Advice Request Which DNS Server do you use? /DNS Tunnelling

[ForgottenSeer 19494]

I've been using OpenDNS with DNSCrypt, but since I've had to install K9 Web Protection I have removed DNSCrypt and that's why now I use Norton ConnectSafe DNS. That's why I've selected both in the poll. If Norton provides DNSCrypt implementation it will be good. I also submitted a proposal for DNSCrypt to be implemented on Windows 10 as an OS feature via the Feedback Hub. Unfortunately I still can't get the Simple DNSCrypt developer to look at some issues, neither through GitHub nor via Twitter.

The servers that Norton DNS uses for my location are in Frankfurt and owned by NTT Communications Europe Ltd.

 

[frogboy]

For safe web browsing, this is worth a look.

Dns Angel

 

[ForgottenSeer 19494]

You can vote here: https://aka.ms/Ygdfp0

 

[ForgottenSeer 19494]

For safe web browsing, this is worth a look.

Dns Angel

Yes, but I needed a program which cannot be bypassed even by an administrator without a password.

 

[shmu26]

Yes, but I needed a program which cannot be bypassed even by an administrator without a password.

Norton Family. It is a free standalone product with password protection.

 

[ForgottenSeer 19494]

Norton Family. It is a free standalone product with password protection.

I may take a look at it. But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.

 

[shmu26]

I may take a look at it. But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.

Norton has advantage over K9, it can scan inside secure connections (HTTPS). Also, you can make different profiles for different user accounts.
K9 has advantage over Norton, it is system-wide, even for newly created user accounts. And can protect even Edge.

 

[Durden]

I just started using verisign public DNS . It's still early to judge , but I seem to like it .
on paper they 'respect' privacy and it seems faster than my ISP's

 

[HarborFront]

Combining with this link

Compare Protection - Which DNS would you choose for Security and Content blocking?

Below is a list of criteria to choose your free DNS servers from

1) Secure DNS - Secure against malware, phishing, ads and unwanted content

a) Norton ConnectSafe
b) Adguard DNS
c) OpenDNS
d) Comodo Secure DNS
e) FoolDNS
f) GreenTeam Internet
g) Fortinet Secure DNS
h) Alternate DNS
i) Neustar DNS Advantage

2) Privacy-Oriented DNS Servers

a) DNS.Watch
b) OpenNIC
c) Verisign Public DNS
d) FreeDNS

3) DNS Servers which support DNSSEC

See and choose from the list below

List of Public DNS Servers [wiki.ipfire.org]

4) DNS Resolvers which support DNSCrypt and DNSSEC i.e. encrypts and validates your DNS queries

Use Simple DNSCrypt then choose from the resolvers (with DNSCrypt and DNSSEC support) below. Choose with no-log as well.

dnscrypt-proxy/dnscrypt-resolvers.csv at master · jedisct1/dnscrypt-proxy · GitHub

5) DNS Servers which protect your Anonymity i.e. do NOT keep log of dns queries

a) OpenNIC – some supports DNSSEC and/or DNSCrypt
b) DNS.Watch – supports DNSSEC
c) Xiala.net DNS - supports DNSSEC
d) FreeDNS
e) UncensoredDNS(aka Censurfridns.dk)
f) DNSCrypt.is - supports both DNSCrypt & DNSSEC


Additionally to the above (for security, privacy and anonymity) you can

a) Use the dedicated DNS servers that come with your VPN service provider provided they do not redirect your DNS queries to say Google Public DNS, OpenDNS etc
b) Use the Secure DNS server that comes with your AV vendor like Avast paid products, Heimdal Pro etc. Can't expect privacy here for your AV vendor will collect your privacy data
c) Set up your own DNS Server

Note :-

OpenDNS supports DNSCrypt whilst Google Public DNS supports DNSSEC but both collect your personal data

 

[AlanOstaszewski]

I use my own Pi-Hole DNS Server with the Adguard DNS Family Protection for IPv4 and Google DNS for IPv6. Blocklists: The Big Blocklist Collection DNSSEC enabled.

 

[ForgottenSeer 58943]

Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36

 

[HarborFront]

Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36

Thanks. Added Fortinet Secure DNS to the list

 

[Sunshine-boy]

Before open DNS but now DNS watch.

 

[ForgottenSeer 58943]

Thanks. Added Fortinet Secure DNS to the list

You may also want to add Alternate DNS.. Secured DNS w/Ad+Malvertising block. Much faster than Adguard in my tests.

Alternate DNS - Ad Blocking DNS Server
Primary: 198.101.242.72
Secondary: 23.253.163.53

 

[Sunshine-boy]

Fortinet Secure DNS

thnx for this! really a great catch lol I didn't know..
Will it provide the same level of web filtering as forti client?

 

[Sunshine-boy]

The Forti DNS should be a great partner for Yandex browser because that Yandex has Sophos sig engine+sophos behavior URL monitoring + Yandex home Engine+maybe kasper sky Engine(some one said)

 

[ForgottenSeer 58943]

thnx for this! really a great catch lol I didn't know..
Will it provide the same level of web filtering as forti client?

Fortiguard DNS uses the same filter lists as the Fortigate appliance for malvertising/malware/botnet/ransomware hosts. Also the same filtration list as Forticlient itself. So if you use this as a layered approach it should be exceptional.

A little known secret. But one I know very well because one of our MSP clients MUST have access to malicious websites for their research. So when I turn off malicious website filtering, the FortiGuard DNS kept blocking it and he opened more tickets to whine so I had to shift him to a non-filtering DNS. I have additional Fortiguard DNS IP addresses to share, run some pings and see what suits.

Fortinet doesn't monitor their DNS servers to determine if they are in use on a FortiGate appliance or not.

208.91.112.220
80.85.69.54:53

 

[HarborFront]

You may also want to add Alternate DNS.. Secured DNS w/Ad+Malvertising block. Much faster than Adguard in my tests.

Alternate DNS - Ad Blocking DNS Server
Primary: 198.101.242.72
Secondary: 23.253.163.53

Ok added to the list. Thanks

 

[Sunshine-boy]

ortinet doesn't monitor their DNS servers to determine if they are in use on a FortiGate appliance or not

good for us

 

[HarborFront]

For me I'm using DNS servers which support no-logging, DNSCrypt and DNSSEC

Free OpenNIC DNS server (privately hosted) which support both DNSCrypt and DNSSEC

a) IP4 address : 104.238.186.189

DNSCrypt - OpenNIC Public Servers
DNSSEC - List of Public DNS Servers [wiki.ipfire.org]

and

b) IP4 address : 93.95.228.87

DNSCrypt & DNSSEC - DNSCrypt.is

Both do NOT log dns queries.

I've used Simple DNSCrypt to achieve the above but it has some quirks. Troublesome, don't disable itself upon restart and those DNS resolvers I wanted are not performing as expected. For web filtering I'm using uBlock Origin.