Advice Request Which DNS Server do you use? /DNS Tunnelling

[Logethica]

Two-fifths of business networks show evidence of DNS tunnelling -
the latest security report from network control firm Infoblox reveals..
SOURCE: computerweekly.com

DNS tunnelling is a technique used to send and receive data packets over the domain name system (DNS) that is designed to translate domain names such as computerweekly.com into IP addresses such as 206.19.49.154, and consequently has no inherent security or monitoring capability...

[IMAGE: Wikimedia.org (reuse permitted)]

DNS tunnelling activity is a significant security threat that can indicate malware or data exfiltration within a network, according to the company’s security assessment report for the second quarter of 2016.

The report said 559 files capturing DNS traffic were uploaded to Infoblox for assessment from 248 customers across a wide range of industries and geographies. Evidence of suspicious DNS activity, such as attempting to reach known malicious internet locations, was present in 66% of the files.

The prevalence of DNS tunnelling is one of the trends that stands out in the quarter, the report said, noting that cyber criminals know that DNS is a well-established and trusted protocol, and that many organisations do not examine their DNS traffic for malicious activity.

DNS tunnelling enables cyber criminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls, the report said.

While there are quasi-legitimate uses of DNS tunnelling, many instances are malicious. There are several off-the-shelf tunnelling toolkits readily available on the internet that enable cyber criminals with relatively little technical expertise to mount DNS tunnelling attacks...

[To read the full article please visit computerweekly.com]​

Free & Public DNS Servers (Valid August 2016):
SOURCE: pcsupport.about.com

Provider: / Primary DNS Server / Secondary DNS Server
Level3: / 209.244.0.3 / 209.244.0.4
Verisign: / 64.6.64.6 / 64.6.65.6
Google: / 8.8.8.8 / 8.8.4.4
DNS.WATCH: / 84.200.69.80 / 84.200.70.40
Comodo Secure DNS: / 8.26.56.26 / 8.20.247.20
OpenDNS Home: / 208.67.222.222 / 208.67.220.220
DNS Advantage: / 156.154.70.1 / 156.154.71.1
Norton ConnectSafe: / 199.85.126.10 / 199.85.127.10
GreenTeamDNS: / 81.218.119.11 / 209.88.198.133
SafeDNS: / 195.46.39.39 / 195.46.39.40
OpenNIC: / 162.211.64.20 / 199.195.249.174
SmartViper: / 208.76.50.50 / 208.76.51.51
Dyn: / 216.146.35.35 / 216.146.36.36
FreeDNS: / 37.235.1.174 / 37.235.1.177
Alternate DNS: / 198.101.242.72 / 23.253.163.53
Yandex.DNS: / 77.88.8.8 / 77.88.8.1

 

[Deleted member 2913]

Currently Google DNS

As per DnsJumper, Google DNS is the only one matches the speed of my ISP i.e both 8.8.8.8 & 8.8.4.4 are mostly under 10 milliseconds like my ISP.
Rest all DNS speed is like around 30-80 milliseconds for the 1st DNS IP & above 100 or 200 milliseconds for the 2nd DNS IP.

My ISP works good but I kinda think Google DNS is better secure compared to my ISP.
And few relatives are abroad, when we do WhatsApp & FaceTime, I find voice breakage, inconsistent connection with my ISP And no probs with Google DNS So its also one of the reasons to use Google DNS.

Never faced any probs with Google DNS yet.

 

[LabZero]

Lately my ISP has caused some problems to me because of DNS.
Then I moved to Google DNS and I solved.
Perhaps big G DNS are not the fastest but certainly they are very stable.

 

[Bill7]

I use Opendns as primary DNS and google DNS a few times

 

[hjlbx]

If you want to collect malware samples for malware testing, then do not use Norton ConnectSafe DNS as it will block access to many malware sample download sites.

 

[OokamiCreed]

I use Google DNS. I use it simply do to best ping results, best reliability, and no down time as far as experienced. Keep having down time issues with OpenDNS along with some instability here and there. This DNS is used for majority devices (it's set on my router). I use an adblocking DNS for my phone. Seems to be working well.

 

[DardiM]

I use my provider DNS (almost all the time)
(or my VPN DNS)

 

[Overkill]

OpenDNS = My laptop and our family desktop
Yandex = My son's laptops (wonderful for blocking porn/adult content and enabling safe/strict search for search engines, for him google so no adult images are shown)
Norton = My old desktop

 

[yigido]

OpenDNS or nearest OpenNIC

 

[_CyberGhosT_]

Norton connect safe is my solution.
They have varying levels of security
The 199.85.126 and 199.85.127 and the end decides the level .10 is the least secure, then .20 which blocks more and the .30 which is pretty secure. the one ending in 127 is the second server.
The config I use is as follows:
1> 199.85.126.20
2> 199.85.127.20
Thanks Logethica

 

[Kuttz]

I am using Adguard DNS (Beta) so far so good. Adguard DNS offers not only security but also does blocking of Ads and Trackers as a bonus feature. Since the service is in Beta stage at the moment some may face issues.

Adguard DNS SERVERS:

Default
Use these servers to block ads, trackers and phishing websites.

176.103.130.130

176.103.130.131

Family Protection
"Default" + blocking adult websites.

176.103.130.132

176.103.130.134

 

[_CyberGhosT_]

I am using Adguard DNS (Beta) so far so good. Adguard DNS offers not only security but also does blocking of Ads and Trackers as a bonus feature. Since the service is in Beta stage at the moment some may face issues.

Adguard DNS SERVERS:

Default
Use these servers to block ads, trackers and phishing websites.

176.103.130.130

176.103.130.131

Family Protection
"Default" + blocking adult websites.

176.103.130.132

176.103.130.134

I had no idea AdGuard offered DNS servers, I will go check this out.
Thanks for the share

 

[King Alpha]

My vote goes to Norton DNS. It has the best malware protection IMHO.

OpenDNS is good too, especially for phishing sites.

 

[DoxThis]

I use verisign as they resolve all tld queries for .net and .com
Its pretty fast and if you try to do a dnsleaktest it will not show any results (gets blocked)

 

[exCode]

Google DNS. Never found any use for anything more/less

 

[DoxThis]

I am using Adguard DNS (Beta) so far so good. Adguard DNS offers not only security but also does blocking of Ads and Trackers as a bonus feature. Since the service is in Beta stage at the moment some may face issues.

Adguard DNS SERVERS:

Default
Use these servers to block ads, trackers and phishing websites.

176.103.130.130

176.103.130.131

Family Protection
"Default" + blocking adult websites.

176.103.130.132

176.103.130.134

Using adblock dns doesn't work if the connection is https (ex youtube)

 

[Evjl's Rain]

- GoogleDns: fastest, but it almost never blocks anything if we use google chrome
- OpenDns: second fastest, secure -> I'm using now
- NortonDns: slow and fast, deoends on the time, noticeably increases gaming latency
- Adguard: a bit slow, still in beta and buggy, sometimes it blocks everything literally, I couldn't access the internet unless I changed my DNS. I was using it for a long time until this happened. Sometimes it also slowed down a lot of websites while the others were still fast. They need more servers. Looking for the official release. It didn't slow down gaming much

 

[Dirk41]

I did not know all those DNS exist , just google and open.

I have to pay to try norton dns ? Or just add them ?

 

[frogboy]

I did not know all those DNS exist , just google and open.

I have to pay to try norton dns ? Or just add them ?

Norton DNS is free to use so just add them.

 

[frogboy]

Or just use DNS Jumper www.sordum.org/7952/dns-jumper-v2-0/ and easily choose the safest or the fastest with just a few clicks.