This is a list of publicly available DNS servers suitable for use with IPFire. They are operated by many different organisations in many different countries. Please consider carefully which ones you would like to use.
| Operator | Address(es) | Hostname |
|---|---|---|
| Anycast | ||
| censurfridns.dk | 91.239.100.100 | anycast.uncensoreddns.org |
| 2002:d596:2a92:1:71:53:: | ||
| Cloudflare | 1.1.1.1 | cloudflare-dns.com |
| 1.0.0.1 | ||
| 2606:4700:4700::1111 | ||
| 2606:4700:4700::1001 | ||
| dns.sb | 185.222.222.222 | dot.sb |
| 45.11.45.11 | ||
| 2a09:: | ||
| 2a11:: | ||
| Hurricane Electric | 74.82.42.42 | |
| 2001:470:20::2 | ||
| Google Public Free DNS | 8.8.8.8 | dns.google |
| 8.8.4.4 | ||
| Germany (DE) | ||
| Lightning Wire Labs | 81.3.27.54 | recursor01.dns.ipfire.org |
| 2001:678:b28::54 | ||
| 81.3.27.54 | recursor01.dns.lightningwirelabs.com |
|
| 2001:678:b28::54 | ||
| Denmark (DK) | ||
| censurfridns.dk | 89.233.43.71 | unicast.uncensoreddns.org |
| 2a01:3a0:53:53:: | ||
| Spain (ES) | ||
| puntCAT | 109.69.8.51 | |
| France (FR) | ||
| French Data Network (FDN) | 80.67.169.12 | |
| 80.67.169.40 | ||
| 2001:910:800::12 | ||
| 2001:910:800::40 | ||
| Netherlands (NL) | ||
| Freenom World | 80.80.80.80 | |
| 80.80.81.81 | ||
| United Kingdom (UK) | ||
| CyberGhost | 194.187.251.67 | |
| United States (US) | ||
| Alternate DNS | 198.101.242.72 | |
| 23.253.163.53 | ||
| Comcast / Xfinity | 75.75.75.75 | |
| 75.75.76.76 | ||
| CyberGhost | 38.132.106.139 | |
| Neustar DNS Advantage | 156.154.70.1 | |
| 156.154.71.1 | ||
| Sprintlink General DNS | 204.117.214.10 | |
| 199.2.252.10 | ||
| 204.97.212.10 | ||
| Verisign | 64.6.64.6 | |
| 64.6.65.6 | ||
| Operator | Address(es) | DNS over TLS Hostname |
|---|---|---|
| Anycast | ||
| censurfridns.dk | 91.239.100.100 | anycast.uncensoreddns.org |
| 2002:d596:2a92:1:71:53:: | ||
| Cloudflare | 1.1.1.1 | cloudflare-dns.com |
| 1.0.0.1 | ||
| 2606:4700:4700::1111 | ||
| 2606:4700:4700::1001 | ||
| Freifunk München e.V. | 5.1.66.255 | anycast01.ffmuc.net |
| 2001:678:e68:f000:: | ||
| 5.1.66.255 | dot.ffmuc.net |
|
| 2001:678:e68:f000:: | ||
| dns.sb | 185.222.222.222 | dns.sb |
| 185.184.222.222 | ||
| 2a09:: | ||
| 2a09::1 | ||
| Google Public Free DNS | 8.8.8.8 | dns.google |
| 8.8.4.4 | ||
| Austria (AT) | ||
| Foundation for Applied Privacy | 146.255.56.98 | dot1.applied-privacy.net |
| 2a01:4f8:c0c:83ed::1 | ||
| Canada (CA) | ||
| CMRG DNS | 199.58.83.33 | dns.cmrg.net |
| 2001:470:1c:76d::53 | ||
| Switzerland (CH) | ||
| Digitale Gesellschaft Schweiz | 185.95.218.42 | dns.digitale-gesellschaft.ch |
| 185.95.218.43 | ||
| 2a05:fc84::42 | ||
| 2a05:fc84::43 | ||
| Germany (DE) | ||
| Digitalcourage e.V. | 5.9.164.112 | dns3.digitalcourage.de |
| Lightning Wire Labs | 81.3.27.54 | recursor01.dns.ipfire.org |
| 2001:678:b28::54 | ||
| 81.3.27.54 | recursor01.dns.lightningwirelabs.com |
|
| 2001:678:b28::54 | ||
| Denmark (DK) | ||
| censurfridns.dk | 89.233.43.71 | unicast.uncensoreddns.org |
| 2a01:3a0:53:53:: | ||
| Finland (FI) | ||
| Snopyta | 95.216.24.230 | fi.dot.dns.snopyta.org |
| 2a01:4f9:2a:1919::9301 | ||
| France (FR) | ||
| Neutopia | 89.234.186.112 | dns.neutopia.org |
| 2a00:5884:8209::2 | ||
| Luxembourg (LU) | ||
