew install dnscrypt-proxy ,安装完成后,可执行文件为
/usr/local/bin/dnscrypt-proxy
配置文件为/usr/local/etc/dnscrypt-proxy.toml
(如果/usr/local/etc/里面没有dnscrypt-proxy.toml,那么
cp /usr/local/Cellar/dnscrypt-proxy/2.0.19/.bottle/etc/dnscrypt-proxy.toml /usr/local/etc/
nano /usr/local/etc/dnscrypt-proxy.toml
修改后的一些地方:
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
doh_servers = true
require_dnssec = false
require_nolog = true
require_nofilter = true
force_tcp = true
proxy = "socks5://127.0.0.1:1080"
ignore_system_dns = true
修改完成后,你需运行一个本地的socks5代理服务器程序,比如ssh tunnel.
sudo dnscrypt-proxy -config /usr/local/etc/dnscrypt-proxy.toml
Telegram 及其好用的聊天及信息交流工具,除了有高度加密的一对一私聊功能,还可以很方便地组成超大群组,获取特定人群领域的信息。单就聊天和群组而言,实在是比微信好用不少。
微信公众号 我从哲学理念的角度非常厌恶以微信为代表的封闭互联网。将信息圈养在商业的护城河之内在很大程度上掩杀了信息的流动性。而加之其上的言论管制则从进一步使得大众无从经由对观点的自由辩驳认识世界。但是不管怎么说,墙内的世界就是只能看看微信了。
Evernote 利用 Everntoe 的网页插件方便地备份有意思的文章本身。一大好处是日后想要搜索自己看过的某篇文章,可以方便地在自己个人文摘集合里面搜索。另一好处自然就是避免日后文章消失在互联网上再也找不到的风险。Evernote也有免费的全平台全功能开源替代品:Joplin。
以下信息源以墙外为主,我所列出的消息源的任何看法并不代表我的看法,我也不对其中任何阐述负责。墙内新闻的部分可以根据自己喜欢随意从比如人日、央视、头条、观察者、门户网站、公众号、朋友圈等中选择正能量来源。
天上阁(原墙外楼) 这个网站背后是何方势力并不清楚,但是堪称墙外中文网摘平台中平均文章质量最高的信息源之一。许多次我在墙内外别的渠道发现了一篇好文之后过几天都能在这里看到。从这个网站十年间惊人的稳定性和提供了包括Android,iOS客户端等丰富入口的方式来看应该背后有机构或组织支撑。建议使用RSS订阅方式浏览获得最佳体验。很遗憾的是该网站在2018年12月起已经停止更新。
新世纪 NewCenturyNet 是一个品味不错的转发各种财经类文章的博客。每天都能转十来篇,量很大。如果不用RSS订阅直接看网页的话会迷失在博客页面极其垃圾反人类的导航设计中。同样建议使用RSS订阅方式浏览获得最佳体验。
Exploring the World 是一个转发较为精选的时事文章的个人博客。一个月也就十来篇的样子,我觉得选文章的品味也很不错。
Info Aggregator 是另一个品味不错的新闻转发型的聚合型博客。一周的转发量能有二三十篇。原网站的界面也是很烂,强烈建议使用RSS订阅获得更好体验。
蛮族勇士 以从各种官方统计年鉴中直接提取数据进行分析著称。我特别喜欢这种基于(虽然是已经被改得乱七八糟的)实际数据的实证精神。目前的新文章发表在微信公众号上,不过时不时就转世一次。过往文章全集目前在一些文摘网上可以通过使用蛮族勇士作为关键词搜到,比如这个不知道还能活多久的蛮族勇士文章合集。不过蛮族勇士有的时候的分析也是断章取义瞎带节奏,建议多学习他的实证精神,观点要自己思考查证。
端点星 项目是一个专注备份微信、微博等平台被删文章的开源站点。文章总体质量还是相当不错的。在官方的Github页面也提供了大量镜像站点的链接,方便墙内用户免翻墙使用。
扑克投资家 是在财经类新媒体里面我个人最欣赏的一家。相对专注于大宗商品,深度报道的文字比较有质感,订阅微信公众号较为方便。
端媒体 是目前两岸三地我认为深度报道写的最好的独立新闻媒体。端媒体本部在台湾避免了大陆的新闻审查,但是在选题上视野十分广阔,富有人文关怀,完全没有台湾媒体常见的通病。我购买了端媒体的年费会员以阅读其收费的深度报道,并以此表示我对这种难得的真正媒体的支持。
编程随想 是中文博客中致力于开启民智,注重传授思考的工具和方法,而不是试图简单传达观点的教育重镇。如果我只能向一个人推荐一个博客以希望他能学会批判性的思考,那么我会选择这个博客。
中国数字时代 是一个专注于中国内地社会新闻以及政治新闻的网站。
新品葱 目前可以理解为集中讨论墙内无法讨论的政治问题的海外版知乎。目前有着用户群体太小和平均讨论水平较低的问题。但无论如何这里是海外中文互联网难得的没有审查的主题讨论区。
月光博客 是中文互联网世界极其长寿,专注于互联网领域新闻的个人博客。每日一篇的频率在追踪热点和全局视野之间的平衡较好。
湾区日报 每天推送5篇科技领域优质英文文章,并且配有简单的中文评论。如果你想看更多的关于互联网创业方面的优质内容,我强烈推荐湾区日报的这篇索引:湾区日报的文章都是从哪来的?
36氪 是中文高质量的科技创业板块新闻媒体,属于新创业公司必拜的码头之一。
小众软件 在所有帮助你更好的使用软件提高生产效率的中文网站里,小众软件 可以算是久经考验长盛不衰的一家。在这里常能发出“哇原来还有软件能做这个?”的惊叹。
数字尾巴 基本上可以作为平民级别的消费电子选购参考看看。
ChipHell 是比数字尾巴逼格更高土豪更多的消费电子及大宗男性败家选购参考。
知乎每日精选RSS 知乎是一个内容质量泥沙俱下的大粪坑,但是RSS形式的知乎每日精选RSS提供了一个花不到10秒扫一眼就可以了解知乎最近自认为比较优质的内容的方式。该链接需复制到RSS浏览器订阅功能打开才能正常浏览。
Xkcd 是一个长期更新各种以硬核科学知识为笑点的幽默漫画网站。属于和PhdComics类似的把科学性、可读性和幽默结合的极好的表达范本。What-if是xkcd的王牌栏目,每一期都是用数学和物理严格论证一个超大的脑洞想法,非常有趣。有结集出版的中文版图书。
王孟源的部落格 可以说是我最希望我自己的博客在十到二十年内能打磨到的境界。王孟源是清華大學物理系毕业,哈佛物理博士然后在金融界干到退休。现在他的博客里却可以将军事、经济、历史、社会和物理学话题信手拈来,鞭辟入里,举重若轻,真的让我十分羡慕。
Sentry is a DNS proxy that allows you to inspect, block, rewrite, redirect and resolve queries。
You should start up with a basic json config file like this:
{
"port" : 5300,
"host" : "0.0.0.0",
"rules" : [
"resolve ^(.*) using 8.8.4.4, 8.8.8.8"
]
}
The example above tells sentry to:
To run sentry you just need to pass it the config file you created:
$ sentry -c CONFIG
[07/01/2012 06:38:28] [sentry] INFO: using config: sentry.config
[07/01/2012 06:38:28] [sentry.core] INFO: starting, 1 known rules
[07/01/2012 06:38:28] [sentry.net] INFO: Server started on 0.0.0.0:5300
For the prestige, you can use dig to verify sentry is responding to requests:
dig @localhost -p 5300 nytimes.com
Sentry allows you to log, block, rewrite, redirect and resolve queries based upon simple rules that are matched, in order, against the inbound DNS query.
Redirecting a query:
A redirect rule can redirect an inbound requests to nytimes.com to google.com with a CNAME response.
"redirect ^(.*)nytimes.com to google.com"
Now, for the prestige:
$ dig @localhost -p 5300 nytimes.com
; <<>> DiG 9.7.3-P3 <<>> @localhost -p 5300 nytimes.com
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56474
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;nytimes.com. IN A
;; ANSWER SECTION:
nytimes.com. 300 IN CNAME google.com.
;; Query time: 502 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Sun Jul 1 00:37:17 2012
;; MSG SIZE rcvd: 50
Logging a query:
A log rule tells sentry to log an inbound queries matching a certain regular expression
"log ^(.*)google.com"
Blocking a query:
A block rule tells sentry to return an empty response to all queries matching a certain regular expression
"block ^(.*).xxx"
Blocking rules can also be conditional - new!
"block ^(.*).google.com if type is MX"
A few more conditional examples:
"block ^(.*).google.com if type is MX and class is IN"
"block ^(.*).google.com if class is IN"
Resolving a query:
A resolve rule tells sentry to return to resolve all queries matching a certain regular expression using one, or more, upstream DNS servers
""resolve ^(.*)facebook.com using 10.10.1.2 ","
* If you would like your sentry server to resolve all inbound requests you must include at the bottom of your rules list a catch all entry like below:
"resolve ^(.*) using 8.8.4.4, 8.8.8.8"
If you list more than one upstream DNS server, sentry will query all of them in parallel and return the first successful response (new feature on v0.5).
Here's an example of a configuration file including multiple rules:
{
"port" : 5300,
"host" : "0.0.0.0",
"rules" : [
"block ^(.*)youtube.com",
"block ^(.*).xxx",
"log ^(.*)google.com",
"rewrite ^www.google.com to google.com",
"redirect ^(.*)nytimes.com to google.com",
"redirect ^(.*)reddit.com to google.com",
"resolve ^(.*)facebook.com using 10.10.1.2 ",
"resolve ^(.*) using 8.8.4.4, 8.8.8.8"
]
}
Like metrics? Just send sentry a SIGUSR1 posix signal and bam!
