https://wiki.archlinux.org/api.php?action=feedcontributions&user=UBF6&feedformat=atomArchWiki - User contributions [en]2024-03-29T14:15:34ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Razer_peripherals&diff=570319Razer peripherals2019-04-01T09:38:38Z<p>UBF6: /* Blackwidow macro scripts */ Ornata works as well</p>
<hr />
<div>[[Category:Mice]]<br />
[[Category:Keyboards]]<br />
[[ja:Razer]]<br />
{{Style|Various style issues, structure lacking}}<br />
<br />
{{Note|This page refers to Razer's mice and keyboards. If you were looking for the laptop, see [[Razer Blade]].}}<br />
<br />
There are currently no official drivers for any Razer peripherals in Linux. However, Michael Buesch has created a tool called [http://bues.ch/cms/hacking/razercfg.html razercfg] to configure Razer mice under Linux. There also exist scripts to enable macro keys of Razer keyboards.<br />
<br />
Another package, {{AUR|openrazer-meta}} can be used to enable Razer support along with {{AUR|polychromatic}} or {{AUR|razergenie}} for GUI configuration. Supported devices are [https://openrazer.github.io/#devices listed here]<br />
<br />
== razercfg ==<br />
<br />
=== Compatibility ===<br />
<br />
''razercfg'' lists the following mice models as stable:<br />
<br />
* Razer DeathAdder Classic<br />
* Razer DeathAdder 3500 DPI<br />
* Razer DeathAdder Black Edition<br />
* Razer DeathAdder 2013<br />
* Razer DeathAdder Chroma<br />
* Razer Krait<br />
* Razer Naga Classic<br />
* Razer Naga 2012<br />
* Razer Naga 2014<br />
* Razer Naga Hex<br />
* Razer Taipan<br />
<br />
And the following as stable but missing minor features:<br />
<br />
* Razer Lachesis<br />
* Razer Copperhead<br />
* Razer Boomslang CE<br />
<br />
=== Installation ===<br />
<br />
Download and install {{Pkg|razercfg}} or {{AUR|razercfg-git}} for bleeding edge git releases from the [[AUR]]. <br />
<br />
You also need to edit your {{ic|/etc/X11/xorg.conf}} file to disable the current mouse settings by commenting them out as in the following example, where also some defaults are set as suggested by the author:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "InputDevice"<br />
Identifier "Mouse"<br />
Driver "mouse"<br />
Option "Device" "/dev/input/mice"<br />
EndSection}}<br />
<br />
It is important to only have {{ic|Mouse}} and not {{ic|Mouse#}} listed in {{ic|xorg.conf}}.<br />
<br />
{{Accuracy|Why reboot?}}<br />
<br />
Restart the computer, then enter:<br />
<br />
# udevadm control --reload-rules<br />
<br />
Then [[start]] the {{ic|razerd}} daemon and possibly enable it.<br />
<br />
=== Using the Razer Configuration Tool ===<br />
<br />
{{Accuracy|Button configuration reported to not work|Talk:Razer#Button configuration in razercfg or qrazercfg}}<br />
<br />
There are two commands you can use, one for the command line tool ''razercfg'' or the Qt-based GUI tool ''qrazercfg''.<br />
<br />
From the tool you can use the 5 profiles, change the DPI, change mouse frequency, enable and disable the scroll and logo lights and configure the buttons.<br />
<br />
If the colors reset on reboot edit the config file directly and test with another reboot:<br />
<br />
{{hc|/etc/razer.conf|<br />
# Configure LEDs<br />
led<nowiki>=</nowiki>1:GlowingLogo:on<br />
led<nowiki>=</nowiki>1:Scrollwheel:on<br />
mode<nowiki>=</nowiki>1:Scrollwheel:static<br />
color<nowiki>=</nowiki>1:Scrollwheel:0000FF<br />
mode<nowiki>=</nowiki>1:GlowingLogo:static<br />
color<nowiki>=</nowiki>1:GlowingLogo:FFFFFF<br />
}}<br />
<br />
"static" can probably be changed to spectrum or breathing, and mode/color lines can be removed if led is set to "off".<br />
<br />
== OpenRazer ==<br />
<br />
=== Compatibility ===<br />
<br />
==== Keyboards ====<br />
* Razer BlackWidow Ultimate 2012<br />
* Razer BlackWidow Classic (Alternate)<br />
* Razer Anansi<br />
* Razer BlackWidow Ultimate 2013<br />
* Razer BlackWidow Classic<br />
* Razer DeathStalker Expert<br />
* Razer BlackWidow Chroma<br />
* Razer DeathStalker Chroma<br />
* Razer Blade Stealth<br />
* Razer Orbweaver Chroma<br />
* Razer BlackWidow Tournament Edition Chroma<br />
* Razer Blade QHD<br />
* Razer Blade Pro (Late 2016)<br />
* Razer BlackWidow Chroma (Overwatch)<br />
* Razer BlackWidow Ultimate 2016<br />
* Razer BlackWidow X Chroma<br />
* Razer BlackWidow X Ultimate<br />
* Razer BlackWidow X Tournament Edition Chroma<br />
* Razer Ornata Chroma<br />
* Razer Ornata<br />
* Razer Blade Stealth (Late 2016)<br />
* Razer BlackWidow Chroma V2<br />
* Razer Blade (Late 2016)<br />
* Razer Blade Stealth (Mid 2017)<br />
<br />
==== Mice ====<br />
* Razer Orochi 2011 <br />
* Razer Mamba 2012 (Wired) <br />
* Razer Mamba 2012 (Wireless) <br />
* Razer Imperator 2012 <br />
* Razer Ouroboros 2012 <br />
* Razer Taipan <br />
* Razer Naga Hex (Red) <br />
* Razer Orochi 2013 <br />
* Razer Naga 2014 <br />
* Razer Naga Hex <br />
* Razer Abyssus 2014 <br />
* Razer DeathAdder Chroma <br />
* Razer Mamba (Wired) <br />
* Razer Mamba (Wireless) <br />
* Razer Mamba Tournament Edition<br />
* Razer Orochi (Wired) <br />
* Razer Diamondback Chroma <br />
* Razer Naga Hex V2 <br />
* Razer Naga Chroma <br />
* Razer Abyssus V2 <br />
* Razer DeathAdder Elite <br />
<br />
==== Mousemats ====<br />
* Razer Firefly<br />
<br />
==== Headsets ====<br />
* Razer Kraken 7.1 Classic<br />
* Razer Kraken 7.1 Chroma<br />
* Razer Kraken 7.1 V2<br />
<br />
==== Other devices ====<br />
* Razer Nostromo<br />
* Razer Orbweaver<br />
* Razer Tartarus<br />
* Razer Tartarus Chroma<br />
* Razer Core<br />
* Razer Chroma Mug Holder<br />
<br />
=== Installation ===<br />
<br />
[[Install]] the {{AUR|openrazer-meta}} package. Don't forget to add your current user to the group {{ic|plugdev}} with the command {{ic|sudo gpasswd -a $USER plugdev}} and logging out and back in.<br />
<br />
=== How to use ===<br />
<br />
The recommended way is to use a graphical front-end for interfacing with the drivers.<br />
<br />
* {{AUR|polychromatic}}: A WebKit-based front-end featuring profiles<br />
* {{AUR|razergenie}}: A Qt-based front-end<br />
* {{AUR|razercommander}}: A GTK-based front-end<br />
<br />
=== Troubleshooting ===<br />
<br />
Visit the [https://github.com/openrazer/openrazer/wiki/Troubleshooting Troubleshooting page] in the OpenRazer wiki.<br />
<br />
== Razer keyboards ==<br />
There are currently two Python scripts available to enable the extra M1 - M5 macro keys, that certain Razers have, under Linux:<br />
Note that this does not allow to assign any content to Macro keys, it merely will enable the sending of keycodes. For Razers without M1 -M5 extra keys there is no point using this tool.<br />
=== Blackwidow Control ===<br />
====Features====<br />
* confirmed to work with regular BlackWidow, BlackWidow 2013 and BlackWidow Ultimate Stealth 2014<br />
* should also work with BlackWidow Ultimate, BlackWidow Ultimate 2013 and BlackWidow 2014<br />
* does not work with BlackWidow (Ultimate) 2016 yet<br />
* uses Python 3<br />
* allows to control the status of the LED<br />
* contains a file with udev rule so macro keys will be enabled automatically when the keyboard is plugged in<br />
<br />
==== How to Use ====<br />
Install it from AUR {{AUR|blackwidowcontrol}}<br />
After install run as root<br />
$ blackwidowcontrol -i<br />
Then use the shortcut utility of your Desktop Enviroment to map the keys, i.e. to actually use the macro keys for something useful. For example, the "KDE global shortcuts" GUI (find it in system settings) can assign macros to a key on any keyboard, not just Razers.<br />
<br />
=== Blackwidow macro scripts ===<br />
==== Features ====<br />
* Works with BlackWidow Ultimate and Stealth 2013 (unknown whether it works with other versions or keyboard models)<br />
* adding the "021e" ID for Ornata Chroma makes the Game-mode feature (white "G" LED) work on Ornata Chroma as well.<br />
* Uses Python 2<br />
* Bundles scripts to create and execute macros<br />
<br />
== Troubleshooting ==<br />
<br />
=== Mouse randomly stops working ===<br />
<br />
{{Note|This is tested on [[ASUS N550JV]] using mouse '''Razer Orochi 2013'''. Laptop probably has faulty charging port and therefore it sometimes directly affects connected mouse USB port and causes similar issues.}}<br />
<br />
If your razer mouse stops working after some time, however, led flashes or lights up, but reboot and re-plugging does not help, try the following commands.<br />
<br />
Unload {{ic|ehci_pci}} and {{ic|ehci_hcd}} modules:<br />
<br />
# rmmod ehci_pci<br />
# rmmod ehci_hcd<br />
<br />
