Skip to content

Instantly share code, notes, and snippets.

@InAnimaTe

InAnimaTe/dns.md Secret

Last active Aug 28, 2020
Embed
What would you like to do?
Best DNS Servers

Public DNS Resolvers

Breakdown of the top Public DNS Resolvers and their features, especially as it relates to security.

Cloudflare - "Malware Blocking"

Malware blocking, EDNS, DNSoTLS, DNSSEC

  • 1.1.1.2
  • 1.0.0.2

Quad9 - "EDNS Enabled"

Malicious blocking, EDNS, DNSoTLS+DNSCrypt, DNSSEC

  • 9.9.9.11
  • 149.112.112.11

OpenDNS - Main Resolvers

EDNS, DNSCrypt, DNSSEC, SmartCache (last known good)

  • 208.67.222.222 (resolver1.opendns.com)
  • 208.67.220.220 (resolver2.opendns.com)

Google

EDNS, DNSoTLS, DNSSEC

  • 8.8.8.8
  • 8.8.4.4

Two Encryption Technologies

DNS over TLS

DNSCrypt

For Android

I've recently started using AdGuard on my Android device. It supports DNS over TLS/HTTPS servers with parallelization.

Here's the servers I use via their Custom Server option:

sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
tls://1.1.1.2
tls://dns11.quad9.net
tls://dns.google

In order, these are:

  1. OpenDNS w/DNSCrypt (see Adguard Known Servers List)
  2. Cloudflare "Block Malicious" DNS-over-TLS
  3. Quad9 Block Malicious, DNSSEC, EDNS DNS-over-TLS
  4. Google DNS-over-TLS
@InAnimaTe

This comment has been minimized.

Copy link
Owner Author

@InAnimaTe InAnimaTe commented Apr 1, 2020

@InAnimaTe

This comment has been minimized.

Copy link
Owner Author

@InAnimaTe InAnimaTe commented Apr 1, 2020

See these for information on setting up more secure resolving on Mac:

@InAnimaTe

This comment has been minimized.

Copy link
Owner Author

@InAnimaTe InAnimaTe commented Apr 1, 2020

For performance information, see https://www.dnsperf.com/

@StevenACoffman

This comment has been minimized.

Copy link

@StevenACoffman StevenACoffman commented Apr 2, 2020

Nice! I always get tangled up trying to pick between dnsmasq, knot-resolver, etc. Any thoughts?

@InAnimaTe

This comment has been minimized.

Copy link
Owner Author

@InAnimaTe InAnimaTe commented Apr 2, 2020

I've got pretty deep experience with dnsmasq which has always been incredibly simple and reliable. I've only just recently heard of knot-resolver and hear its the goto when doing DNSoTLS on Mac. I'll share more when I actually get that working but for now I'm just more focused on ensuring I'm using multiple strong resolvers on my gateways (and possibly finding a way to append/tail on Mac just like resolveconf offers on linux).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.