Originally Posted by
Instab
using services of any big company is of course a bad idea, because they collect and have way too much data already. if you're interested in privacy, the likes of google and cloudflare are the last choice.
there're long lists of public dns servers available at many sites, which are from no-name providers and located in liberal countries.
The problem is noname providers may be honeypots as well. Or may not be strong enough to resist against some pressure (technical pressure such as DoD, hacks, or legal pressure). Or don't present any audited capabilities. When you you use a noname DNS provider, you are hoping... Exactly as when/if you use noname vpn. A reputable entity has something to lost if it become unworthy of his reputation. A noname entity has nothing to lose.
And the sad fact is free&secure&uncensored DNS services is not in a healthy state now (and the number of independent liberal countries tend to reduce dramatically). For example: some years ago the German Privacy Foundation DNS was a good choice. Then they stopped providing DNS services, advising to use Swiss Privacy Foundation DNS... A good choice too (I think). But after a few years the SPF ceased to provide DNS, advising to use the service of "their friends" from Xiala. Which was probably (I think so but have no formal proof) a good choice too. But then... Recently Xiala stopped all activities, too. With no replacement advises this times.
Now, what remains, outside US/UK? CensurfriDNS, good rep, managed only by an individual (Denmark), SecureDNS.eu, managed by an other individual (Netherlands). Better is probably CCC's DNS (good rep. too, and the service does not rely on a sole individual), but they don't provide neither IPv6 DNS, nor DoH or DoT. Ah, and OpenNic too. But it is an act of faith to use one of the OpenNic's DNS. Interesting for ponctual usage, to circumvent some DNS blockage. But for continual use?? As noticed here on AirVPN forum, "Unfortunately, regardless of the OpenNIC DNS server I use sooner or later I end up seeing DNS queries being routed through the UK or USA. Multicasting effect of OpenNIC or programmed IP address swaps among opennic servers or other reasons I do not understand or do not know, but do not like it one bit my DNS queries often end up in internet privacy hell locations when using OpenNIC DNS servers referenced as allegedly being outside these locations."
So for casual activities, I think using ClouFlare's DNS is not a so bad choice, particularly DNS over TLS or Https, over Tor. If you are really engaged in activities requiring high level of privacy, best to use Tails or Whonix.
Here a list of DNS services that seem not bad (promising no log, outside 5 eyes countries, plausibly able to maintain a good level of security on their infrastrure):
SecureDNS.eu
See site (DoH, DoTLS, DnsCrypt, OpenNic TLD, NameCoin TLD)
ChaosComputerClub (Germany)
https://www.ccc.de/en/censorship/dns-howto
Code:
IPV4
194.150.168.168 (DNSSEC)
213.73.91.35
Censurfri DNS (Denmark - DNSSEC)
https://blog.censurfridns.dk/
Code:
IPv4
89.233.43.71
IPv6
2001:67c:28a4::
Piratat Partiet DNS (Norway - OpenNIC TLD)
https://www.piratpartiet.no/dns/
Code:
IPv4
87.238.35.136
185.56.187.149
Ipredator DNS (Sweden)
https://ipredator.se/page/services#service_dns
Code:
IPv4:
194.132.32.32 (supports dnscrypt)
46.246.46.346
IPv6:
2001:67C:1350:DEAD:BEEF::246
2C0F:F930:DEAD:BEEF::32 (supports dnscrypt)
OVPN.com DNS (Sweden)
http://www.ovpn.com/en/blog/change-y...rvers-to-ovpns
Code:
IPv4
46.227.67.134
46.227.67.135
IPv6:
2a03:8600:8600::5a
2a03:8600:8600::5b
Mullvad DNS (Sweden)
https://mullvad.net/en/guides/dns-leaks/
Code:
IPv4
193.138.219.228
This list is not very long. If IPv6 resolving is required, it reduces to 4 services, of which 2 are managed by individuals. If you require Ipv6 resolving and encryption (DoTLS or DoH), there is only one :( . It is run by an individual.
Maybe there are few others I didn't found after many searches, but what are they really worth in regard to the criteria above?
NB: Italic = run by individual.
Bookmarks