sending the signal (replace $PID with sentry's process id):
$ kill -30 $PID
output in the sentry log:
[07/01/2012 00:57:12] [sentry.core] INFO: system stats:
+-------------------------------------+---------------+
| metric | value |
+-------------------------------------+---------------+
| net.bytes_received | 85 |
| net.bytes_sent | 458 |
| net.packets_received | 3 |
| net.packets_sent | 3 |
| requests_pending | 0 |
| requests_total | 3 |
| response_time_msec_avg | 3.07466666667 |
| response_time_msec_max | 4.138 |
| response_time_msec_min | 1.435 |
| uptime | 23.628207922 |
| <class 'sentry.rules.RedirectRule'> | 1 |
| <class 'sentry.rules.LoggingRule'> | 2 |
| <class 'sentry.rules.ResolveRule'> | 2 |
+-------------------------------------+---------------+
[07/01/2012 00:57:12] [sentry.core] INFO: domain stats:
+--------------+---------+
| domain | queries |
+--------------+---------+
| google.com. | 2 |
| nytimes.com. | 1 |
+--------------+---------+
DNS is an inherently lightweight protocol (connection-less, small payload size, etc) so you should be able to handle many hundreds of connections per second in a single tight loop thread (sentry's default mode of operation).
There is however a particular case in which what I just told you is a complete lie: slow upstream servers. If you are getting responses from upstream servers greater than single digits msec you might want to consider increasing the size of Sentry's internal thread pool so more requests are outstanding at once.
Here's an example of a custom thread pool size:
{
"port" : 5300,
"host" : "0.0.0.0",
"threadpool_size" : 4,
"rules" : [
"block ^(.*)youtube.com if type is MX",
"block ^(.*).xxx",
"log ^(.*)google.com",
"rewrite ^www.google.com to google.com",
"redirect ^(.*)nytimes.com to google.com",
"redirect ^(.*)reddit.com to google.com",
"resolve ^(.*)facebook.com using 10.10.1.2 ",
"resolve ^(.*) using 8.8.4.4, 8.8.8.8"
]
}
Sentry comes with a built in benchmark tool that you can use against sentry itself or any other DNS servers. In essence, it's based upon resolving Alexa's top 1M dns names (http://www.alexa.com/topsites).
benchmarking a server running on 127.0.0.1 port 5300 using the top 1000 sites:
$./sentry --benchmark -s 127.0.0.1:53000 -l 1000
sample results:
[03/05/2013 23:52:05] [sentry.benchmark] INFO: results: +------------------------+---------------+ | metric | value | +------------------------+---------------+ | elapsed_time_seconds | 9 | | queries_failed | 26 | | queries_per_second | 11 | | queries_successful | 74 | | response_time_msec_avg | 606.538994892 | | response_time_msec_max | 1007.17687607 | | response_time_msec_min | 472.496032715 | | uptime | 9.07831001282 | +------------------------+---------------+
fromhttps://github.com/rferreira/sentry
最好在virtualenv下进行。版本可能不兼容。
Use dig, drill or kdig to fetch them from any root server into whichever file is used to prime your server, e.g., dig @198.41.0.4 > named.cache
Hints, full zone and trust anchor (KSK) files are available from or via IANA using FTP or HTTPS.
The root DNSSEC KSK (trust anchor) was replaced (rolled) on 11 October 2018 -- originally planned for a year earlier it was postponed for cautionary reasons, see their announcement for details. For most this has been a non-event. ICANN has information for anyone interested, especially those running validating resolvers.
Name | Version | Type |
---|---|---|
BIND | 9.14.3/9.11.8 | authoritative and validating resolver in one |
Cisco Prime Network Registrar DNS | 9.1.1.1 | authoritative and validating resolver |
CoreDNS | 1.5.2 | DNS server written in Go, with service discovery and chaining plugins |
djbdns | 1.05 | authoritative (limited record types supported) and non-validating resolver using distinct programs |
DNRD | 2.20.3 | proxy |
dnscrypt-proxy | 1.9.5 | proxy/forwarder |
dnsdist | 1.3.3 | load balancer, DoT (since 1.3.0), dnscrypt |
dnsmasq | 2.80 | filtering proxy with authoritative abilities |
Dohnut | 4.5.2 | DNS to DoH proxy, load balancer, query fuzzer |
gdnsd | 3.2.0 | authoritative |
Knot DNS | 2.8.2 | authoritative |
Knot Resolver | 4.1.0 | validating resolver |
MaraDNS | 2.0.17 | authoritative |
MaraDNS Deadwood | 3.2.14 | resolver |
NSD | 4.2.1 | authoritative |
NxFilter | 4.3.4.5 | filtering proxy |
pdnsd | 1.2.9a-par | proxy |
Posadis | 0.60.6 | authoritative and resolver in one |
PowerDNS Authoritative | 4.1.10 | authoritative |
