Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

List of Public DNS Servers

This is a list of publicly available DNS servers suitable for use with IPFire. They are operated by many different organisations in many different countries. Please consider carefully which ones you would like to use.


DS = plain DNSSEC service only (no DoT service)
DoT = DNS-over-TLS service only (no plain DNSSEC service)
DS-DT = Server offers both plain DNSSEC service and DNS-over-TLS service


 

Operator Address(es) DNS over TLS Hostname Service
Anycast
censurfridns.dk 91.239.100.100 anycast.uncensoreddns.org DoT
2002:d596:2a92:1:71:53::
Cloudflare 1.1.1.1 cloudflare-dns.com DS-DT
1.0.0.1 DS-DT
2606:4700:4700::1111
2606:4700:4700::1001
dns.sb 185.222.222.222 dns.sb DS-DT
185.184.222.222 DS-DT
2a09::
2a09::1
Hurricane Electric 74.82.42.42
2001:470:20::2
Google Public Free DNS 8.8.8.8 dns.google DS-DT
8.8.4.4 DS-DT
Quad9 9.9.9.9 dns.quad9.net DS-DT
9.9.9.10 DS
9.9.9.11 DS
149.112.112.112 DS
2620:fe::9
2620:fe::fe
Austria (AT)
Foundation for Applied Privacy 93.177.65.183 dot1.applied-privacy.net DoT
2a03:4000:38:53c::2
Canada (CA)
CMRG DNS 199.58.81.218 dns.cmrg.net DoT
Switzerland (CH)
Digitale Gesellschaft Schweiz 185.95.218.42 dns.digitale-gesellschaft.ch DoT
185.95.218.43 DoT
2a05:fc84::42
2a05:fc84::43
Germany (DE)
Digitalcourage e.V. 46.182.19.48 dns2.digitalcourage.de DS-DT
2a02:2970:1002::18
Lightning Wire Labs 81.3.27.54 recursor01.dns.ipfire.org DS-DT
2001:678:b28::54
81.3.27.54 recursor01.dns.lightningwirelabs.com DS-DT
2001:678:b28::54
Denmark (DK)
censurfridns.dk 89.233.43.71 unicast.uncensoreddns.org DoT
2001:67c:28a4::
Spain (ES)
puntCAT 109.69.8.51 DS
France (FR)
French Data Network (FDN) 80.67.169.12 DS
80.67.169.40 DS
2001:910:800::12
2001:910:800::40
GetDNS 185.49.141.37 getdnsapi.net DoT
Neutopia 89.234.186.112 dns.neutopia.org DoT
SafeDNS 146.185.167.43 dot.securedns.eu DoT
Luxembourg (LU)
Restena Foundation 158.64.1.29 kaitain.restena.lu DoT
Netherlands (NL)
Freenom World 80.80.80.80 DS
80.80.81.81 DS
Surfnet 145.100.185.17 dnsovertls2.sinodun.com DoT
145.100.185.18 dnsovertls3.sinodun.com DoT
2001:610:1:40ba:145:100:185:17
2001:610:1:40ba:145:100:185:18
United Kingdom (UK)
CyberGhost 194.187.251.67
United States (US)
Alternate DNS 198.101.242.72 DS
23.253.163.53 DS
Comcast / Xfinity 75.75.75.75 DS
75.75.76.76 DS
Comcast / Xfinity (beta) 96.113.151.145 dot.xfinity.com DoT
CyberGhost 38.132.106.139
Neustar DNS Advantage 156.154.70.1 DS
156.154.71.1 DS
Sprintlink General DNS 204.117.214.10 DS
199.2.252.10 DS
204.97.212.10 DS
Verisign 64.6.64.6 DS
64.6.65.6 DS

Unusable DNS Providers

These providers are not suitable for use with IPFire because they do not support DNSSEC or tamper with DNS traffic in another way.

Operator IP Addresses
Cleanbrowsing 2a0d:2a00:1::2 / 185.228.168.9, 2a0d:2a00:2::2 / 185.228.169.9
Comodo Secure DNS 8.26.56.26, 8.20.247.20
DNSReactor 45.55.155.25, 104.236.210.29
FreeDNS 37.235.1.174, 37.235.1.177
GreenTeamDNS 81.218.119.1, 09.88.198.133
Nuernberg Internet Exchange (N-IX) 194.8.57.12
OpenDNS (Hosted Blacklists) 208.67.222.222, 208.67.220.220, 208.67.220.222, 208.67.222.220
Quad 9 9.9.9.10, 149.112.112.10
SWITCH (Hosted Blacklists) 130.59.31.248 / 2001:620:0:ff::2, 130.59.31.251 / 2001:620:0:ff::3
Yandex.DNS 77.88.8.88, 77.88.8.2
SafeDNS 195.46.39.39, 195.46.39.40
Level 3 / CentryLink / Verizon 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6
SkyDNS 193.58.251.251
New Nations 5.45.96.220

About location and DNSSEC status

The location of the servers has been stated by using GeoIP Tool and the IPFire GeoIP server. However, it might be possible that the location is wrong (or has been changed meanwhile).

The servers that are marked with "Anycast" are using anycasts so that traffic will be routed to the nearest of the many instances that are there on the network. Thereof the exact location of the server(s) cannot be determined. Worse, different configurations of Anycast instances cannot be determined reliable.

Security Considerations

A DNS server has a very powerful function in network topology. Please keep in mind that it might log your queries (which is a huge information leak).

Further, not all of the DNS servers listed above return correct answers in any case. Some of them return failures for harmful or malicious sites. Check the operators website for more information on this topic.

For security reasons, it is required to use DNS servers which support DNSSEC. For privacy and availability reasons, avoid using just one providers' DNS servers.

Edit Page ‐ Yes, you can edit!

Older Revisions • March 24 at 7:00 pm • Jon