Disconnect the mouse, wait a few seconds and run the following commands to load modules back:<br />
<br />
# modprobe ehci_hcd<br />
# modprobe ehci_pci<br />
<br />
Connect the mouse and it should be working.</div>UBF6https://wiki.archlinux.org/index.php?title=Razer_peripherals&diff=570318Razer peripherals2019-04-01T09:28:17Z<p>UBF6: /* Razer keyboards */</p>
<hr />
<div>[[Category:Mice]]<br />
[[Category:Keyboards]]<br />
[[ja:Razer]]<br />
{{Style|Various style issues, structure lacking}}<br />
<br />
{{Note|This page refers to Razer's mice and keyboards. If you were looking for the laptop, see [[Razer Blade]].}}<br />
<br />
There are currently no official drivers for any Razer peripherals in Linux. However, Michael Buesch has created a tool called [http://bues.ch/cms/hacking/razercfg.html razercfg] to configure Razer mice under Linux. There also exist scripts to enable macro keys of Razer keyboards.<br />
<br />
Another package, {{AUR|openrazer-meta}} can be used to enable Razer support along with {{AUR|polychromatic}} or {{AUR|razergenie}} for GUI configuration. Supported devices are [https://openrazer.github.io/#devices listed here]<br />
<br />
== razercfg ==<br />
<br />
=== Compatibility ===<br />
<br />
''razercfg'' lists the following mice models as stable:<br />
<br />
* Razer DeathAdder Classic<br />
* Razer DeathAdder 3500 DPI<br />
* Razer DeathAdder Black Edition<br />
* Razer DeathAdder 2013<br />
* Razer DeathAdder Chroma<br />
* Razer Krait<br />
* Razer Naga Classic<br />
* Razer Naga 2012<br />
* Razer Naga 2014<br />
* Razer Naga Hex<br />
* Razer Taipan<br />
<br />
And the following as stable but missing minor features:<br />
<br />
* Razer Lachesis<br />
* Razer Copperhead<br />
* Razer Boomslang CE<br />
<br />
=== Installation ===<br />
<br />
Download and install {{Pkg|razercfg}} or {{AUR|razercfg-git}} for bleeding edge git releases from the [[AUR]]. <br />
<br />
You also need to edit your {{ic|/etc/X11/xorg.conf}} file to disable the current mouse settings by commenting them out as in the following example, where also some defaults are set as suggested by the author:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "InputDevice"<br />
Identifier "Mouse"<br />
Driver "mouse"<br />
Option "Device" "/dev/input/mice"<br />
EndSection}}<br />
<br />
It is important to only have {{ic|Mouse}} and not {{ic|Mouse#}} listed in {{ic|xorg.conf}}.<br />
<br />
{{Accuracy|Why reboot?}}<br />
<br />
Restart the computer, then enter:<br />
<br />
# udevadm control --reload-rules<br />
<br />
Then [[start]] the {{ic|razerd}} daemon and possibly enable it.<br />
<br />
=== Using the Razer Configuration Tool ===<br />
<br />
{{Accuracy|Button configuration reported to not work|Talk:Razer#Button configuration in razercfg or qrazercfg}}<br />
<br />
There are two commands you can use, one for the command line tool ''razercfg'' or the Qt-based GUI tool ''qrazercfg''.<br />
<br />
From the tool you can use the 5 profiles, change the DPI, change mouse frequency, enable and disable the scroll and logo lights and configure the buttons.<br />
<br />
If the colors reset on reboot edit the config file directly and test with another reboot:<br />
<br />
{{hc|/etc/razer.conf|<br />
# Configure LEDs<br />
led<nowiki>=</nowiki>1:GlowingLogo:on<br />
led<nowiki>=</nowiki>1:Scrollwheel:on<br />
mode<nowiki>=</nowiki>1:Scrollwheel:static<br />
color<nowiki>=</nowiki>1:Scrollwheel:0000FF<br />
mode<nowiki>=</nowiki>1:GlowingLogo:static<br />
color<nowiki>=</nowiki>1:GlowingLogo:FFFFFF<br />
}}<br />
<br />
"static" can probably be changed to spectrum or breathing, and mode/color lines can be removed if led is set to "off".<br />
<br />
== OpenRazer ==<br />
<br />
=== Compatibility ===<br />
<br />
==== Keyboards ====<br />
* Razer BlackWidow Ultimate 2012<br />
* Razer BlackWidow Classic (Alternate)<br />
* Razer Anansi<br />
* Razer BlackWidow Ultimate 2013<br />
* Razer BlackWidow Classic<br />
* Razer DeathStalker Expert<br />
* Razer BlackWidow Chroma<br />
* Razer DeathStalker Chroma<br />
* Razer Blade Stealth<br />
* Razer Orbweaver Chroma<br />
* Razer BlackWidow Tournament Edition Chroma<br />
* Razer Blade QHD<br />
* Razer Blade Pro (Late 2016)<br />
* Razer BlackWidow Chroma (Overwatch)<br />
* Razer BlackWidow Ultimate 2016<br />
* Razer BlackWidow X Chroma<br />
* Razer BlackWidow X Ultimate<br />
* Razer BlackWidow X Tournament Edition Chroma<br />
* Razer Ornata Chroma<br />
* Razer Ornata<br />
* Razer Blade Stealth (Late 2016)<br />
* Razer BlackWidow Chroma V2<br />
* Razer Blade (Late 2016)<br />
* Razer Blade Stealth (Mid 2017)<br />
<br />
==== Mice ====<br />
* Razer Orochi 2011 <br />
* Razer Mamba 2012 (Wired) <br />
* Razer Mamba 2012 (Wireless) <br />
* Razer Imperator 2012 <br />
* Razer Ouroboros 2012 <br />
* Razer Taipan <br />
* Razer Naga Hex (Red) <br />
* Razer Orochi 2013 <br />
* Razer Naga 2014 <br />
* Razer Naga Hex <br />
* Razer Abyssus 2014 <br />
* Razer DeathAdder Chroma <br />
* Razer Mamba (Wired) <br />
* Razer Mamba (Wireless) <br />
* Razer Mamba Tournament Edition<br />
* Razer Orochi (Wired) <br />
* Razer Diamondback Chroma <br />
* Razer Naga Hex V2 <br />
* Razer Naga Chroma <br />
* Razer Abyssus V2 <br />
* Razer DeathAdder Elite <br />
<br />
==== Mousemats ====<br />
* Razer Firefly<br />
<br />
==== Headsets ====<br />
* Razer Kraken 7.1 Classic<br />
* Razer Kraken 7.1 Chroma<br />
* Razer Kraken 7.1 V2<br />
<br />
==== Other devices ====<br />
* Razer Nostromo<br />
* Razer Orbweaver<br />
* Razer Tartarus<br />
* Razer Tartarus Chroma<br />
* Razer Core<br />
* Razer Chroma Mug Holder<br />
<br />
=== Installation ===<br />
<br />
[[Install]] the {{AUR|openrazer-meta}} package. Don't forget to add your current user to the group {{ic|plugdev}} with the command {{ic|sudo gpasswd -a $USER plugdev}} and logging out and back in.<br />
<br />
=== How to use ===<br />
<br />
The recommended way is to use a graphical front-end for interfacing with the drivers.<br />
<br />
* {{AUR|polychromatic}}: A WebKit-based front-end featuring profiles<br />
* {{AUR|razergenie}}: A Qt-based front-end<br />
* {{AUR|razercommander}}: A GTK-based front-end<br />
<br />
=== Troubleshooting ===<br />
<br />
Visit the [https://github.com/openrazer/openrazer/wiki/Troubleshooting Troubleshooting page] in the OpenRazer wiki.<br />
<br />
== Razer keyboards ==<br />
There are currently two Python scripts available to enable the extra M1 - M5 macro keys, that certain Razers have, under Linux:<br />
Note that this does not allow to assign any content to Macro keys, it merely will enable the sending of keycodes. For Razers without M1 -M5 extra keys there is no point using this tool.<br />
=== Blackwidow Control ===<br />
====Features====<br />
* confirmed to work with regular BlackWidow, BlackWidow 2013 and BlackWidow Ultimate Stealth 2014<br />
* should also work with BlackWidow Ultimate, BlackWidow Ultimate 2013 and BlackWidow 2014<br />
* does not work with BlackWidow (Ultimate) 2016 yet<br />
* uses Python 3<br />
* allows to control the status of the LED<br />
* contains a file with udev rule so macro keys will be enabled automatically when the keyboard is plugged in<br />
<br />
==== How to Use ====<br />
Install it from AUR {{AUR|blackwidowcontrol}}<br />
After install run as root<br />
$ blackwidowcontrol -i<br />
Then use the shortcut utility of your Desktop Enviroment to map the keys, i.e. to actually use the macro keys for something useful. For example, the "KDE global shortcuts" GUI (find it in system settings) can assign macros to a key on any keyboard, not just Razers.<br />
<br />
=== Blackwidow macro scripts ===<br />
==== Features ====<br />
* Works with BlackWidow Ultimate and Stealth 2013 (unknown whether it works with other versions)<br />
* Uses Python 2<br />
* Bundles scripts to create and execute macros<br />
<br />
== Troubleshooting ==<br />
<br />
=== Mouse randomly stops working ===<br />
<br />
{{Note|This is tested on [[ASUS N550JV]] using mouse '''Razer Orochi 2013'''. Laptop probably has faulty charging port and therefore it sometimes directly affects connected mouse USB port and causes similar issues.}}<br />
<br />
If your razer mouse stops working after some time, however, led flashes or lights up, but reboot and re-plugging does not help, try the following commands.<br />
<br />
Unload {{ic|ehci_pci}} and {{ic|ehci_hcd}} modules:<br />
<br />
# rmmod ehci_pci<br />
# rmmod ehci_hcd<br />
<br />
Disconnect the mouse, wait a few seconds and run the following commands to load modules back:<br />
<br />
# modprobe ehci_hcd<br />
# modprobe ehci_pci<br />
<br />