PowerDNS Recursor | 4.1.14 | resolver |
SANS | 1.0.1 | authoritative |
Simple DNS Plus | 8.0(110) | authoritative and resolver all in one |
stubby | 0.2.6 | proxy |
systemd-resolved | 240 | optionally validating resolver (part of systemd), also supports DoT, LLMNR and mDNS |
Technitium DNS Server | 4.0(beta) | resolver and proxy supporting optional forwarding via DoH (standard or "JSON") or DoT |
Unbound | 1.9.2 | validating resolver, DoT, dnscrypt |
YADIFA | 2.3.9 | authoritative |
Name | Version | Type |
---|---|---|
adns | 1.5.1 | cli: library that includes some utilities |
BuddyNS Delegation Lab tool | web: visualize and troubleshoot delegation | |
Bulldohzer | 1.1.2 | cli: DNS & DoH latency measurements |
c-ares | 1.15.0 | cli: library that includes some utilities |
delv | cli: lookup and DNSSEC validation (part of BIND 9.10+) | |
dHSM | cli: Distributed Threshold Cryptography HSM | |
dHSM zone signer | cli: Zone signer companion for dHSM by using PKCS11 | |
dig | cli: lookup (part of BIND) | |
DNSBajaj (DNS By Eye) | 0.9.6 | web: check the delegation of your domain by using graphs of dependencies |
DNSDiag | 1.6.4 | cli: diagnostics and performance measurement |
dnsperf/resperf | 2.2.1 | cli: benchmark nameserver performance |
DNSSEC Analyzer | web: Verisign's DNSSEC problem debugger | |
dnssec-failed.org | web: if you can see visit the site your resolver didn't perform DNSSEC validation -- it should show a page saying that but doesn't | |
dnssec-tools.org | 2.2.3 | cli: various DNSSEC tools web: results of data submitted by dnssec-check gui: tray monitor |
dnssectest.net | web: lookup and DNSSEC validation, plus DNSSEC deployment stats | |
DNSstuff | web: domain name analysis | |
DNSViz | 0.8.2 | cli & web: zone visualization (including DNSSEC) |
dnstracer | 1.9 | cli: trace name delegation |
flamethrower | 0.10 | cli: benchmark nameserver performance |
getdnsapi | 1.5.2 | new api to use dns |
Google Public DNS | web: web based resolver | |
intoDNS | web: provides lots of info about a domain (some requires own interpretation) | |
kdig | cli: advanced lookups including DoT (part of Knot DNS) | |
ldns | 1.7.0 | cli: library that includes a lookup tool (drill) that provides even more information than dig |
Namebench | 2.0 | cli: benchmark nameserver performance |
OpenDNSSEC | 2.1.4 | cli: policy-based zone signer with PKCS#11 interface |
PacketQ | 1.4.1 | cli: run sql queries agaist pcap files |
SoftHSM | 2.5.0 | cli: optional companion for OpenDNSSEC. Cryptographic store with PKCS#11 interface |
The Transitive Trust and DNS Dependency Graph Portal | web: graphs of transitive trust and dependencies | |
unbound-host | cli: lookup (part of unbound) | |
Zonemaster | 2019.1.1 | cli+web: zone delegation quality checker |
Note that most registrars provide it for free, though some charge a fee - we don't attempt to enumerate them here.
Provider | Cost | Notes |
---|---|---|
Afraid FreeDNS | free with limits | secondary |
Akamai (Cotendo) | paid | |
Amazon - Route 53 | paid | api, registration |
BuddyNS | free and paid | api |
Cloudflare | free and paid | api, dynamic |
ClouDNS | free and paid tiers | secondary |
DNS Made Easy | paid with free trial | api |
DNSimple | paid | secondary |
Dyn | paid | dynamic, registration |
easyDNS | paid | dynamic (some plans), registration, secondary |
GoDaddy | paid | |
Google - Cloud DNS | paid with free trial | api |
GratisDNS | free | secondary, danish |
Hurricane Electric | free | api, dynamic, limited record types (no dnssec), secondary |
Namecheap | free, free if domain is purchased/renewed (BasicDNS) and paid | dynamic, free has limited record types (no dnssec), secondary (premium only) |
Neustar UltraDNS | paid | api, secondary |
No-IP.com | free and paid | |
NS1 | free and paid | api, secondary |
PUCK | free | secondary only |
Rackspace | free if using other (paid) services | api |
Verisign Managed DNS | paid | |
Verizon ROUTE | paid | api |
Note that most ISPs and some datacenters provide it for free to their customers - we don't attempt to enumerate them here. Beware: some ISPs log and sell their resolver data, and some replace NXDOMAIN with their own server's address(es) to provide their form of safety and/or marketing, some do both.
Also, paid filtering services usually provide customization, so domains or classes of domains can be added or removed from the filters.
