The community-maintained documentation platform of IPFire

User Tools

Site Tools


List of Public DNS Servers

During the process of dial-in, your ISP usually passes two to four DNS servers to the router or modem for looking up IP addresses. They will be used if you have not set some other DNS servers.

However, it might be possible that these DNS servers are censored, compromised or don't provide DNSSEC validation which makes DNS replies more secure. In case you don't trust your ISPs DNS servers, feel free to use alternate DNS server from the list below.

Operator Location DNSSEC Address(es)
Alternate DNS US aware
US aware
Chaos Computer Club (CCC) DE validating
DE aware
DE aware DK validating
any validating
Comodo Secure DNS US aware
US aware
DNSReactor US aware
US aware
DNS.WATCH DE validating
DE validating
Dyn US aware
US aware
FDN FR aware
FoolDNS DE ???
IT ???
FreeDNS AT aware
AT aware
Google Public Free DNS any validating
any validating
GreenTeamDNS IL ???
IL aware
Hurricaine Electric US aware
Lightning Wire Labs DE validating
Dallas, TX, USA validating
Neustar DNS Advantage US validating
US validating
New Nations DE validating
DE aware
Norton DNS US validating
US validating
OpenDNS US aware
US aware
US aware
puntCAT ES aware
SafeDNS RU aware
RU aware
SkyDNS RU aware
SpeakEasy US aware
US aware
Sprintlink General DNS US aware
US aware
US aware
Verizon (Level 3) any aware
any aware
any aware
any aware
any aware
any aware
Yandex.DNS RU aware
RU aware


DNSSEC Explanation
validating The server is able to validate DNS records.
aware The server is able to provide RRSIG, DNSKEY and DS records, but does not validate any records.
not supported The server doesn't know anything about DNSSEC.

About location and DNSSEC status

The location of the servers has been stated by using GeoIP Tool and the IPFire GeoIP server. However, it might be possible that the location is wrong (or has been changed meanwhile).

The servers that are marked with “any” are using anycasts so that traffic will be routed to the nearest of the many instances that are there on the network.

The DNSSEC status has been enumerated by using this script.

Security Considerations

A DNS server has a very powerful function in network topology. Please keep in mind that it might log your queries (which is a huge information leak).

Further, not all of the DNS servers below return correct answers in any case. Some of them return failures for harmful or malicious sites. Check the operators website for more information on this topic.

For security reasons, it is recommended to use DNS servers which support DNSSEC (i.e. have a green “validating” in the table below), if possible.

1) , 2) , 3) server seemed to be down during testing
Translations of this page?:
en/dns/public-servers.txt · Last modified: 2016/09/22 15:54 by MichaelTremer