List of Public DNS Servers

This is a list of publicly available DNS servers suitable for use with IPFire. They are operated by many different organisations in many different countries. Please consider carefully which ones you would like to use.

DNS Servers that support UDP/TCP

Operator Address(es) Hostname
Anycast
censurfridns.dk 91.239.100.100 anycast.uncensoreddns.org
2002:d596:2a92:1:71:53::
Cloudflare 1.1.1.1 cloudflare-dns.com
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
dns.sb 185.222.222.222 dot.sb
45.11.45.11
2a09::
2a11::
Hurricane Electric 74.82.42.42
2001:470:20::2
Google Public Free DNS 8.8.8.8 dns.google
8.8.4.4
Germany (DE)
Lightning Wire Labs 81.3.27.54 recursor01.dns.ipfire.org
2001:678:b28::54
81.3.27.54 recursor01.dns.lightningwirelabs.com
2001:678:b28::54
Denmark (DK)
censurfridns.dk 89.233.43.71 unicast.uncensoreddns.org
2a01:3a0:53:53::
Spain (ES)
puntCAT 109.69.8.51
France (FR)
French Data Network (FDN) 80.67.169.12
80.67.169.40
2001:910:800::12
2001:910:800::40
Netherlands (NL)
Freenom World 80.80.80.80
80.80.81.81
United Kingdom (UK)
CyberGhost 194.187.251.67
United States (US)
Alternate DNS 198.101.242.72
23.253.163.53
Comcast / Xfinity 75.75.75.75
75.75.76.76
CyberGhost 38.132.106.139
Neustar DNS Advantage 156.154.70.1
156.154.71.1
Sprintlink General DNS 204.117.214.10
199.2.252.10
204.97.212.10
Verisign 64.6.64.6
64.6.65.6

DNS-over-TLS service

Operator Address(es) DNS over TLS Hostname
Anycast
censurfridns.dk 91.239.100.100 anycast.uncensoreddns.org
2002:d596:2a92:1:71:53::
Cloudflare 1.1.1.1 cloudflare-dns.com
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Freifunk München e.V. 5.1.66.255 anycast01.ffmuc.net
2001:678:e68:f000::
5.1.66.255 dot.ffmuc.net
2001:678:e68:f000::
dns.sb 185.222.222.222 dns.sb
185.184.222.222
2a09::
2a09::1
Google Public Free DNS 8.8.8.8 dns.google
8.8.4.4
Austria (AT)
Foundation for Applied Privacy 146.255.56.98 dot1.applied-privacy.net
2a01:4f8:c0c:83ed::1
Canada (CA)
CMRG DNS 199.58.83.33 dns.cmrg.net
2001:470:1c:76d::53
Switzerland (CH)
Digitale Gesellschaft Schweiz 185.95.218.42 dns.digitale-gesellschaft.ch
185.95.218.43
2a05:fc84::42
2a05:fc84::43
Germany (DE)
Digitalcourage e.V. 5.9.164.112 dns3.digitalcourage.de
Lightning Wire Labs 81.3.27.54 recursor01.dns.ipfire.org
2001:678:b28::54
81.3.27.54 recursor01.dns.lightningwirelabs.com
2001:678:b28::54
Denmark (DK)
censurfridns.dk 89.233.43.71 unicast.uncensoreddns.org
2a01:3a0:53:53::
Finland (FI)
Snopyta 95.216.24.230 fi.dot.dns.snopyta.org
2a01:4f9:2a:1919::9301
France (FR)
Neutopia 89.234.186.112 dns.neutopia.org
2a00:5884:8209::2
Luxembourg (LU)
Restena Foundation 158.64.1.29 kaitain.restena.lu
2001:a18:1::29
Netherlands (NL)
FlokiNET 185.246.188.51 nl.resolv.flokinet.net
2a06:1700:3:11::1
GetDNS 185.49.141.37 getdnsapi.net
2a04:b900:0:100::37
Surfnet 145.100.185.17 dnsovertls2.sinodun.com
145.100.185.18 dnsovertls3.sinodun.com
2001:610:1:40ba:145:100:185:17
2001:610:1:40ba:145:100:185:18
Romania (RO)
FlokiNET 185.247.225.17 ro.resolv.flokinet.net
2a06:1700:0:36::1
United States (US)
Comcast / Xfinity (beta) 96.113.151.145 dot.xfinity.com

These providers are not recommended for use with IPFire because they do not support DNSSEC or tamper with DNS traffic in another way, such as filtering advertisement, malware or porn. While there is a legitimate use-case for the latter, such filtering breaks DNSSEC, being indistinguishable from an adversary from a technical point of view.

Operator IP Addresses
Adfree.world 139.99.176.64
Cleanbrowsing 2a0d:2a00:1::2 / 185.228.168.9, 2a0d:2a00:2::2 / 185.228.169.9
DNS for Family 94.130.180.225 / 2a01:4f8:1c0c:40db::1, 78.47.64.161 / 2a01:4f8:1c17:4df8::1, dns-dot.dnsforfamily.com, https://dns-doh.dnsforfamily.com/dns-query
Comodo Secure DNS 8.26.56.26, 8.20.247.20
dnsforge.de 176.9.93.198, 176.9.1.117, 2a01:4f8:151:34aa::198, 2a01:4f8:141:316d::117
DNSReactor 45.55.155.25, 104.236.210.29
FreeDNS 37.235.1.174, 37.235.1.177
GreenTeamDNS 81.218.119.1, 09.88.198.133
Nuernberg Internet Exchange (N-IX) 194.8.57.12
OpenDNS (Hosted Blacklists) 208.67.222.222, 208.67.220.220, 208.67.220.222, 208.67.222.220
PublicDNS.eu 51.89.30.51, 51.89.93.25, 2001:41d0:701:1100:0:0:0:39cc
Quad 9 9.9.9.9, 149.112.112.112, 9.9.9.10, 149.112.112.10
SWITCH (Hosted Blacklists) 130.59.31.248 / 2001:620:0:ff::2, 130.59.31.251 / 2001:620:0:ff::3
Yandex.DNS 77.88.8.88, 77.88.8.2
SafeDNS 195.46.39.39, 195.46.39.40
Level 3 / CentryLink / Verizon 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6
SkyDNS 193.58.251.251
New Nations 5.45.96.220
SecureDNS 1 146.185.167.43

About location and DNSSEC status

The location of the servers has been stated by using the IPFire Location database. However, it might be possible that the location is wrong (or has been changed meanwhile).

The servers that are marked with "Anycast" are using anycasts so that traffic will be routed to the nearest of the many instances that are there on the network. Thereof the exact location of the server(s) cannot be determined. Worse, different configurations of Anycast instances cannot be determined reliable.

Security and Privacy Considerations

A DNS server has a very powerful function in network topology. Please keep in mind that it might log your queries (which is a huge information leak).

Further, not all of the DNS servers listed above return correct answers in any case. Some of them return failures for harmful or malicious sites. Check the operators website for more information on this topic.

For security reasons, it is required to use DNS servers which support DNSSEC. For privacy and availability reasons, avoid using just one providers' DNS servers.

Edit Page ‐ Yes, you can edit!

Older Revisions • November 27 at 1:15 pm • Whyme Lyu