Provider | Cost | Notes | Addresses |
---|---|---|---|
Akamai AnswerX | paid | ||
CenturyLink (nee Level 3) | does not officially provide a public resolver though their servers will respond; they have at times provided 'fake' responses - please do not use these addresses |
|
|
Cisco Umbrella (nee OpenDNS) | free and paid | filtering, also on 5353/udp and 5353/tcp, dnscrypt on 443/tcp check/purge entry at their cachecheck tool check their system status (works even if your DNS isn't working) |
Home:
|
CleanBrowsing | free and paid | filtering, also on 5353/udp and 5353/tcp, DoH, DoT, dnscrypt on 8443/tcp | Security Filter (malicious sites):
|
Cloudflare announcement |
free, limited logging, DoH, DoT |
|
|
Comodo Secure DNS | free | filtering |
|
Commons Host | free | DoH only | DoH:
|
DNS-OARC ODVR | free | validating |
|
DNS.WATCH | free | no logging, validating |
|
Dyn Internet Guide | free | filtering, correcting |
|
FreeDNS | free | no logging |
|
Google Public DNS | free | validating, DoH flush a cached entry using their flush cache tool |
|
Norton ConnectSafe | free | filtering, validating, shutting down november 15th 2018 |
|
Neustar DNS Advantage | free | correcting, filtering, validating | Reliability & Performance 1:
|
Quad9 | free | "Secure": filtering, logs only geoloc, does not send ecs, validating, DoT "Unsecured": unfiltered, logs only geoloc, sends ecs, DoT |
"Secure":
|
SafeDNS | paid with free trial |
|
|
SecureDNS | free | validating, no logging, personally supported, DoH, DoT, dnscrypt on 5353/tcp, NameCoin & OpenNIC namespaces |
TLS: CN=securedns.eu/SAN=*.securedns.eu SPKI Pin: h3mufC43MEqRD6uE4lz6gAgULZ5/riqH/E+U+jE3H8g= DoH URL: https://doh.securedns.eu/dns-query DoT Host: dot.securedns.eu |
Verisign Public DNS | free | validating |
|
Yandex.DNS | free and paid | filtering, unfiltered | Basic (unfiltered):
|
Resource | Summary |
---|---|
RFC 1034 | Domain names - concepts and facilities |
RFC 1035 | Domain names - implementation and specification |
IANA DNS Parameters | Compilation of DNS parameters with RFC references |
IANA Protocol Registries | Compilation of protocol registries, including among other things additional DNS and DNSSEC parameter compilations |
Almost all DNS related RFCs | Search rfc-editor.org for dns |
Some DNS related RFCs | Search rfc-editor.org for domain |
An up to date list of Domain Name System RFCs | Maintained by Frederic Cambus |
Relevant Domain Name System RFCs | Maintained by bert hubert |
IANA Domain Name Services | IANA maintains and operates several key aspects of the DNS |
Blogged DNS links listing | Compilation of blogged DNS links from Jan-Piet Mens |
Alternative DNS Servers (Free) | Book written by Jan-Piet Mens |
The topic of #dns on freenode was growing too long, so here is all that info, and more.
This page is also hosted via GitHub with its source code available. Pull requests are welcome!
from http://dns-channel.github.io/#recsrv
-----
AdGuard users can configure any DNS server to be used instead of the system default provided by the router or ISP. In this article you will find a list of popular DNS providers.
AdGuard DNS is an alternative solution for ad blocking, privacy protection, and parental control. It provides the number of necessary protection features against online ads, trackers, and phishing, no matter what platform and device you use.
These servers provide blocking ads, tracking and phishing
Protocol | Address | |
---|---|---|
DNS, IPv4 | 176.103.130.130 and 176.103.130.131 |
Add to AdGuard |
DNS, IPv6 | 2a00:5a60::ad1:0ff and 2a00:5a60::ad2:0ff |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt.default.ns1.adguard.com IP: 176.103.130.130:5443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt.default.ns2.adguard.com IP: [2a00:5a60::ad2:0ff]:5443 |
Add to AdGuard |
DNS-over-HTTPS | https://dns.adguard.com/dns-query |
Add to AdGuard |
DNS-over-TLS | tls://dns.adguard.com |
Add to AdGuard |
These servers provide the Default features + Blocking adult websites + Safe search
Protocol | Address | |
---|---|---|
DNS, IPv4 | 176.103.130.132 and 176.103.130.134 |
Add to AdGuard |
DNS, IPv6 | 2a00:5a60::bad1:0ff and 2a00:5a60::bad2:0ff |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt.family.ns1.adguard.com IP: 176.103.130.132:5443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt.family.ns2.adguard.com IP: [2a00:5a60::bad2:0ff]:5443 |
Add to AdGuard |
DNS-over-HTTPS | https://dns-family.adguard.com/dns-query |
Add to AdGuard |
DNS-over-TLS | tls://dns-family.adguard.com |
Add to AdGuard |
Yandex.DNS is a free recursive DNS service. Yandex.DNS' servers are located in Russia, CIS countries, and Western Europe. Users' requests are processed by the nearest data center which provides high connection speeds.
In "Basic" mode, there is no traffic filtering
Protocol | Address | |
---|---|---|
DNS, IPv4 | 77.88.8.8 and 77.88.8.1 |
Add to AdGuard |
DNS, IPv6 | 2a02:6b8::feed:0ff and 2a02:6b8:0:1::feed:0ff |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.browser.yandex.net IP: 77.88.8.78:15353 |
Add to AdGuard |
In "Safe" mode, protection from infected and fraudulent sites is provided
Protocol | Address | |
---|---|---|
DNS, IPv4 | 77.88.8.88 and 77.88.8.2 |
Add to AdGuard |
DNS, IPv6 | 2a02:6b8::feed:bad and 2a02:6b8:0:1::feed:bad |
Add to AdGuard |
In "Family" mode, protection from infected, fraudulent and adult sites is provided
Protocol | Address | |
---|---|---|
DNS, IPv4 | 77.88.8.3 and 77.88.8.7 |
Add to AdGuard |
DNS, IPv6 | 2a02:6b8::feed:a11 and 2a02:6b8:0:1::feed:a11 |
Add to AdGuard |
Cleanbrowsing is a DNS service which provides customizable filtering. This service offers a safe way to browse the web without inappropriate content.
