Advice Request Which DNS Server do you use? /DNS Tunnelling

Please provide comments and solutions that are helpful to the author of this topic.

Which DNS Server(s) do you use?


  • Total voters
    167
Status
Not open for further replies.
F

ForgottenSeer 19494

I've been using OpenDNS with DNSCrypt, but since I've had to install K9 Web Protection I have removed DNSCrypt and that's why now I use Norton ConnectSafe DNS. That's why I've selected both in the poll. If Norton provides DNSCrypt implementation it will be good. I also submitted a proposal for DNSCrypt to be implemented on Windows 10 as an OS feature via the Feedback Hub. Unfortunately I still can't get the Simple DNSCrypt developer to look at some issues, neither through GitHub nor via Twitter.

The servers that Norton DNS uses for my location are in Frankfurt and owned by NTT Communications Europe Ltd.
 
Last edited by a moderator:
F

ForgottenSeer 19494

Norton Family. It is a free standalone product with password protection.
I may take a look at it. :) But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I may take a look at it. :) But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.
Norton has advantage over K9, it can scan inside secure connections (HTTPS). Also, you can make different profiles for different user accounts.
K9 has advantage over Norton, it is system-wide, even for newly created user accounts. And can protect even Edge.
 

Durden

Level 3
Verified
Well-known
Dec 21, 2013
132
I just started using verisign public DNS . It's still early to judge , but I seem to like it :) .
on paper they 'respect' privacy and it seems faster than my ISP's
 
  • Like
Reactions: Cats-4_Owners-2

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,127
Combining with this link

Compare Protection - Which DNS would you choose for Security and Content blocking?

Below is a list of criteria to choose your free DNS servers from

1) Secure DNS - Secure against malware, phishing, ads and unwanted content

a) Norton ConnectSafe
b) Adguard DNS
c) OpenDNS
d) Comodo Secure DNS
e) FoolDNS
f) GreenTeam Internet
g) Fortinet Secure DNS
h) Alternate DNS
i) Neustar DNS Advantage

2) Privacy-Oriented DNS Servers

a) DNS.Watch
b) OpenNIC
c) Verisign Public DNS
d) FreeDNS

3) DNS Servers which support DNSSEC

See and choose from the list below

List of Public DNS Servers [wiki.ipfire.org]

4) DNS Resolvers which support DNSCrypt and DNSSEC i.e. encrypts and validates your DNS queries

Use Simple DNSCrypt then choose from the resolvers (with DNSCrypt and DNSSEC support) below. Choose with no-log as well.

dnscrypt-proxy/dnscrypt-resolvers.csv at master · jedisct1/dnscrypt-proxy · GitHub

5) DNS Servers which protect your Anonymity i.e. do NOT keep log of dns queries

a) OpenNIC – some supports DNSSEC and/or DNSCrypt
b) DNS.Watch – supports DNSSEC
c) Xiala.net DNS - supports DNSSEC
d) FreeDNS
e) UncensoredDNS(aka Censurfridns.dk)
f) DNSCrypt.is - supports both DNSCrypt & DNSSEC


Additionally to the above (for security, privacy and anonymity) you can

a) Use the dedicated DNS servers that come with your VPN service provider provided they do not redirect your DNS queries to say Google Public DNS, OpenDNS etc
b) Use the Secure DNS server that comes with your AV vendor like Avast paid products, Heimdal Pro etc. Can't expect privacy here for your AV vendor will collect your privacy data
c) Set up your own DNS Server

Note :-

OpenDNS supports DNSCrypt whilst Google Public DNS supports DNSSEC but both collect your personal data
 
Last edited:
F

ForgottenSeer 58943

Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,127
Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36
Thanks. Added Fortinet Secure DNS to the list
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
The Forti DNS should be a great partner for Yandex browser because that Yandex has Sophos sig engine+sophos behavior URL monitoring + Yandex home Engine+maybe kasper sky Engine(some one said)
 
F

ForgottenSeer 58943

thnx for this! really a great catch lol I didn't know..
Will it provide the same level of web filtering as forti client?

Fortiguard DNS uses the same filter lists as the Fortigate appliance for malvertising/malware/botnet/ransomware hosts. Also the same filtration list as Forticlient itself. So if you use this as a layered approach it should be exceptional.

A little known secret. But one I know very well because one of our MSP clients MUST have access to malicious websites for their research. So when I turn off malicious website filtering, the FortiGuard DNS kept blocking it and he opened more tickets to whine so I had to shift him to a non-filtering DNS. I have additional Fortiguard DNS IP addresses to share, run some pings and see what suits.

Fortinet doesn't monitor their DNS servers to determine if they are in use on a FortiGate appliance or not. :)

208.91.112.220
80.85.69.54:53
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,127
For me I'm using DNS servers which support no-logging, DNSCrypt and DNSSEC

Free OpenNIC DNS server (privately hosted) which support both DNSCrypt and DNSSEC

a) IP4 address : 104.238.186.189

DNSCrypt - OpenNIC Public Servers
DNSSEC - List of Public DNS Servers [wiki.ipfire.org]

and

b) IP4 address : 93.95.228.87

DNSCrypt & DNSSEC - DNSCrypt.is

Both do NOT log dns queries.

I've used Simple DNSCrypt to achieve the above but it has some quirks. Troublesome, don't disable itself upon restart and those DNS resolvers I wanted are not performing as expected. For web filtering I'm using uBlock Origin.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top