Connect the mouse and it should be working.</div>UBF6https://wiki.archlinux.org/index.php?title=Razer_peripherals&diff=570317Razer peripherals2019-04-01T09:24:35Z<p>UBF6: /* How to Use */</p>
<hr />
<div>[[Category:Mice]]<br />
[[Category:Keyboards]]<br />
[[ja:Razer]]<br />
{{Style|Various style issues, structure lacking}}<br />
<br />
{{Note|This page refers to Razer's mice and keyboards. If you were looking for the laptop, see [[Razer Blade]].}}<br />
<br />
There are currently no official drivers for any Razer peripherals in Linux. However, Michael Buesch has created a tool called [http://bues.ch/cms/hacking/razercfg.html razercfg] to configure Razer mice under Linux. There also exist scripts to enable macro keys of Razer keyboards.<br />
<br />
Another package, {{AUR|openrazer-meta}} can be used to enable Razer support along with {{AUR|polychromatic}} or {{AUR|razergenie}} for GUI configuration. Supported devices are [https://openrazer.github.io/#devices listed here]<br />
<br />
== razercfg ==<br />
<br />
=== Compatibility ===<br />
<br />
''razercfg'' lists the following mice models as stable:<br />
<br />
* Razer DeathAdder Classic<br />
* Razer DeathAdder 3500 DPI<br />
* Razer DeathAdder Black Edition<br />
* Razer DeathAdder 2013<br />
* Razer DeathAdder Chroma<br />
* Razer Krait<br />
* Razer Naga Classic<br />
* Razer Naga 2012<br />
* Razer Naga 2014<br />
* Razer Naga Hex<br />
* Razer Taipan<br />
<br />
And the following as stable but missing minor features:<br />
<br />
* Razer Lachesis<br />
* Razer Copperhead<br />
* Razer Boomslang CE<br />
<br />
=== Installation ===<br />
<br />
Download and install {{Pkg|razercfg}} or {{AUR|razercfg-git}} for bleeding edge git releases from the [[AUR]]. <br />
<br />
You also need to edit your {{ic|/etc/X11/xorg.conf}} file to disable the current mouse settings by commenting them out as in the following example, where also some defaults are set as suggested by the author:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "InputDevice"<br />
Identifier "Mouse"<br />
Driver "mouse"<br />
Option "Device" "/dev/input/mice"<br />
EndSection}}<br />
<br />
It is important to only have {{ic|Mouse}} and not {{ic|Mouse#}} listed in {{ic|xorg.conf}}.<br />
<br />
{{Accuracy|Why reboot?}}<br />
<br />
Restart the computer, then enter:<br />
<br />
# udevadm control --reload-rules<br />
<br />
Then [[start]] the {{ic|razerd}} daemon and possibly enable it.<br />
<br />
=== Using the Razer Configuration Tool ===<br />
<br />
{{Accuracy|Button configuration reported to not work|Talk:Razer#Button configuration in razercfg or qrazercfg}}<br />
<br />
There are two commands you can use, one for the command line tool ''razercfg'' or the Qt-based GUI tool ''qrazercfg''.<br />
<br />
From the tool you can use the 5 profiles, change the DPI, change mouse frequency, enable and disable the scroll and logo lights and configure the buttons.<br />
<br />
If the colors reset on reboot edit the config file directly and test with another reboot:<br />
<br />
{{hc|/etc/razer.conf|<br />
# Configure LEDs<br />
led<nowiki>=</nowiki>1:GlowingLogo:on<br />
led<nowiki>=</nowiki>1:Scrollwheel:on<br />
mode<nowiki>=</nowiki>1:Scrollwheel:static<br />
color<nowiki>=</nowiki>1:Scrollwheel:0000FF<br />
mode<nowiki>=</nowiki>1:GlowingLogo:static<br />
color<nowiki>=</nowiki>1:GlowingLogo:FFFFFF<br />
}}<br />
<br />
"static" can probably be changed to spectrum or breathing, and mode/color lines can be removed if led is set to "off".<br />
<br />
== OpenRazer ==<br />
<br />
=== Compatibility ===<br />
<br />
==== Keyboards ====<br />
* Razer BlackWidow Ultimate 2012<br />
* Razer BlackWidow Classic (Alternate)<br />
* Razer Anansi<br />
* Razer BlackWidow Ultimate 2013<br />
* Razer BlackWidow Classic<br />
* Razer DeathStalker Expert<br />
* Razer BlackWidow Chroma<br />
* Razer DeathStalker Chroma<br />
* Razer Blade Stealth<br />
* Razer Orbweaver Chroma<br />
* Razer BlackWidow Tournament Edition Chroma<br />
* Razer Blade QHD<br />
* Razer Blade Pro (Late 2016)<br />
* Razer BlackWidow Chroma (Overwatch)<br />
* Razer BlackWidow Ultimate 2016<br />
* Razer BlackWidow X Chroma<br />
* Razer BlackWidow X Ultimate<br />
* Razer BlackWidow X Tournament Edition Chroma<br />
* Razer Ornata Chroma<br />
* Razer Ornata<br />
* Razer Blade Stealth (Late 2016)<br />
* Razer BlackWidow Chroma V2<br />
* Razer Blade (Late 2016)<br />
* Razer Blade Stealth (Mid 2017)<br />
<br />
==== Mice ====<br />
* Razer Orochi 2011 <br />
* Razer Mamba 2012 (Wired) <br />
* Razer Mamba 2012 (Wireless) <br />
* Razer Imperator 2012 <br />
* Razer Ouroboros 2012 <br />
* Razer Taipan <br />
* Razer Naga Hex (Red) <br />
* Razer Orochi 2013 <br />
* Razer Naga 2014 <br />
* Razer Naga Hex <br />
* Razer Abyssus 2014 <br />
* Razer DeathAdder Chroma <br />
* Razer Mamba (Wired) <br />
* Razer Mamba (Wireless) <br />
* Razer Mamba Tournament Edition<br />
* Razer Orochi (Wired) <br />
* Razer Diamondback Chroma <br />
* Razer Naga Hex V2 <br />
* Razer Naga Chroma <br />
* Razer Abyssus V2 <br />
* Razer DeathAdder Elite <br />
<br />
==== Mousemats ====<br />
* Razer Firefly<br />
<br />
==== Headsets ====<br />
* Razer Kraken 7.1 Classic<br />
* Razer Kraken 7.1 Chroma<br />
* Razer Kraken 7.1 V2<br />
<br />
==== Other devices ====<br />
* Razer Nostromo<br />
* Razer Orbweaver<br />
* Razer Tartarus<br />
* Razer Tartarus Chroma<br />
* Razer Core<br />
* Razer Chroma Mug Holder<br />
<br />
=== Installation ===<br />
<br />
[[Install]] the {{AUR|openrazer-meta}} package. Don't forget to add your current user to the group {{ic|plugdev}} with the command {{ic|sudo gpasswd -a $USER plugdev}} and logging out and back in.<br />
<br />
=== How to use ===<br />
<br />
The recommended way is to use a graphical front-end for interfacing with the drivers.<br />
<br />
* {{AUR|polychromatic}}: A WebKit-based front-end featuring profiles<br />
* {{AUR|razergenie}}: A Qt-based front-end<br />
* {{AUR|razercommander}}: A GTK-based front-end<br />
<br />
=== Troubleshooting ===<br />
<br />
Visit the [https://github.com/openrazer/openrazer/wiki/Troubleshooting Troubleshooting page] in the OpenRazer wiki.<br />
<br />
== Razer keyboards ==<br />
There are currently two Python scripts available to enable the extra M1 - M5 macro keys, that certain Razers have, under Linux:<br />
Note that this does not allow to assign any content to Macro keys, it merely will enable the sending of keycodes.<br />
=== Blackwidow Control ===<br />
====Features====<br />
* confirmed to work with regular BlackWidow, BlackWidow 2013 and BlackWidow Ultimate Stealth 2014<br />
* should also work with BlackWidow Ultimate, BlackWidow Ultimate 2013 and BlackWidow 2014<br />
* does not work with BlackWidow (Ultimate) 2016 yet<br />
* uses Python 3<br />
* allows to control the status of the LED<br />
* contains a file with udev rule so macro keys will be enabled automatically when the keyboard is plugged in<br />
<br />
==== How to Use ====<br />
Install it from AUR {{AUR|blackwidowcontrol}}<br />
After install run as root<br />
$ blackwidowcontrol -i<br />
Then use the shortcut utility of your Desktop Enviroment to map the keys, i.e. to actually use the macro keys for something useful. For example, the "KDE global shortcuts" GUI (find it in system settings) can assign macros to a key on any keyboard, not just Razers.<br />
<br />
=== Blackwidow macro scripts ===<br />
==== Features ====<br />
* Works with BlackWidow Ultimate and Stealth 2013 (unknown whether it works with other versions)<br />
* Uses Python 2<br />
* Bundles scripts to create and execute macros<br />
<br />
== Troubleshooting ==<br />
<br />
=== Mouse randomly stops working ===<br />
<br />
{{Note|This is tested on [[ASUS N550JV]] using mouse '''Razer Orochi 2013'''. Laptop probably has faulty charging port and therefore it sometimes directly affects connected mouse USB port and causes similar issues.}}<br />
<br />
If your razer mouse stops working after some time, however, led flashes or lights up, but reboot and re-plugging does not help, try the following commands.<br />
<br />
Unload {{ic|ehci_pci}} and {{ic|ehci_hcd}} modules:<br />
<br />
# rmmod ehci_pci<br />
# rmmod ehci_hcd<br />
<br />
Disconnect the mouse, wait a few seconds and run the following commands to load modules back:<br />
<br />
# modprobe ehci_hcd<br />
# modprobe ehci_pci<br />
<br />
Connect the mouse and it should be working.</div>UBF6https://wiki.archlinux.org/index.php?title=Razer_peripherals&diff=570316Razer peripherals2019-04-01T09:21:58Z<p>UBF6: /* Razer keyboards */</p>
<hr />
<div>[[Category:Mice]]<br />