Blocks access to all adult, pornographic and explicit sites, including proxy & VPN domains and mixed content sites
Protocol | Address | |
---|---|---|
DNS, IPv4 | 185.228.168.168 and 185.228.169.168 |
Add to AdGuard |
DNS, IPv6 | 2a0d:2a00:1::1 and 2a0d:2a00:2::1 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: cleanbrowsing.org IP: 185.228.168.168:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: cleanbrowsing.org IP: [2a0d:2a00:1::]:8443 |
Add to AdGuard |
DNS-over-HTTPS | https://doh.cleanbrowsing.org/doh/family-filter/ |
Add to AdGuard |
Less restrictive than the Family filter, it only blocks access to adult content and malicious and phishing domains
Protocol | Address | |
---|---|---|
DNS, IPv4 | 185.228.168.10 and 185.228.169.10 |
Add to AdGuard |
DNS, IPv6 | 2a0d:2a00:1:: and 2a0d:2a00:2:: |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: cleanbrowsing.org IP: 185.228.168.10:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: cleanbrowsing.org IP: [2a0d:2a00:1::1]:8443 |
Add to AdGuard |
DNS-over-HTTPS | https://doh.cleanbrowsing.org/doh/adult-filter/ |
Add to AdGuard |
Blocks phishing, spam and malicious domains
Protocol | Address | |
---|---|---|
DNS, IPv4 | 185.228.168.9 and 185.228.169.9 |
Add to AdGuard |
DNS, IPv6 | 2a0d:2a00:1::2 and 2a0d:2a00:2::2 |
Add to AdGuard |
DNS-over-HTTPS | https://doh.cleanbrowsing.org/doh/security-filter/ |
Add to AdGuard |
Neustar Recursive DNS is a free cloud-based recursive DNS service that delivers fast and reliable access to sites and online applications with built-in security and threat intelligence.
These servers provide reliable and fast DNS lookups without blocking any specific categories
Protocol | Address | |
---|---|---|
DNS, IPv4 | 156.154.70.1 and 156.154.71.1 |
Add to AdGuard |
DNS, IPv6 | 2610:a1:1018::1 and 2610:a1:1019::1 |
Add to AdGuard |
These servers provide reliable and fast DNS lookups without blocking any specific categories and also prevent redirecting NXDomain (Non-existent Domain) responses to a landing page
Protocol | Address | |
---|---|---|
DNS, IPv4 | 156.154.70.5 and 156.154.71.5 |
Add to AdGuard |
DNS, IPv6 | 2610:a1:1018::5 and 2610:a1:1019::5 |
Add to AdGuard |
These servers provide protection against malicious domains and also include "Reliability & Performance" features
Protocol | Address | |
---|---|---|
DNS, IPv4 | 156.154.70.2 and 156.154.71.2 |
Add to AdGuard |
DNS, IPv6 | 2610:a1:1018::2 and 2610:a1:1019::2 |
Add to AdGuard |
These servers provide blocking access to mature content and also include "Reliability & Performance" + "Threat Protection" features
Protocol | Address | |
---|---|---|
DNS, IPv4 | 156.154.70.3 and 156.154.71.3 |
Add to AdGuard |
DNS, IPv6 | 2610:a1:1018::3 and 2610:a1:1019::3 |
Add to AdGuard |
These servers provide blocking unwanted and time-wasting content and also include "Reliability & Performance" + "Threat Protection" + "Family Secure" features
Protocol | Address | |
---|---|---|
DNS, IPv4 | 156.154.70.4 and 156.154.71.4 |
Add to AdGuard |
DNS, IPv6 | 2610:a1:1018::4 and 2610:a1:1019::4 |
Add to AdGuard |
Cisco OpenDNS is a service which extends the DNS by incorporating features such as content filtering and phishing protection with a zero downtime.
DNS servers with custom filtering that protects your device from malware
Protocol | Address | |
---|---|---|
DNS, IPv4 | 208.67.222.222 and 208.67.220.220 |
Add to AdGuard |
DNS, IPv6 | 2620:119:35::35 and 2620:119:53::53 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.opendns.com IP: 208.67.220.220 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.opendns.com IP: [2620:0:ccc::2] |
Add to AdGuard |
OpenDNS servers that provide adult content blocking
Protocol | Address | |
---|---|---|
DNS, IPv4 | 208.67.222.123 and 208.67.220.123 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.opendns.com IP: 208.67.220.123 |
Add to AdGuard |
Google DNS is a free, global DNS resolution service that you can use as an alternative to your current DNS provider.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 8.8.8.8 and 8.8.4.4 |
Add to AdGuard |
DNS, IPv6 | 2001:4860:4860::8888 and 2001:4860:4860::8844 |
Add to AdGuard |
DNS-over-HTTPS | https://dns.google.com/experimental |
Add to AdGuard |
DNS-over-TLS | tls://dns.google |
Add to AdGuard |
Cloudflare DNS is a free and fast DNS service which functions as a recursive name server providing domain name resolution for any host on the Internet.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 1.1.1.1 and 1.0.0.1 |
Add to AdGuard |
DNS, IPv6 | 2606:4700:4700::1111 and 2606:4700:4700::1001 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | https://dns.cloudflare.com/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | https://dns.cloudflare.com/dns-query |
Add to AdGuard |
DNS-over-TLS | tls://1.1.1.1 |
Add to AdGuard |
Quad9 DNS is a free, recursive, anycast DNS platform that provides high-performance, privacy, and security protection from phishing and spyware. Quad9 servers don't provide a censoring component.
