Poll Which DNS Server do you use? /DNS Tunnelling

Discussion in 'VPN and Privacy' started by Logethica, Aug 31, 2016.

?

Which DNS Server(s) do you use?

  1. Open DNS

    26.1%
  2. Google DNS

    29.9%
  3. Comodo Secure DNS

    5.2%
  4. Norton ConnectSafe DNS

    12.7%
  5. Safe DNS

    0.7%
  6. OpenNIC

    1.5%
  7. Dyn DNS

    1.5%
  8. Yandex DNS

    6.7%
  9. * I use DNS Server(s) assigned by my ISP (Internet Service Provider)

    18.7%
  10. * I use DNS Server(s) not listed above (please specify)

    20.1%
Multiple votes are allowed.
  1. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    #61 liubomirwm, May 25, 2017
    Last edited: May 25, 2017
    I've been using OpenDNS with DNSCrypt, but since I've had to install K9 Web Protection I have removed DNSCrypt and that's why now I use Norton ConnectSafe DNS. That's why I've selected both in the poll. If Norton provides DNSCrypt implementation it will be good. I also submitted a proposal for DNSCrypt to be implemented on Windows 10 as an OS feature via the Feedback Hub. Unfortunately I still can't get the Simple DNSCrypt developer to look at some issues, neither through GitHub nor via Twitter.

    The servers that Norton DNS uses for my location are in Frankfurt and owned by NTT Communications Europe Ltd.
     
  2. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,228
    64,817
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    For safe web browsing, this is worth a look. ;)

    Dns Angel
     
  3. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    AtlBo and frogboy like this.
  4. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    Yes, but I needed a program which cannot be bypassed even by an administrator without a password.
     
    AtlBo and frogboy like this.
  5. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Norton Family. It is a free standalone product with password protection.
     
  6. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    I may take a look at it. :) But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.
     
    Cats-4_Owners-2, AtlBo and frogboy like this.
  7. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Norton has advantage over K9, it can scan inside secure connections (HTTPS). Also, you can make different profiles for different user accounts.
    K9 has advantage over Norton, it is system-wide, even for newly created user accounts. And can protect even Edge.
     
    Cats-4_Owners-2, Parsh, AtlBo and 2 others like this.
  8. Durden

    Durden Level 2

    Dec 21, 2013
    93
    346
    BSC in medicine
    Windows 10
    Emsisoft
    I just started using verisign public DNS . It's still early to judge , but I seem to like it :) .
    on paper they 'respect' privacy and it seems faster than my ISP's
     
    Cats-4_Owners-2 likes this.
  9. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,304
    5,767
    Far East
    #69 HarborFront, Jul 31, 2017
    Last edited: Jul 31, 2017
    Combining with this link

    Compare Protection - Which DNS would you choose for Security and Content blocking?

    Below is a list of criteria to choose your free DNS servers from

    1) Secure DNS - Secure against malware, phishing, ads and unwanted content

    a) Norton ConnectSafe
    b) Adguard DNS
    c) OpenDNS
    d) Comodo Secure DNS
    e) FoolDNS
    f) GreenTeam Internet
    g) Fortinet Secure DNS
    h) Alternate DNS
    i) Neustar DNS Advantage

    2) Privacy-Oriented DNS Servers

    a) DNS.Watch
    b) OpenNIC
    c) Verisign Public DNS
    d) FreeDNS

    3) DNS Servers which support DNSSEC

    See and choose from the list below

    List of Public DNS Servers [wiki.ipfire.org]

    4) DNS Resolvers which support DNSCrypt and DNSSEC i.e. encrypts and validates your DNS queries

    Use Simple DNSCrypt then choose from the resolvers (with DNSCrypt and DNSSEC support) below. Choose with no-log as well.

    dnscrypt-proxy/dnscrypt-resolvers.csv at master · jedisct1/dnscrypt-proxy · GitHub

    5) DNS Servers which protect your Anonymity i.e. do NOT keep log of dns queries

    a) OpenNIC – some supports DNSSEC and/or DNSCrypt
    b) DNS.Watch – supports DNSSEC
    c) Xiala.net DNS - supports DNSSEC
    d) FreeDNS
    e) UncensoredDNS(aka Censurfridns.dk)
    f) DNSCrypt.is - supports both DNSCrypt & DNSSEC