[[Category:Keyboards]]<br />
[[ja:Razer]]<br />
{{Style|Various style issues, structure lacking}}<br />
<br />
{{Note|This page refers to Razer's mice and keyboards. If you were looking for the laptop, see [[Razer Blade]].}}<br />
<br />
There are currently no official drivers for any Razer peripherals in Linux. However, Michael Buesch has created a tool called [http://bues.ch/cms/hacking/razercfg.html razercfg] to configure Razer mice under Linux. There also exist scripts to enable macro keys of Razer keyboards.<br />
<br />
Another package, {{AUR|openrazer-meta}} can be used to enable Razer support along with {{AUR|polychromatic}} or {{AUR|razergenie}} for GUI configuration. Supported devices are [https://openrazer.github.io/#devices listed here]<br />
<br />
== razercfg ==<br />
<br />
=== Compatibility ===<br />
<br />
''razercfg'' lists the following mice models as stable:<br />
<br />
* Razer DeathAdder Classic<br />
* Razer DeathAdder 3500 DPI<br />
* Razer DeathAdder Black Edition<br />
* Razer DeathAdder 2013<br />
* Razer DeathAdder Chroma<br />
* Razer Krait<br />
* Razer Naga Classic<br />
* Razer Naga 2012<br />
* Razer Naga 2014<br />
* Razer Naga Hex<br />
* Razer Taipan<br />
<br />
And the following as stable but missing minor features:<br />
<br />
* Razer Lachesis<br />
* Razer Copperhead<br />
* Razer Boomslang CE<br />
<br />
=== Installation ===<br />
<br />
Download and install {{Pkg|razercfg}} or {{AUR|razercfg-git}} for bleeding edge git releases from the [[AUR]]. <br />
<br />
You also need to edit your {{ic|/etc/X11/xorg.conf}} file to disable the current mouse settings by commenting them out as in the following example, where also some defaults are set as suggested by the author:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "InputDevice"<br />
Identifier "Mouse"<br />
Driver "mouse"<br />
Option "Device" "/dev/input/mice"<br />
EndSection}}<br />
<br />
It is important to only have {{ic|Mouse}} and not {{ic|Mouse#}} listed in {{ic|xorg.conf}}.<br />
<br />
{{Accuracy|Why reboot?}}<br />
<br />
Restart the computer, then enter:<br />
<br />
# udevadm control --reload-rules<br />
<br />
Then [[start]] the {{ic|razerd}} daemon and possibly enable it.<br />
<br />
=== Using the Razer Configuration Tool ===<br />
<br />
{{Accuracy|Button configuration reported to not work|Talk:Razer#Button configuration in razercfg or qrazercfg}}<br />
<br />
There are two commands you can use, one for the command line tool ''razercfg'' or the Qt-based GUI tool ''qrazercfg''.<br />
<br />
From the tool you can use the 5 profiles, change the DPI, change mouse frequency, enable and disable the scroll and logo lights and configure the buttons.<br />
<br />
If the colors reset on reboot edit the config file directly and test with another reboot:<br />
<br />
{{hc|/etc/razer.conf|<br />
# Configure LEDs<br />
led<nowiki>=</nowiki>1:GlowingLogo:on<br />
led<nowiki>=</nowiki>1:Scrollwheel:on<br />
mode<nowiki>=</nowiki>1:Scrollwheel:static<br />
color<nowiki>=</nowiki>1:Scrollwheel:0000FF<br />
mode<nowiki>=</nowiki>1:GlowingLogo:static<br />
color<nowiki>=</nowiki>1:GlowingLogo:FFFFFF<br />
}}<br />
<br />
"static" can probably be changed to spectrum or breathing, and mode/color lines can be removed if led is set to "off".<br />
<br />
== OpenRazer ==<br />
<br />
=== Compatibility ===<br />
<br />
==== Keyboards ====<br />
* Razer BlackWidow Ultimate 2012<br />
* Razer BlackWidow Classic (Alternate)<br />
* Razer Anansi<br />
* Razer BlackWidow Ultimate 2013<br />
* Razer BlackWidow Classic<br />
* Razer DeathStalker Expert<br />
* Razer BlackWidow Chroma<br />
* Razer DeathStalker Chroma<br />
* Razer Blade Stealth<br />
* Razer Orbweaver Chroma<br />
* Razer BlackWidow Tournament Edition Chroma<br />
* Razer Blade QHD<br />
* Razer Blade Pro (Late 2016)<br />
* Razer BlackWidow Chroma (Overwatch)<br />
* Razer BlackWidow Ultimate 2016<br />
* Razer BlackWidow X Chroma<br />
* Razer BlackWidow X Ultimate<br />
* Razer BlackWidow X Tournament Edition Chroma<br />
* Razer Ornata Chroma<br />
* Razer Ornata<br />
* Razer Blade Stealth (Late 2016)<br />
* Razer BlackWidow Chroma V2<br />
* Razer Blade (Late 2016)<br />
* Razer Blade Stealth (Mid 2017)<br />
<br />
==== Mice ====<br />
* Razer Orochi 2011 <br />
* Razer Mamba 2012 (Wired) <br />
* Razer Mamba 2012 (Wireless) <br />
* Razer Imperator 2012 <br />
* Razer Ouroboros 2012 <br />
* Razer Taipan <br />
* Razer Naga Hex (Red) <br />
* Razer Orochi 2013 <br />
* Razer Naga 2014 <br />
* Razer Naga Hex <br />
* Razer Abyssus 2014 <br />
* Razer DeathAdder Chroma <br />
* Razer Mamba (Wired) <br />
* Razer Mamba (Wireless) <br />
* Razer Mamba Tournament Edition<br />
* Razer Orochi (Wired) <br />
* Razer Diamondback Chroma <br />
* Razer Naga Hex V2 <br />
* Razer Naga Chroma <br />
* Razer Abyssus V2 <br />
* Razer DeathAdder Elite <br />
<br />
==== Mousemats ====<br />
* Razer Firefly<br />
<br />
==== Headsets ====<br />
* Razer Kraken 7.1 Classic<br />
* Razer Kraken 7.1 Chroma<br />
* Razer Kraken 7.1 V2<br />
<br />
==== Other devices ====<br />
* Razer Nostromo<br />
* Razer Orbweaver<br />
* Razer Tartarus<br />
* Razer Tartarus Chroma<br />
* Razer Core<br />
* Razer Chroma Mug Holder<br />
<br />
=== Installation ===<br />
<br />
[[Install]] the {{AUR|openrazer-meta}} package. Don't forget to add your current user to the group {{ic|plugdev}} with the command {{ic|sudo gpasswd -a $USER plugdev}} and logging out and back in.<br />
<br />
=== How to use ===<br />
<br />
The recommended way is to use a graphical front-end for interfacing with the drivers.<br />
<br />
* {{AUR|polychromatic}}: A WebKit-based front-end featuring profiles<br />
* {{AUR|razergenie}}: A Qt-based front-end<br />
* {{AUR|razercommander}}: A GTK-based front-end<br />
<br />
=== Troubleshooting ===<br />
<br />
Visit the [https://github.com/openrazer/openrazer/wiki/Troubleshooting Troubleshooting page] in the OpenRazer wiki.<br />
<br />
== Razer keyboards ==<br />
There are currently two Python scripts available to enable the extra M1 - M5 macro keys, that certain Razers have, under Linux:<br />
Note that this does not allow to assign any content to Macro keys, it merely will enable the sending of keycodes.<br />
=== Blackwidow Control ===<br />
====Features====<br />
* confirmed to work with regular BlackWidow, BlackWidow 2013 and BlackWidow Ultimate Stealth 2014<br />
* should also work with BlackWidow Ultimate, BlackWidow Ultimate 2013 and BlackWidow 2014<br />
* does not work with BlackWidow (Ultimate) 2016 yet<br />
* uses Python 3<br />
* allows to control the status of the LED<br />
* contains a file with udev rule so macro keys will be enabled automatically when the keyboard is plugged in<br />
<br />
==== How to Use ====<br />
Install it from AUR {{AUR|blackwidowcontrol}}<br />
After install run as root<br />
$ blackwidowcontrol -i<br />
Then use the shortcut utility of your Desktop Enviroment to map the keys<br />
<br />
=== Blackwidow macro scripts ===<br />
==== Features ====<br />
* Works with BlackWidow Ultimate and Stealth 2013 (unknown whether it works with other versions)<br />
* Uses Python 2<br />
* Bundles scripts to create and execute macros<br />
<br />
== Troubleshooting ==<br />
<br />
=== Mouse randomly stops working ===<br />
<br />
{{Note|This is tested on [[ASUS N550JV]] using mouse '''Razer Orochi 2013'''. Laptop probably has faulty charging port and therefore it sometimes directly affects connected mouse USB port and causes similar issues.}}<br />
<br />
If your razer mouse stops working after some time, however, led flashes or lights up, but reboot and re-plugging does not help, try the following commands.<br />
<br />
Unload {{ic|ehci_pci}} and {{ic|ehci_hcd}} modules:<br />
<br />
# rmmod ehci_pci<br />
# rmmod ehci_hcd<br />
<br />
Disconnect the mouse, wait a few seconds and run the following commands to load modules back:<br />
<br />
# modprobe ehci_hcd<br />
# modprobe ehci_pci<br />
<br />
Connect the mouse and it should be working.</div>UBF6https://wiki.archlinux.org/index.php?title=Talk:Alternative_DNS_services&diff=556230Talk:Alternative DNS services2018-11-20T17:53:13Z<p>UBF6: /* OpenNIC additions */ I'm done with this wiki. o-o</p>
<hr />
<div>== Future of the page ==<br />
Another alternative could be to refocus this page on Arch solutions and non-commercial DNS.<br />
-- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 18:42, 10 November 2018 (UTC)<br />
<br />
:What are "Arch solutions"? --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 18:48, 10 November 2018 (UTC)<br />
<br />
