List of Public DNS Servers

This is a list of publicly available DNS servers suitable for use with IPFire. They are operated by many different organisations in many different countries. Please consider carefully which ones you would like to use.

DNS Servers that support UDP/TCP

Operator	Address(es)	Hostname
Anycast
censurfridns.dk	91.239.100.100	anycast.uncensoreddns.org
	2002:d596:2a92:1:71:53::
Cloudflare	1.1.1.1	one.one.one.one
	1.0.0.1
	2606:4700:4700::1111
	2606:4700:4700::1001
dns.sb	185.222.222.222	dot.sb
	45.11.45.11
	2a09::
	2a11::
Google Public Free DNS	8.8.8.8	dns.google
	8.8.4.4
Germany (DE)
Lightning Wire Labs	81.3.27.54	recursor01.dns.ipfire.org
	2001:678:b28::54
	81.3.27.54	recursor01.dns.lightningwirelabs.com
	2001:678:b28::54
DNS-GA	88.99.98.111	dns1.dns-ga.de
	2a01:4f8:221:e54::2
	217.160.166.161	dns2.dns-ga.de
	2001:8d8:820:3a00::b:c47
	138.201.81.119	dns3.dns-ga.de
	2a01:4f8:172:1d2a::2
	159.69.46.85	dns7.dns-ga.de
	2a01:4f8:c0c:e514::1
Denmark (DK)
censurfridns.dk	89.233.43.71	unicast.uncensoreddns.org
	2a01:3a0:53:53::
France (FR)
French Data Network (FDN)	80.67.169.12
	80.67.169.40
	2001:910:800::12
	2001:910:800::40
Netherlands (NL)
Freenom World	80.80.80.80
	80.80.81.81
United Kingdom (UK)
DNS-GA	213.171.203.115	dns6.dns-ga.de
United States (US)
Comcast / Xfinity	75.75.75.75
	75.75.76.76
Verisign	64.6.64.6
	64.6.65.6
DNS-GA	5.161.95.21	dns4.dns-ga.de
	2a01:4ff:f0:d66::1
	5.78.81.68	dns5.dns-ga.de
	2a01:4ff:1f0:e2f6::1

DNS-over-TLS service

Operator	Address(es)	DNS over TLS Hostname
Anycast
censurfridns.dk	91.239.100.100	anycast.uncensoreddns.org
	2002:d596:2a92:1:71:53::
Cloudflare	1.1.1.1	one.one.one.one
	1.0.0.1
	2606:4700:4700::1111
	2606:4700:4700::1001
Freifunk München e.V.	5.1.66.255	anycast01.ffmuc.net
	2001:678:e68:f000::
	5.1.66.255	dot.ffmuc.net
	2001:678:e68:f000::
dns.sb	185.222.222.222	dns.sb
	185.184.222.222
	2a09::
	2a09::1
Google Public Free DNS	8.8.8.8	dns.google
	8.8.4.4
Austria (AT)
Foundation for Applied Privacy	146.255.56.98	dot1.applied-privacy.net
	2a01:4f8:c0c:83ed::1
Canada (CA)
CMRG DNS	199.58.83.33	dns.cmrg.net
	2001:470:1c:76d::53
Switzerland (CH)
Digitale Gesellschaft Schweiz	185.95.218.42	dns.digitale-gesellschaft.ch
	185.95.218.43
	2a05:fc84::42
	2a05:fc84::43
Germany (DE)
Digitalcourage e.V.	5.9.164.112	dns3.digitalcourage.de
Lightning Wire Labs	81.3.27.54	recursor01.dns.ipfire.org
	2001:678:b28::54
	81.3.27.54	recursor01.dns.lightningwirelabs.com
	2001:678:b28::54
DNS-GA	88.99.98.111	dot.dns-ga.de
	2a01:4f8:221:e54::2
	217.160.166.161
	2001:8d8:820:3a00::b:c47
	138.201.81.119
	2a01:4f8:172:1d2a::2
	159.69.46.85
	2a01:4f8:c0c:e514::1
Denmark (DK)
censurfridns.dk	89.233.43.71	unicast.uncensoreddns.org
	2a01:3a0:53:53::
France (FR)
Neutopia	89.234.186.112	dns.neutopia.org
	2a00:5884:8209::2
Luxembourg (LU)
Restena Foundation	158.64.1.29	kaitain.restena.lu
	2001:a18:1::29
Netherlands (NL)
FlokiNET	185.246.188.51	nl.resolv.flokinet.net
	2a06:1700:3:11::1
GetDNS	185.49.141.37	getdnsapi.net
	2a04:b900:0:100::37
United Kingdom (UK)
DNS-GA	213.171.203.115	dns6.dns-ga.de (dot.dns-ga.de)
Romania (RO)
FlokiNET	185.247.225.17	ro.resolv.flokinet.net
	2a06:1700:0:36::1
United States (US)
DNS-GA	5.161.95.21	dot.dns-ga.de
	2a01:4ff:f0:d66::1
	5.78.81.68
	2a01:4ff:1f0:e2f6::1

DNS providers that are not recommended

These providers are not recommended for use with IPFire because they do not support DNSSEC or tamper with DNS traffic in another way, such as filtering advertisement, malware or porn. While there is a legitimate use-case for the latter, such filtering breaks DNSSEC, being indistinguishable from an adversary from a technical point of view.

Operator	IP Addresses
Adfree.world	139.99.176.64
Cleanbrowsing	2a0d:2a00:1::2 / 185.228.168.9, 2a0d:2a00:2::2 / 185.228.169.9
DNS for Family	94.130.180.225 / 2a01:4f8:1c0c:40db::1, 78.47.64.161 / 2a01:4f8:1c17:4df8::1, dns-dot.dnsforfamily.com, https://dns-doh.dnsforfamily.com/dns-query
Comodo Secure DNS	8.26.56.26, 8.20.247.20
dnsforge.de	176.9.93.198, 176.9.1.117, 2a01:4f8:151:34aa::198, 2a01:4f8:141:316d::117
Nuernberg Internet Exchange (N-IX)	194.8.57.12
OpenDNS (Hosted Blacklists)	208.67.222.222, 208.67.220.220, 208.67.220.222, 208.67.222.220
Quad 9	9.9.9.9, 149.112.112.112, 9.9.9.10, 149.112.112.10
SWITCH (Hosted Blacklists)	130.59.31.248 / 2001:620:0:ff::2, 130.59.31.251 / 2001:620:0:ff::3
Yandex.DNS	77.88.8.88, 77.88.8.2
SafeDNS	195.46.39.39, 195.46.39.40
Level 3 / CentryLink / Verizon	4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6
SkyDNS	193.58.251.251
New Nations	5.45.96.220

About location and DNSSEC status

The location of the servers has been stated by using the IPFire Location database. However, it might be possible that the location is wrong (or has been changed meanwhile).

The servers that are marked with "Anycast" are using anycasts so that traffic will be routed to the nearest of the many instances that are there on the network. Thereof the exact location of the server(s) cannot be determined. Worse, different configurations of Anycast instances cannot be determined reliable.

Security and Privacy Considerations

A DNS server has a very powerful function in network topology. Please keep in mind that it might log your queries (which is a huge information leak).

Further, not all of the DNS servers listed above return correct answers in any case. Some of them return failures for harmful or malicious sites. Check the operators website for more information on this topic.

For security reasons, it is required to use DNS servers which support DNSSEC. For privacy and availability reasons, avoid using just one providers' DNS servers.

Links

• Anycast DNS: What, Why and How
• What is Anycast DNS? | How Anycast Works With DNS