Regular and DNS-over-TLS servers which provide protection from phishing and spyware
Protocol | Address | |
---|---|---|
DNS, IPv4 | 9.9.9.9 and 149.112.112.112 |
Add to AdGuard |
DNS-over-TLS | tls://dns.quad9.net |
Add to AdGuard |
Protocol | Address | |
---|---|---|
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.quad9.net IP: 9.9.9.9:8443 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.quad9.net IP: 149.112.112.9:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.quad9.net IP: [2620:fe::9]:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.quad9.net IP: [2620:fe::fe:9]:8443 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
Protocol | Address | |
---|---|---|
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.quad9.net IP: 9.9.9.10:8443 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.quad9.net IP: 149.112.112.10:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.quad9.net IP: [2620:fe::9]:8443 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.quad9.net IP: [2620:fe::fe:9]:8443 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | dns9.quad9.net:443/dns-query |
Add to AdGuard |
Verisign Public DNS is a free DNS service that offers improved DNS stability and security over other alternatives. Verisign respects users' privacy: it doesn't sell public DNS data to third parties and redirect users' queries to serve them any ads.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 64.6.64.6 or 64.6.65.6 |
Add to AdGuard |
DNS, IPv6 | 2620:74:1b::1:1 or 2620:74:1c::2:2 |
Add to AdGuard |
DNS.WATCH is a fast and free server without logging with a privacy protection feature.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 84.200.69.80 and 84.200.70.40 |
Add to AdGuard |
DNS, IPv6 | 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b |
Add to AdGuard |
Comodo Secure DNS is a domain name resolution service that resolves your DNS requests through worldwide network of DNS servers. Removes excessive ads and protects from phishing and spyware.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 8.26.56.26 and 8.20.247.20 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.shield-2.dnsbycomodo.com IP: 8.20.247.2 |
Add to AdGuard |
Dyn DNS is a free alternative DNS service by Dyn
Protocol | Address | |
---|---|---|
DNS, IPv4 | 216.146.35.35 and 216.146.35.36 |
Add to AdGuard |
OpenNIC DNS is a free alternative DNS service by OpenNIC Project
Protocol | Address | |
---|---|---|
DNS, IPv4 | 185.121.177.177 and 169.239.202.202 |
Add to AdGuard |
DNS, IPv6 | 2a05:dfc7:5::53 and 2a05:dfc7:5353::53 |
Add to AdGuard |
Quad101 is a free alternative DNS service without logging by TWNIC (Taiwan Network Information Center)
Protocol | Address | |
---|---|---|
DNS, IPv4 | 101.101.101.101 and 101.102.103.104 |
Add to AdGuard |
DNS, IPv6 | 2001:de4::101 and 2001:de4::102 |
Add to AdGuard |
Freenom World is a free anonymous DNS resolver by Freenom World
Protocol | Address | |
---|---|---|
DNS, IPv4 | 80.80.80.80 and 80.80.81.81 |
Add to AdGuard |
Fortinet Secure is a free alternative DNS service by FortiGuard
Protocol | Address | |
---|---|---|
DNS, IPv4 | 208.91.112.220 and 80.85.69.54 |
Add to AdGuard |
Safe DNS is a global anycast network which consists of servers located throughout the world — both Americas, Europe, Africa, Australia, and the Far East to ensure a fast and reliable DNS resolving from any point worldwide.
Protocol | Address | |
---|---|---|
DNS, IPv4 | 195.46.39.39 and 195.46.39.40 |
Add to AdGuard |
Strongarm DNS is a DNS service by Strongarm that prevents people from interacting with malicious content
Protocol | Address | |
---|---|---|
DNS, IPv4 | 54.174.40.213 and 52.3.100.184 |
Add to AdGuard |
SafeSurfer DNS is a DNS service by SafeSurfer that protects your device from harmful content
Protocol | Address | |
---|---|---|
DNS, IPv4 | 104.155.237.225 and 104.197.28.121 |
Add to AdGuard |
Captnemo DNS is a server running out of a Digital Ocean droplet in BLR1 region. Maintained by Abhay Rana aka Nemo.
Protocol | Address | |
---|---|---|
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.captnemo.in IP: 139.59.48.222:4434 |
Add to AdGuard |
fvz DNS is a Fusl's public primary OpenNIC Tier2 Anycast DNS Resolver
Protocol | Address | |
---|---|---|
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.dnsrec.meo.ws IP: 185.121.177.177:5353 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.dnsrec.meo.ws IP: 169.239.202.202:5353 |
Add to AdGuard |
Nawala Childprotection DNS is an anycast Internet filtering system that protects children from inappropriate websites and abusive contents.
