DNS Privacy Project

Skip to end of metadata
Go to start of metadata

Experimental DNS Privacy Recursive Servers

The following servers are configured to support TLS on port 853 for testing purposes.

Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided. 

Also note that the single SPKI pins published here for many of these servers are subject to change (e.g on Certificate renewal) and should be used with care!!

Hosted byIP addressesHostname for TLS
authentication
Base 64 encoded form of SPKI pin for TLS
authentication (RFC7858)

Supports

RFC7766 fully

SoftwareNotes
getdnsapi.net

185.49.141.38

2a04:b900:0:100::38

getdnsapi.net

foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=

NoUnbound
Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

dnsovertls.sinodun.com

62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=

No, but does do concurrent
processing of queries.

Supports TFO

HAProxy + BINDOnly listening on TLS on port 853
Surfnet

145.100.185.16

2001:610:1:40ba:145:100:185:16

dnsovertls1.sinodun.com

cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=

No, but does do concurrent
processing of queries
Nginx + BINDOnly listening on TLS on port 853
dkg

199.58.81.218

dns.cmrg.net

3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=

No, but does do concurrent
processing of queries.

Knot Resolver
OARC

184.105.193.78

2620:ff:c000:0:1::64:25

tls-dns-u.odvr.dns-oarc.net

pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=

NoUnboundSee OARC website
Yeti

2001:4b98:dc2:43:216:3eff:fea9:41a

dns-resolver.yeti.eu.org

f239151afe463f7e04ef4fed0eefa3daf9d9d5b8a46b2ca6d90bc5e26917d758

NoUnboundSee https://dns-resolver.yeti.eu.org/
Yeti2a00:e50:f15c:1000::2:53yeti-rr.datev.net



UncensoredDNS

89.233.43.71 

2a01:3a0:53:53::

unicast.censurfridns.dk




See https://blog.uncensoreddns.org/
Lorraine Data Network

80.67.188.188





Uses a self-signed certificate, no key published
  • No labels