::This is an open question, we may present ways to select the most secure and fastest DNS for a given location using Arch tools for example. -- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:03, 10 November 2018 (UTC)<br />
<br />
:::Such information could be incorporated into [[Domain name resolution]]. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 19:07, 10 November 2018 (UTC)<br />
<br />
::::I also think so, then some information of the DNS Alternative page could be used in this new section in [[Domain name resolution]]. --[[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:11, 10 November 2018 (UTC)<br />
<br />
:::::wikipedia clearly is an '''unreliable''' source. The ArchWiki can do better than that! Keep the article! Once a real good ARCH package for OpenNIC is shipped with major distros, OpenNIC will become more important! [[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:03, 20 November 2018 (UTC)<br />
<br />
::::::The takeaway of this short talk is that it is rather a candidate for merging than for archiving. -- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 11:00, 20 November 2018 (UTC)<br />
<br />
:::::::I disagree because the only things I see worth merging are the opennic-up App template and the Wikipedia link in See also. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 16:35, 20 November 2018 (UTC)<br />
<br />
::::::The ArchWiki is not more reliable than Wikipedia. If anything it's the opposite because [[w:Verifiability|Wikipedia requires sources]], which we do not do at all. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 16:10, 20 November 2018 (UTC)<br />
<br />
== RINA - alt-root / multiple roots ? for real ? ==<br />
<br />
Why do they have no actual working sites on their alt-root ?<br />
<br />
“ICANN, with its self-proclaimed monopoly, says that there is only one root – Verisign – which operates under contract with the US Department of Commerce (DOC). Changing this root must be approved, first by ICANN, and then DOC. While in actuality, there are many roots created by other organisations, to allow access to sites which, for various reasons, have TLD (Top Level Domains) that do not exist in the ICANN root servers,” Pouzin told Silicon.fr.<br />
<br />
Is this for real ?<br />
--[[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:38, 20 November 2018 (UTC)<br />
<br />
:I neither know what RINA is nor what you are quoting but I doubt it has anything to do with Arch Linux. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 16:31, 20 November 2018 (UTC)<br />
<br />
== OpenNIC additions ==<br />
<br />
I [[Special:Diff/556224|rolled back]] your 33 revisions because this page is marked for archiving and your additions have nothing to do with Arch Linux.<br />
<br />
--[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 16:30, 20 November 2018 (UTC)<br />
<br />
::: I'm done with this wiki. over and out. [[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 17:53, 20 November 2018 (UTC)</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556170Alternative DNS services2018-11-20T14:27:44Z<p>UBF6: /* OpenNIC */ sl</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , thwart censorship , avoid injected advertising by ISP or intended automatic blocking of SPAM or virus-emitting IPs among others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at ''blockchain-dns.info'' .<br />
<br />
Short of doing that, a proxy offers access to all extra domains: http://proxy.opennicproject.org giving access to e.g. '''end.chan'''<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. '''.chan''' offers the largest number of DNS record-types to utilize via a [http://register.opennic.chan/registrar web]-GUI at ''register.opennic.chan/registrar'' , while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556169Alternative DNS services2018-11-20T14:25:48Z<p>UBF6: /* OpenNIC */ sl</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , thwart censorship , avoid injected advertising by ISP or intended automatic blocking of SPAM or virus-emitting IPs among others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Short of doing that, a proxy offers access to all extra domains: http://proxy.opennicproject.org giving access to e.g. '''end.chan'''<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. '''.chan''' offers the largest number of DNS record-types to utilize via a [http://register.opennic.chan/registrar web]-GUI at ''register.opennic.chan/registrar'' , while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556168Alternative DNS services2018-11-20T14:23:43Z<p>UBF6: /* OpenNIC */ proxy</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , thwart censorship , avoid injected advertising by ISP or intended automatic blocking of SPAM or virus-emitting IPs among others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Short of doing that, a proxy offers access to all extra domains: http://proxy.opennicproject.org giving access to e.g. '''end.chan'''<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. '''.chan''' offers the largest number of DNS record-types to utilize via a [http://register.opennic.chan/registrar web]-GUI at register.opennic.chan/registrar , while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556167Alternative DNS services2018-11-20T14:18:16Z<p>UBF6: /* OpenNIC */ http://register.opennic.chan/registrar</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , thwart censorship , avoid injected advertising by ISP or intended automatic blocking of SPAM or virus-emitting IPs among others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. '''.chan''' offers the largest number of DNS record-types to utilize via a [http://register.opennic.chan/registrar web]-GUI at register.opennic.chan/registrar , while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556166Alternative DNS services2018-11-20T14:15:41Z<p>UBF6: censor</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , thwart censorship , avoid injected advertising by ISP or intended automatic blocking of SPAM or virus-emitting IPs among others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556163Alternative DNS services2018-11-20T14:07:24Z<p>UBF6: typo</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reason for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , intended automatic blocking of SPAM or virus-emitting IPs and others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556161Alternative DNS services2018-11-20T14:06:27Z<p>UBF6: explain reasons and motivation</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
A reasons for using an internet service provider's DNS service is convenience for the ISP customer. Reasons for not doing it are: privacy concerns, need for speed, want of additional domains such as ''.libre'' , intended automatic blocking of SPAM or virus-emitting IPs and others.<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Talk:Alternative_DNS_services&diff=556122Talk:Alternative DNS services2018-11-20T09:39:19Z<p>UBF6: /* RINA - alt-root / multiple roots ? for real ? */ typo</p>
<hr />
<div>== Future of the page ==<br />
Another alternative could be to refocus this page on Arch solutions and non-commercial DNS.<br />
-- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 18:42, 10 November 2018 (UTC)<br />
<br />
:What are "Arch solutions"? --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 18:48, 10 November 2018 (UTC)<br />
<br />
::This is an open question, we may present ways to select the most secure and fastest DNS for a given location using Arch tools for example. -- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:03, 10 November 2018 (UTC)<br />
<br />
:::Such information could be incorporated into [[Domain name resolution]]. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 19:07, 10 November 2018 (UTC)<br />
<br />
::::I also think so, then some information of the DNS Alternative page could be used in this new section in [[Domain name resolution]]. --[[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:11, 10 November 2018 (UTC)<br />
<br />
::::::wikipedia clearly is an '''unreliable''' source. The ArchWiki can do better than that! Keep the article! Once a real good ARCH package for OpenNIC is shipped with major distros, OpenNIC will become more important! [[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:03, 20 November 2018 (UTC)<br />
<br />
== RINA - alt-root / multiple roots ? for real ? ==<br />
<br />
Why do they have no actual working sites on their alt-root ?<br />
<br />
“ICANN, with its self-proclaimed monopoly, says that there is only one root – Verisign – which operates under contract with the US Department of Commerce (DOC). Changing this root must be approved, first by ICANN, and then DOC. While in actuality, there are many roots created by other organisations, to allow access to sites which, for various reasons, have TLD (Top Level Domains) that do not exist in the ICANN root servers,” Pouzin told Silicon.fr.<br />
<br />
Is this for real ?<br />
--[[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:38, 20 November 2018 (UTC)</div>UBF6https://wiki.archlinux.org/index.php?title=Talk:Alternative_DNS_services&diff=556121Talk:Alternative DNS services2018-11-20T09:38:43Z<p>UBF6: /* RINA - alt-root / multiple roots ? for real ? */ new section</p>
<hr />
<div>== Future of the page ==<br />
Another alternative could be to refocus this page on Arch solutions and non-commercial DNS.<br />
-- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 18:42, 10 November 2018 (UTC)<br />
<br />
:What are "Arch solutions"? --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 18:48, 10 November 2018 (UTC)<br />
<br />
::This is an open question, we may present ways to select the most secure and fastest DNS for a given location using Arch tools for example. -- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:03, 10 November 2018 (UTC)<br />
<br />
:::Such information could be incorporated into [[Domain name resolution]]. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 19:07, 10 November 2018 (UTC)<br />
<br />
::::I also think so, then some information of the DNS Alternative page could be used in this new section in [[Domain name resolution]]. --[[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:11, 10 November 2018 (UTC)<br />
<br />
::::::wikipedia clearly is an '''unreliable''' source. The ArchWiki can do better than that! Keep the article! Once a real good ARCH package for OpenNIC is shipped with major distros, OpenNIC will become more important! [[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:03, 20 November 2018 (UTC)<br />
<br />
== RINA - alt-root / multiple roots ? for real ? ==<br />
<br />
"hy do they have no actual working sites on their alt-root ?<br />
<br />
“ICANN, with its self-proclaimed monopoly, says that there is only one root – Verisign – which operates under contract with the US Department of Commerce (DOC). Changing this root must be approved, first by ICANN, and then DOC. While in actuality, there are many roots created by other organisations, to allow access to sites which, for various reasons, have TLD (Top Level Domains) that do not exist in the ICANN root servers,” Pouzin told Silicon.fr.<br />
<br />
Is this for real ?<br />
--[[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:38, 20 November 2018 (UTC)</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556120Alternative DNS services2018-11-20T09:31:16Z<p>UBF6: /* See also */ rina</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] RINA based, enable multiple roots<br />
* [https://en.wikipedia.org/wiki/Recursive_InterNetwork_Architecture RINA]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556119Alternative DNS services2018-11-20T09:27:43Z<p>UBF6: /* See also */ " open root" is this serious ??</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]<br />
* [http://www.open-root.eu/about-us/ open root DNS] €1500 per TLD</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556112Alternative DNS services2018-11-20T09:11:03Z<p>UBF6: /* OpenNIC */ l</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart [[BIND]] and no longer suffer unresponsive OpenNIC servers during [[Domain name resolution]]. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556109Alternative DNS services2018-11-20T09:06:11Z<p>UBF6: /* See also */ new nations nameserver guestbook</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]<br />
* [https://www.new-nations.net/en/discussion/show/id/357 new nations nameserver guestbook]</div>UBF6https://wiki.archlinux.org/index.php?title=Talk:Alternative_DNS_services&diff=556108Talk:Alternative DNS services2018-11-20T09:03:23Z<p>UBF6: /* Future of the page */ strong KEEP !</p>
<hr />
<div>== Future of the page ==<br />
Another alternative could be to refocus this page on Arch solutions and non-commercial DNS.<br />
-- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 18:42, 10 November 2018 (UTC)<br />
<br />
:What are "Arch solutions"? --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 18:48, 10 November 2018 (UTC)<br />
<br />
::This is an open question, we may present ways to select the most secure and fastest DNS for a given location using Arch tools for example. -- [[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:03, 10 November 2018 (UTC)<br />
<br />
:::Such information could be incorporated into [[Domain name resolution]]. --[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 19:07, 10 November 2018 (UTC)<br />
<br />
::::I also think so, then some information of the DNS Alternative page could be used in this new section in [[Domain name resolution]]. --[[User:Kewl|Kewl]] ([[User talk:Kewl|talk]]) 19:11, 10 November 2018 (UTC)<br />
<br />
::::::wikipedia clearly is an '''unreliable''' source. The ArchWiki can do better than that! Keep the article! Once a real good ARCH package for OpenNIC is shipped with major distros, OpenNIC will become more important! [[User:UBF6|UBF6]] ([[User talk:UBF6|talk]]) 09:03, 20 November 2018 (UTC)</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556107Alternative DNS services2018-11-20T08:58:04Z<p>UBF6: /* OpenNIC */ re</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556106Alternative DNS services2018-11-20T08:55:20Z<p>UBF6: /* OpenNIC */ cl</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the domain-owner himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556104Alternative DNS services2018-11-20T08:52:36Z<p>UBF6: /* OpenNIC */ ty</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the user himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameservers, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556103Alternative DNS services2018-11-20T08:51:20Z<p>UBF6: /* OpenNIC */ records</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate .chan''' and more. .chan offers the largest number of DNS record-types to utilize via a web-GUI, while naturally all records are available when serving from e.g. a local [[BIND]] by the user himself.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameserves, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556100Alternative DNS services2018-11-20T08:40:49Z<p>UBF6: /* OpenNIC */ nn</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' , ''.ti'' , ''.ku'' and more.}}<br />
<br />
Affiliated with OpenNIC are some nameserves, such as the one by [https://www.new-nations.net/en/about/showpage new nations] with domains for Tibet, Kurdistan and others.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556099Alternative DNS services2018-11-20T08:37:43Z<p>UBF6: /* OpenNIC */ clarify</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution '''both''' in the traditional Top-Level Domain (TLD) registries '''as well as''' in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn'' and more.}}<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556097Alternative DNS services2018-11-20T08:35:13Z<p>UBF6: /* OpenNIC */ reorder</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556096Alternative DNS services2018-11-20T08:33:26Z<p>UBF6: /* OpenNIC */ style</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers do as [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556095Alternative DNS services2018-11-20T08:31:07Z<p>UBF6: /* OpenNIC */ l</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as '''''has-cost-me-nothing.libre''''' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556094Alternative DNS services2018-11-20T08:30:31Z<p>UBF6: /* OpenNIC */ https://blockchain-dns.info/</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do occasionally resort to blocking bona-fide attacking IPs which intentionally cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
All that is needed to reach OpenNIC domains and some more is the firefox-plugin [https://blockchain-dns.info/ b-dns] at blockchain-dns.info.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556092Alternative DNS services2018-11-20T08:26:44Z<p>UBF6: /* OpenNIC */ uncensored</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.<br />
<br />
Though uncensored, some servers do block bona-fide attacking IPs which just cause technical disruption of service.<br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556091Alternative DNS services2018-11-20T08:23:25Z<p>UBF6: /* OpenNIC */ https://wiki.opennic.org/opennic/tier2setup</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. <br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers [https://wiki.opennic.org/opennic/tier2setup described] in the OpenNIC wiki.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556089Alternative DNS services2018-11-20T08:21:34Z<p>UBF6: /* OpenNIC */ https://wiki.opennic.org/start</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. <br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred (see OpenNIC [https://wiki.opennic.org/start wiki] for details) , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556088Alternative DNS services2018-11-20T08:19:27Z<p>UBF6: /* OpenNIC */ [</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [[DynDNS]] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. <br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556087Alternative DNS services2018-11-20T08:18:35Z<p>UBF6: /* OpenNIC */ DynDNS</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers, a complementing [DynDNS] service and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. <br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556085Alternative DNS services2018-11-20T08:17:01Z<p>UBF6: /* OpenNIC */ http://reg.libre/</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. <br />
<br />
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: '''.dyn .geek .libre .pirate''' and more.<br />
<br />
The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropriate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556084Alternative DNS services2018-11-20T08:13:03Z<p>UBF6: /* OpenNIC */ http://reg.libre</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers and free domain-[http://reg.libre/ registrations] such as ''has-cost-me-nothing.libre'' located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropiate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556083Alternative DNS services2018-11-20T08:11:07Z<p>UBF6: /* OpenNIC */ free, essentially uncensored</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free, essentially uncensored nameservers and free domain-registrations such as ''has-cost-me-nothing.libre'' located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropiate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556082Alternative DNS services2018-11-20T08:07:05Z<p>UBF6: /* OpenNIC */ free</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free uncensored nameservers and free domain-registrations located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropiate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556081Alternative DNS services2018-11-20T08:03:49Z<p>UBF6: /* OpenNIC */ ed</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free uncensored nameservers located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] edit an appropiate /etc/named.conf with ''.libre'' domains etc. being transferred , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556080Alternative DNS services2018-11-20T08:02:21Z<p>UBF6: /* OpenNIC */ tpyo</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free uncensored nameservers located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND and no longer suffer unresponsive OpenNIC servers.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=Alternative_DNS_services&diff=556079Alternative DNS services2018-11-20T08:01:47Z<p>UBF6: /* OpenNIC */ follow RFC-7706:</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[Category:Lists]]<br />
{{Archive|Recently [[Wikipedia:Public recursive name server#List of public DNS service operators]] has been significantly improved, we cannot compete with it anymore.|section=Future of the page}}<br />
<br />
This article lists [[Wikipedia:Domain name system|domain name system]] (DNS) services that may replace an internet service provider's DNS service.<br />
To use one of these servers, see [[Domain name resolution]].<br />
<br />
{{Expansion|Specify if the nameservers support [[DNSSEC]], [[Wikipedia:DNS over TLS|DNS over TLS]], [[Wikipedia:DNS over HTTPS|DNS over HTTPS]] etc.}}<br />
<br />
== Cisco Umbrella (formerly OpenDNS) ==<br />
<br />
[https://www.opendns.com/home-internet-security/ OpenDNS] provided free alternative nameservers, was [https://umbrella.cisco.com/products/features/opendns-cisco-umbrella bought by Cisco in Nov. 2016] and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering.<br />
The old nameservers [https://www.opendns.com/setupguide/ still work] but are [https://www.opendns.com/home-internet-security/ pre-configured to block adult content]:<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
2620:0:ccc::2<br />
2620:0:ccd::2<br />
<br />
== Cloudflare ==<br />
<br />
[https://1.1.1.1/ Cloudflare] provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their [https://labs.apnic.net/?p=1127 research agreement statement].<br />
<br />
1.1.1.1<br />
1.0.0.1<br />
2606:4700:4700::1111<br />
2606:4700:4700::1001<br />
<br />
== Comodo ==<br />
<br />
[https://securedns.dnsbycomodo.com/ Comodo] provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries. <br />
<br />
8.26.56.26 <br />
8.20.247.20<br />
<br />
== DNS.WATCH ==<br />
<br />
[https://dns.watch/ DNS.WATCH] focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.<br />
<br />
84.200.69.80 # resolver1.dns.watch <br />
84.200.70.40 # resolver2.dns.watch<br />
2001:1608:10:25::1c04:b12f # resolver1.dns.watch<br />
2001:1608:10:25::9249:d69b # resolver2.dns.watch<br />
<br />
== Google ==<br />
<br />
[https://developers.google.com/speed/public-dns/ Google's nameservers] can be used as an alternative:<br />
<br />
8.8.8.8<br />
8.8.4.4<br />
2001:4860:4860::8888<br />
2001:4860:4860::8844<br />
<br />
== OpenNIC ==<br />
<br />
[https://www.opennic.org/ OpenNIC] provides free uncensored nameservers located in multiple countries. The full list of public servers is available at [https://servers.opennic.org/ servers.opennic.org] and a shortlist of nearest nameservers for optimal performance is generated on their [https://www.opennic.org/ home page].<br />
<br />
To retrieve a list of nearest nameservers, an [https://wiki.opennic.org/api/geoip API] is also available and returns, based on the [https://wiki.opennic.org/api/geoip#url_parameters URL parameters] provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.<br />
<br />
Alternatively, the anycast servers below can be used; while reliable their latency [https://wiki.opennic.org/opennic/dont_anycast fluctuates a lot].<br />
<br />
Worldwide Anycast:<br />
<br />
185.121.177.177<br />
169.239.202.202<br />
2a05:dfc7:5::53<br />
2a05:dfc7:5::5353<br />
<br />
{{Note|The use of OpenNIC DNS servers will allow host name resolution in the traditional Top-Level Domain (TLD) registries, but also in OpenNIC or afiliated operated namespaces: ''.o'', ''.libre'', ''.dyn''...}}<br />
<br />
{{Tip|The tool {{App|opennic-up|automates the renewal of the DNS servers with the most responsive OpenNIC servers|https://github.com/kewlfft/opennic-up|{{AUR|opennic-up}}}}}}<br />
<br />
To avoid responsiveness problems, follow RFC-7706: [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND and no longer suffer unsresponsive OpenNIC server.<br />
<br />
== Quad9 ==<br />
<br />
[https://quad9.net/ Quad9] is a free DNS service founded by [https://www.ibm.com/security IBM], [https://www.pch.net Packet Clearing House] and [https://www.globalcyberalliance.org Global Cyber Alliance]; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.<br />
<br />
"Secure", with blocklist and DNSSEC:<br />
<br />
9.9.9.9<br />
149.112.112.112<br />
2620:fe::fe<br />
2620:fe::9<br />
<br />
No blocklist, no DNSSEC:<br />
<br />
9.9.9.10<br />
149.112.112.10<br />
2620:fe::10<br />
<br />
== UncensoredDNS ==<br />
<br />
[https://censurfridns.dk UncensoredDNS] is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.<br />
<br />
91.239.100.100 # anycast.censurfridns.dk<br />
89.233.43.71 # unicast.censurfridns.dk<br />
2001:67c:28a4:: # anycast.censurfridns.dk<br />
2a01:3a0:53:53:: # unicast.censurfridns.dk<br />
<br />
{{Note|Its servers listen to port 5353 as well as the standard port 53. This can be used in case your ISP hijacks port 53.}}<br />
<br />
== Yandex ==<br />
<br />
[https://dns.yandex.com/advanced/ Yandex.DNS] has servers in Russia, Eastern and Western Europe and has three options, ''Basic'', ''Safe'' and ''Family''.<br />
<br />
Basic - no traffic filtering:<br />
<br />
77.88.8.8<br />
77.88.8.1<br />
2a02:6b8::feed:0ff<br />
2a02:6b8:0:1::feed:0ff<br />
<br />
Safe - protection from infected and fraudulent sites:<br />
<br />
77.88.8.88<br />
