Skip to content

Instantly share code, notes, and snippets.

@InAnimaTe

InAnimaTe/dns.md Secret

Last active June 16, 2025 21:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save InAnimaTe/2ed9250d126c5282371ec9b4d37da8ae to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save InAnimaTe/2ed9250d126c5282371ec9b4d37da8ae to your computer and use it in GitHub Desktop.
Download ZIP
Best DNS Servers
Raw
dns.md

Test Sites

Public DNS Resolvers

Breakdown of the top Public DNS Resolvers and their features, especially as it relates to security.

Cloudflare - "Malware Blocking"

Malware blocking, EDNS, DNSoTLS, DNSSEC

  • 1.1.1.2
  • 1.0.0.2
  • 2606:4700:4700::1112
  • 2606:4700:4700::1002

DoH - "https://security.cloudflare-dns.com/dns-query"

Quad9 - "EDNS Enabled"

Malicious blocking, EDNS, DNSoTLS+DNSCrypt, DNSSEC

  • 9.9.9.11
  • 149.112.112.11
  • 2620:fe::11
  • 2620:fe::fe:11

DoH - https://dns11.quad9.net/dns-query

OpenDNS - Main Resolvers

EDNS, DNSCrypt, DNSSEC, SmartCache (last known good)

  • 208.67.222.222 (resolver1.opendns.com)
  • 208.67.220.220 (resolver2.opendns.com)
  • 2620:119:35::35
  • 2620:119:53::53

Google

EDNS, DNSoTLS, DNSSEC

  • 8.8.8.8
  • 8.8.4.4

Family DNS - Blocking Malware + Adult Content

Cloudflare 1.1.1.1 for Families

  • 1.1.1.3
  • 1.0.0.3
  • 2606:4700:4700::1113
  • 2606:4700:4700::1003

DoH - https://family.cloudflare-dns.com/dns-query

OpenDNS FamilyShield

  • 208.67.222.123
  • 208.67.220.123

DoH - https://doh.familyshield.opendns.com/dns-query

Adguard Family Protection

  • 94.140.14.15
  • 94.140.15.16
  • 2a10:50c0::bad1:ff
  • 2a10:50c0::bad2:ff

DoH - https://family.adguard-dns.com/dns-query

Two Encryption Technologies

DNS over TLS

DNSCrypt

For Android

I've recently started using AdGuard on my Android device. It supports DNS over TLS/HTTPS servers with parallelization.

Here's the servers I use via their Custom Server option:

sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
tls://1.1.1.2
tls://dns11.quad9.net
tls://dns.google

In order, these are:

  1. OpenDNS w/DNSCrypt (see Adguard Known Servers List)
  2. Cloudflare "Block Malicious" DNS-over-TLS
  3. Quad9 Block Malicious, DNSSEC, EDNS DNS-over-TLS
  4. Google DNS-over-TLS
@StevenACoffman
Copy link

StevenACoffman commented Apr 2, 2020

Nice! I always get tangled up trying to pick between dnsmasq, knot-resolver, etc. Any thoughts?

@InAnimaTe
Copy link
Author

InAnimaTe commented Apr 2, 2020

I've got pretty deep experience with dnsmasq which has always been incredibly simple and reliable. I've only just recently heard of knot-resolver and hear its the goto when doing DNSoTLS on Mac. I'll share more when I actually get that working but for now I'm just more focused on ensuring I'm using multiple strong resolvers on my gateways (and possibly finding a way to append/tail on Mac just like resolveconf offers on linux).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment