Q&A Which DNS Server do you use? /DNS Tunnelling

Which DNS Server(s) do you use?


  • Total voters
    163
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#61
I've been using OpenDNS with DNSCrypt, but since I've had to install K9 Web Protection I have removed DNSCrypt and that's why now I use Norton ConnectSafe DNS. That's why I've selected both in the poll. If Norton provides DNSCrypt implementation it will be good. I also submitted a proposal for DNSCrypt to be implemented on Windows 10 as an OS feature via the Feedback Hub. Unfortunately I still can't get the Simple DNSCrypt developer to look at some issues, neither through GitHub nor via Twitter.

The servers that Norton DNS uses for my location are in Frankfurt and owned by NTT Communications Europe Ltd.
 
Last edited:
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#66
Norton Family. It is a free standalone product with password protection.
I may take a look at it. :) But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.
 

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,143
OS
Windows 10
#67
I may take a look at it. :) But I find K9 good enough. Tried Qustodio before, but it was using too much system resources + I don't need its advanced features and it also injects its Root certificate in the place of the Avast Web Shield one.
Norton has advantage over K9, it can scan inside secure connections (HTTPS). Also, you can make different profiles for different user accounts.
K9 has advantage over Norton, it is system-wide, even for newly created user accounts. And can protect even Edge.
 
Joined
Dec 21, 2013
Messages
96
OS
Windows 10
Antivirus
Kaspersky
#68
I just started using verisign public DNS . It's still early to judge , but I seem to like it :) .
on paper they 'respect' privacy and it seems faster than my ISP's
 

HarborFront

Level 39
Content Creator
Joined
Oct 9, 2016
Messages
2,895
#69
Combining with this link

Compare Protection - Which DNS would you choose for Security and Content blocking?

Below is a list of criteria to choose your free DNS servers from

1) Secure DNS - Secure against malware, phishing, ads and unwanted content

a) Norton ConnectSafe
b) Adguard DNS
c) OpenDNS
d) Comodo Secure DNS
e) FoolDNS
f) GreenTeam Internet
g) Fortinet Secure DNS
h) Alternate DNS
i) Neustar DNS Advantage

2) Privacy-Oriented DNS Servers

a) DNS.Watch
b) OpenNIC
c) Verisign Public DNS
d) FreeDNS

3) DNS Servers which support DNSSEC

See and choose from the list below

List of Public DNS Servers [wiki.ipfire.org]

4) DNS Resolvers which support DNSCrypt and DNSSEC i.e. encrypts and validates your DNS queries

Use Simple DNSCrypt then choose from the resolvers (with DNSCrypt and DNSSEC support) below. Choose with no-log as well.

dnscrypt-proxy/dnscrypt-resolvers.csv at master · jedisct1/dnscrypt-proxy · GitHub

5) DNS Servers which protect your Anonymity i.e. do NOT keep log of dns queries

a) OpenNIC – some supports DNSSEC and/or DNSCrypt
b) DNS.Watch – supports DNSSEC
c) Xiala.net DNS - supports DNSSEC
d) FreeDNS
e) UncensoredDNS(aka Censurfridns.dk)
f) DNSCrypt.is - supports both DNSCrypt & DNSSEC


Additionally to the above (for security, privacy and anonymity) you can

a) Use the dedicated DNS servers that come with your VPN service provider provided they do not redirect your DNS queries to say Google Public DNS, OpenDNS etc
b) Use the Secure DNS server that comes with your AV vendor like Avast paid products, Heimdal Pro etc. Can't expect privacy here for your AV vendor will collect your privacy data
c) Set up your own DNS Server

Note :-

OpenDNS supports DNSCrypt whilst Google Public DNS supports DNSSEC but both collect your personal data
 
Last edited:

Slyguy

Level 32
Joined
Jan 27, 2017
Messages
2,177
OS
Other OS
#71
Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36
 

HarborFront

Level 39
Content Creator
Joined
Oct 9, 2016
Messages
2,895
#72
Two I like to use;

Fortinet Secure DNS (malware/phishing/malvertising/botnet blocking)
208.91.112.53
208.91.112.52

You can add Fortinet DNS to your list of secure, malware blocking dns. Anyone can use it, you don't need a Fortigate appliance to use it.

DynDNS is another one I like sometimes, depending - especially when raw speed is crucial.
resolver1.dyndnsinternetguide.com – 216.146.35.35
resolver2.dyndnsinternetguide.com – 216.146.36.36
Thanks. Added Fortinet Secure DNS to the list
 
Joined
Apr 1, 2017
Messages
1,464
OS
Windows 10
Antivirus
ESET
#76
The Forti DNS should be a great partner for Yandex browser because that Yandex has Sophos sig engine+sophos behavior URL monitoring + Yandex home Engine+maybe kasper sky Engine(some one said)
 
Likes: show-Zi

Slyguy

Level 32
Joined
Jan 27, 2017
Messages
2,177
OS
Other OS
#77
thnx for this! really a great catch lol I didn't know..
Will it provide the same level of web filtering as forti client?
Fortiguard DNS uses the same filter lists as the Fortigate appliance for malvertising/malware/botnet/ransomware hosts. Also the same filtration list as Forticlient itself. So if you use this as a layered approach it should be exceptional.

A little known secret. But one I know very well because one of our MSP clients MUST have access to malicious websites for their research. So when I turn off malicious website filtering, the FortiGuard DNS kept blocking it and he opened more tickets to whine so I had to shift him to a non-filtering DNS. I have additional Fortiguard DNS IP addresses to share, run some pings and see what suits.

Fortinet doesn't monitor their DNS servers to determine if they are in use on a FortiGate appliance or not. :)

208.91.112.220
80.85.69.54:53
 

HarborFront

Level 39
Content Creator
Joined
Oct 9, 2016
Messages
2,895
#80
For me I'm using DNS servers which support no-logging, DNSCrypt and DNSSEC

Free OpenNIC DNS server (privately hosted) which support both DNSCrypt and DNSSEC

a) IP4 address : 104.238.186.189

DNSCrypt - OpenNIC Public Servers
DNSSEC - List of Public DNS Servers [wiki.ipfire.org]

and

b) IP4 address : 93.95.228.87

DNSCrypt & DNSSEC - DNSCrypt.is

Both do NOT log dns queries.

I've used Simple DNSCrypt to achieve the above but it has some quirks. Troublesome, don't disable itself upon restart and those DNS resolvers I wanted are not performing as expected. For web filtering I'm using uBlock Origin.