| Restena Foundation | 158.64.1.29 | kaitain.restena.lu |
| 2001:a18:1::29 | ||
| Netherlands (NL) | ||
| FlokiNET | 185.246.188.51 | nl.resolv.flokinet.net |
| 2a06:1700:3:11::1 | ||
| GetDNS | 185.49.141.37 | getdnsapi.net |
| 2a04:b900:0:100::37 | ||
| Surfnet | 145.100.185.17 | dnsovertls2.sinodun.com |
| 145.100.185.18 | dnsovertls3.sinodun.com |
|
| 2001:610:1:40ba:145:100:185:17 | ||
| 2001:610:1:40ba:145:100:185:18 | ||
| Romania (RO) | ||
| FlokiNET | 185.247.225.17 | ro.resolv.flokinet.net |
| 2a06:1700:0:36::1 | ||
| United States (US) | ||
| Comcast / Xfinity (beta) | 96.113.151.145 | dot.xfinity.com |
These providers are not recommended for use with IPFire because they do not support DNSSEC or tamper with DNS traffic in another way, such as filtering advertisement, malware or porn. While there is a legitimate use-case for the latter, such filtering breaks DNSSEC, being indistinguishable from an adversary from a technical point of view.
| Operator | IP Addresses |
|---|---|
| Adfree.world | 139.99.176.64 |
| Cleanbrowsing | 2a0d:2a00:1::2 / 185.228.168.9, 2a0d:2a00:2::2 / 185.228.169.9 |
| DNS for Family | 94.130.180.225 / 2a01:4f8:1c0c:40db::1, 78.47.64.161 / 2a01:4f8:1c17:4df8::1, dns-dot.dnsforfamily.com, https://dns-doh.dnsforfamily.com/dns-query |
| Comodo Secure DNS | 8.26.56.26, 8.20.247.20 |
| dnsforge.de | 176.9.93.198, 176.9.1.117, 2a01:4f8:151:34aa::198, 2a01:4f8:141:316d::117 |
| DNSReactor | 45.55.155.25, 104.236.210.29 |
| FreeDNS | 37.235.1.174, 37.235.1.177 |
| GreenTeamDNS | 81.218.119.1, 09.88.198.133 |
| Nuernberg Internet Exchange (N-IX) | 194.8.57.12 |
| OpenDNS (Hosted Blacklists) | 208.67.222.222, 208.67.220.220, 208.67.220.222, 208.67.222.220 |
| PublicDNS.eu | 51.89.30.51, 51.89.93.25, 2001:41d0:701:1100:0:0:0:39cc |
| Quad 9 | 9.9.9.9, 149.112.112.112, 9.9.9.10, 149.112.112.10 |
| SWITCH (Hosted Blacklists) | 130.59.31.248 / 2001:620:0:ff::2, 130.59.31.251 / 2001:620:0:ff::3 |
| Yandex.DNS | 77.88.8.88, 77.88.8.2 |
| SafeDNS | 195.46.39.39, 195.46.39.40 |
| Level 3 / CentryLink / Verizon | 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6 |
| SkyDNS | 193.58.251.251 |
| New Nations | 5.45.96.220 |
| SecureDNS 1 | 146.185.167.43 |
The location of the servers has been stated by using the IPFire Location database. However, it might be possible that the location is wrong (or has been changed meanwhile).
The servers that are marked with "Anycast" are using anycasts so that traffic will be routed to the nearest of the many instances that are there on the network. Thereof the exact location of the server(s) cannot be determined. Worse, different configurations of Anycast instances cannot be determined reliable.
A DNS server has a very powerful function in network topology. Please keep in mind that it might log your queries (which is a huge information leak).
Further, not all of the DNS servers listed above return correct answers in any case. Some of them return failures for harmful or malicious sites. Check the operators website for more information on this topic.
For security reasons, it is required to use DNS servers which support DNSSEC. For privacy and availability reasons, avoid using just one providers' DNS servers.
Older Revisions • November 27 at 1:15 pm • Whyme Lyu