    Additionally to the above (for security, privacy and anonymity) you can

    a) Use the dedicated DNS servers that come with your VPN service provider provided they do not redirect your DNS queries to say Google Public DNS, OpenDNS etc
    b) Use the Secure DNS server that comes with your AV vendor like Avast paid products, Heimdal Pro etc. Can't expect privacy here for your AV vendor will collect your privacy data
    c) Set up your own DNS Server

    Note :-

    OpenDNS supports DNSCrypt whilst Google Public DNS supports DNSSEC but both collect your personal data
     
  10. askalan

    askalan Level 9
    AV Tester

    Jul 27, 2017
    425
    2,752
    Germany
    Linux
    Doctor Web
    I use my own Pi-Hole DNS Server with the Adguard DNS Family Protection for IPv4 and Google DNS for IPv6. Blocklists: The Big Blocklist Collection DNSSEC enabled.
     
    Cats-4_Owners-2 and Sunshine-boy like this.
  11. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,104
    4,418
    Fortinet Engineer
    USA
    Other OS
    Two I like to use;

    Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
    208.91.112.53
    208.91.112.52

    You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

    DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
    resolver1.dyndnsinternetguide.com – 216.146.35.35
    resolver2.dyndnsinternetguide.com – 216.146.36.36
     
  12. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,304
    5,767
    Far East
    Thanks. Added Fortinet Secure DNS to the list
     
    Cats-4_Owners-2 and frogboy like this.
  13. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,173
    5,196
    IRAN
    Windows 10
    ESET
    Before open DNS but now DNS watch.
     
    Cats-4_Owners-2 and frogboy like this.
  14. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,104
    4,418
    Fortinet Engineer
    USA
    Other OS
    You may also want to add Alternate DNS.. Secured DNS w/Ad+Malvertising block. Much faster than Adguard in my tests.

    Alternate DNS - Ad Blocking DNS Server
    Primary: 198.101.242.72
    Secondary: 23.253.163.53
     
  15. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,173
    5,196
    IRAN
    Windows 10
    ESET
    #75 Sunshine-boy, Jul 31, 2017
    Last edited: Jul 31, 2017
    thnx for this! really a great catch lol I didn't know..
    Will it provide the same level of web filtering as forti client?
     
  16. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,173
    5,196
    IRAN
    Windows 10
    ESET
    The Forti DNS should be a great partner for Yandex browser because that Yandex has Sophos sig engine+sophos behavior URL monitoring + Yandex home Engine+maybe kasper sky Engine(some one said)
     
  17. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,104
    4,418
    Fortinet Engineer
    USA
    Other OS
    Fortiguard DNS uses the same filter lists as the Fortigate appliance for malvertising/malware/botnet/ransomware hosts. Also the same filtration list as Forticlient itself. So if you use this as a layered approach it should be exceptional.

    A little known secret. But one I know very well because one of our MSP clients MUST have access to malicious websites for their research. So when I turn off malicious website filtering, the FortiGuard DNS kept blocking it and he opened more tickets to whine so I had to shift him to a non-filtering DNS. I have additional Fortiguard DNS IP addresses to share, run some pings and see what suits.

    Fortinet doesn't monitor their DNS servers to determine if they are in use on a FortiGate appliance or not. :)

    208.91.112.220
    80.85.69.54:53
     
  18. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,304
    5,767
    Far East
    Ok added to the list. Thanks
     
    Sunshine-boy likes this.
  19. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,173
    5,196
    IRAN
    Windows 10
    ESET
    good for us:p
     
    frogboy likes this.
  20. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,304
    5,767
    Far East
    For me I'm using DNS servers which support no-logging, DNSCrypt and DNSSEC

    Free OpenNIC DNS server (privately hosted) which support both DNSCrypt and DNSSEC

    a) IP4 address : 104.238.186.189

    DNSCrypt - OpenNIC Public Servers
    DNSSEC - List of Public DNS Servers [wiki.ipfire.org]

    and

    b) IP4 address : 93.95.228.87

    DNSCrypt & DNSSEC - DNSCrypt.is

    Both do NOT log dns queries.

    I've used Simple DNSCrypt to achieve the above but it has some quirks. Troublesome, don't disable itself upon restart and those DNS resolvers I wanted are not performing as expected. For web filtering I'm using uBlock Origin.
     
    Fritz and Sunshine-boy like this.
Loading...
Similar Threads Forum Date
Dridex Campaign Abuses FTP Servers Security News Today at 8:37 AM
Need Help How to set up 2 DHCP servers in a single network? Hardware - Questions & Help Wednesday at 10:51 PM
Malwarebytes Anti-Malware not connecting to server Malwarebytes Sunday at 8:13 AM