Protocol | Address | |
---|---|---|
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.nawala.id IP: 180.131.144.144 |
Add to AdGuard |
securedns.eu DNS-over-TLS, DNS-over-HTTPS and DNSCrypt Provider
Protocol | Address | |
---|---|---|
DNS-over-TLS | Hostname: dot.securedns.eu IP: 146.185.167.43:853 and IPv6: [2a03:b0c0:0:1010::e9a:3001]:853 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | Hostname: https://doh.securedns.eu/dns-query IP: 146.185.167.43:443 |
Add to AdGuard |
DNS-over-HTTPS, IPv6 | Hostanme: https://doh.securedns.eu/dns-query IPv6: [2a03:b0c0:0:1010::e9a:3001]:443 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.securedns.eu IP: 146.185.167.43:5353 |
Add to AdGuard |
DNSCrypt, IPv6 | Provider: 2.dnscrypt-cert.securedns.eu IP: [2a03:b0c0:0:1010::e9a:3001]:5353 |
Add to AdGuard |
blahdns (germany) A small hobby ads block dns project with DNS-over-TLS, DNS-over-HTTPS and DNSCrypt support.
Protocol | Address | |
---|---|---|
DNS-over-TLS, IPv4 | Hostname: dot-de.blahdns.com IP: 159.69.198.101 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | Hostname: https://doh-de.blahdns.com/dns-query IP: 159.69.198.101 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.blahdns.com IP: 159.69.198.101:8443 |
Add to AdGuard |
ibksturm DNS-over-TLS, DNS-over-HTTPS and DNSCrypt Testing server by ibksturm. OPENNIC, DNSSEC, No Filter, No Logging
Protocol | Address | |
---|---|---|
DNS-over-TLS, IPv4 | Hostname: ibksturm.synology.me IP: 178.82.102.190 |
Add to AdGuard |
DNS-over-HTTPS, IPv4 | Hostname: https://ibksturm.synology.me/dns-query IP: 178.82.102.190 |
Add to AdGuard |
DNSCrypt, IPv4 | Provider: 2.dnscrypt-cert.ibksturm IP: 178.82.102.190 |
Add to AdGuard |
DNS-over-TLS Provider by switch.ch swiss DNS-over-TLS and Plain DNS Server.
Protocol | Address | |
---|---|---|
DNS, IPv4 | Provider: dns.switch.ch IP: 130.59.31.248 |
Add to AdGuard |
DNS, IPv6 | Provider: dns.switch.ch IPv6: 2001:620:0:ff::2 |
Add to AdGuard |
DNS-over-TLS | Hostname: dns.switch.ch IP: 130.59.31.248 and IPv6: 2001:620:0:ff::2 |
Add to AdGuard |
DNS-over-TLS Provider by dnsprivacy.org List of PUblic DNS-over-TLS Testing Servers.
Protocol | Address | |
---|---|---|
DNS-over-TLS | Provider: Surfnet Hostname dnsovertls.sinodun.com IP: 145.100.185.15 and IPv6: 2001:610:1:40ba:145:100:185:15 |
Add to AdGuard |
DNS-over-TLS | Provider: Surfnet Hostname dnsovertls1.sinodun.com IP: 145.100.185.16 and IPv6: 2001:610:1:40ba:145:100:185:16 |
Add to AdGuard |
DNS-over-TLS | Hostname: getdnsapi.net IP: 185.49.141.37 and IPv6: 2a04:b900:0:100::37 |
Add to AdGuard |
DNS-over-TLS | Provider: UncensoredDNS Hostname unicast.censurfridns.dk IP: 89.233.43.71 and IPv6: 2a01:3a0:53:53::0 |
Add to AdGuard |
DNS-over-TLS | Provider: Fondation RESTENA Hostname kaitain.restena.lu IP: 158.64.1.29 and IPv6: 2001:a18:1::29 |
Add to AdGuard |
DNS-over-TLS | Provider: dkg Hostname dns.cmrg.net IP: 199.58.81.218 and IPv6: 2001:470:1c:76d::53 |
Add to AdGuard |
DNS-over-TLS, IPv4 | Hostname: dns.larsdebruin.net IP: 51.15.70.167 |
Add to AdGuard |
DNS-over-TLS | Hostname dns-tls.bitwiseshift.net IP: 81.187.221.24 and IPv6: 2001:8b0:24:24::24 |
Add to AdGuard |
DNS-over-TLS | Hostname ns1.dnsprivacy.at IP: 94.130.110.185 and IPv6: 2a01:4f8:c0c:3c03::2 |
Add to AdGuard |
DNS-over-TLS | Hostname ns2.dnsprivacy.at IP: 94.130.110.178 and IPv6: 2a01:4f8:c0c:3bfc::2 |
Add to AdGuard |
DNS-over-TLS, IPv4 | Hostname: dns.bitgeek.in IP: 139.59.51.46 |
Add to AdGuard |
DNS-over-TLS | Hostname dns.neutopia.org IP: 89.234.186.112 and IPv6: 2a00:5884:8209::2 |
Add to AdGuard |