Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents

Experimental DNS Privacy Recursive Servers

...

Warning

Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided. 

Supports

Hosted byIP addressesHostname for TLS
authentication
Base 64 encoded (and hex) form of SPKI pin for TLS
authentication (RFC7858)

Supports

RFC7858

RFC7766 fully

SoftwareNotes
getdnsapi.net

185.49.141.38

2a04:b900:0:100::38

getdnsapi.net

foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=

(7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4)

No
No
Unbound
 

Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

dnsovertls.sinodun.com

oTLTTTTBgXZTN8cLg+Npe5Uk3dsFpxGLQ8AoQDPVoMw=

(A132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC)

No

No

, but does do concurrent
processing of queries.

Supports TFO

HAProxy + BINDOnly listening on TLS on port 853
Surfnet

145.100.185.16

2001:610:1:40ba:145:100:185:16

dnsovertls1.sinodun.com

ZZtB6wjcxw7p1iTmIZx27jGVTaFUiwyFGerlIoyyQVA=

(659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150)

No
No
, but does do concurrent
processing of queries
Nginx + BINDOnly listening on TLS on port 853
dkg

199.58.81.218

dns.cmrg.net

3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=

(DC8387492E3C28E73FCE590A1AD238E9AF5363D3CF283546844DD6D994B8259A)

No

No

, but does do concurrent
processing of queries.

Knot Resolver
 

OARCSee OARC website

The certificate is self-signed therefore
hostname validation is not supported

pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
(A4E5EBA54B7D9203E06D6C411457014DB447DA17A8DB01F05E9D5F7780045572)

  Unbound 

UnboundSee OARC website
Yeti

2001:4b98:dc2:43:216:3eff:fea9:41a

dns-resolver.yeti.eu.org

 pin-sha256="VftYcSCtgKdaHJI/P2mtcBjOt9rRc8KSjNh+cejCEwU="
(55FB587120AD80A75A1C923F3F69AD7018CEB7DAD173C2928CD87E71E8C21305) 

NoUnboundSee https://dns-resolver.yeti.eu.org/