77.88.8.2<br />
2a02:6b8::feed:bad<br />
2a02:6b8:0:1::feed:bad<br />
<br />
Family - protection from dangerous sites and sites with adult content:<br />
<br />
77.88.8.7<br />
77.88.8.3<br />
2a02:6b8::feed:a11<br />
2a02:6b8:0:1::feed:a11<br />
<br />
== See also ==<br />
<br />
* [[Wikipedia:Public recursive name server#List of public DNS service operators]]</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556078BIND2018-11-20T07:52:03Z<p>UBF6: /* Creating a zonefile */ style</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using ''domain.tld'' as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. Here it is 2 hours.<br />
<br />
Serial must be '''incremented''' manually before restarting named every time you change a resource record for the zone. Otherwise slaves will not re-transfer the zone: they only do it if the serial is '''greater''' than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hour. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556077BIND2018-11-20T07:43:19Z<p>UBF6: /* Automatically listen on new interfaces */ typo</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using ''domain.tld'' as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. Here it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' Otherwise slaves will not re-transfer the zone: they only do it if the serial is '''greater''' than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hour. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556052BIND2018-11-20T07:39:00Z<p>UBF6: /* Creating a zonefile */ short</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using ''domain.tld'' as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. Here it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' Otherwise slaves will not re-transfer the zone: they only do it if the serial is '''greater''' than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556050BIND2018-11-20T07:36:52Z<p>UBF6: /* A configuration template for running a domain */ style</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using ''domain.tld'' as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' Otherwise slaves will not re-transfer the zone: they only do it if the serial is '''greater''' than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556049BIND2018-11-20T07:35:56Z<p>UBF6: /* Creating a zonefile */ style</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using "''domain.tld''" as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' Otherwise slaves will not re-transfer the zone: they only do it if the serial is '''greater''' than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556048BIND2018-11-20T07:33:53Z<p>UBF6: /* A configuration template for running a domain */ shorter</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver being set up, using "''domain.tld''" as the domain being served world-wide like this wiki's ''archlinux.org'' domain is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain this shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556047BIND2018-11-20T07:31:20Z<p>UBF6: /* Creating a zonefile */ 2018111111</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver with BIND being set up, using "''domain.tld''" as the domain served world-wide like this wiki's ''archlinux.org'' is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain This shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2018111111 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556045BIND2018-11-20T07:25:36Z<p>UBF6: /* A configuration template for running a domain */ shorten</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
Following is a simple home nameserver with BIND being set up, using "''domain.tld''" as the domain served world-wide like this wiki's ''archlinux.org'' is.<br />
<br />
A more elaborate example is [http://www.howtoforge.com/two_in_one_dns_bind9_views DNS server with BIND9], while [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain This shows] how to set up internal network name resolution.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2007011601 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6https://wiki.archlinux.org/index.php?title=BIND&diff=556043BIND2018-11-20T07:08:40Z<p>UBF6: /* Restrict access to localhost */ 53</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[es:BIND]]<br />
[[fr:BIND]]<br />
[[ja:BIND]]<br />
[[zh-hans:BIND]]<br />
{{Related articles start}}<br />
{{Related|DNSCrypt}}<br />
{{Related|dnsmasq}}<br />
{{Related|Pdnsd}}<br />
{{Related|Unbound}}<br />
{{Related|PowerDNS}}<br />
{{Related articles end}}<br />
{{Style|Numerous style and content issues.}}<br />
[https://www.isc.org/downloads/bind/ BIND] (or named) is the most widely used Domain Name System (DNS) server.<br />
<br />
{{Note|The organization developing BIND is serving security notices to paying customers up to four days before Linux distributions or the general public.[https://kb.isc.org/article/AA-00861/0/ISC-Software-Defect-and-Security-Vulnerability-Disclosure-Policy.html]}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|bind}} package.<br />
<br />
[[Start/enable]] the {{ic|named.service}} systemd unit.<br />
<br />
To use the DNS server locally, use the {{ic|127.0.0.1}} nameserver (meaning clients like firefox resolve via 127.0.0.1), see [[Domain name resolution]].<br />
This will however require you to [[#Allow recursion]] while a firewall might block outside queries to your local named.<br />
<br />
== Configuration ==<br />
<br />
BIND is configured in {{ic|/etc/named.conf}}. The available options are documented in {{man|5|named.conf}}.<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply configuration changes.<br />
<br />
===Restrict access to localhost===<br />
<br />
BIND by defaults listens on [[port]] 53 of all interfaces and IP addresses. To only allow connections from localhost add the following line to the options section in {{ic|/etc/named.conf}}:<br />
listen-on { 127.0.0.1; };<br />
<br />
=== Set up DNS forwarding ===<br />
<br />
To make BIND forward DNS queries to another DNS server add the forwarders clause to the options section.<br />
<br />
Example to make BIND forward to the Google DNS servers:<br />
<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
<br />
== A configuration template for running a domain ==<br />
<br />
This is a simple tutorial in howto setup a simple home network DNS-server with bind. In our example we use "domain.tld" as our domain.<br />
<br />
For a more elaborate example see [http://www.howtoforge.com/two_in_one_dns_bind9_views Two-in-one DNS server with BIND9].<br />
<br />
Another guide at [http://www.brennan.id.au/08-Domain_Name_System_BIND.html#yourdomain Linux Home Server HOWTO - Domain name system (BIND): Adding your domain] will show you how to set up internal network name resolution in no time; short, on-point and very informative.<br />
<br />
=== Creating a zonefile ===<br />
<br />
Create {{ic|/var/named/domain.tld.zone}}.<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2007011601 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.<br />
<br />
=== Configuring master server ===<br />
<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
[[Reload]] the {{ic|named.service}} unit to apply the configuration change.<br />
<br />
== Allow recursion ==<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups, or even locally serve the root-zone yourself following [[RFC:7706]]. The former will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
{{Accuracy|LAN networking isn't recursive.}}<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0.0/24, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
<br />
{{Expansion|This is just a list of links in need of condensing to over here.}}<br />
<br />
* [http://www.dnssec.net/practical-documents DNSSEC]<br />
* [http://www.cymru.com/Documents/secure-bind-template.html a BIND configuration template]<br />
* [http://www.bind9.net/manuals man bind]<br />
* [http://www.bind9.net/BIND-FAQ bind FAQ]<br />
<br />
There are external mechanisms such as OpenDNSSEC with fully-automatic key rollover available.<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
== Running BIND in a chrooted environment ==<br />
<br />
Running in a [[chroot]] environment is not required but improves security.<br />
<br />
=== Creating the Jail House ===<br />
In order to do this, we first need to create a place to keep the jail, we shall use {{ic|/srv/named}}, and then put the required files into the jail.<br />
<br />
mkdir -p /srv/named/{dev,etc,usr/lib/engines,var/{run,log,named}}<br />
# Copy over required system files<br />
cp -av /etc/{localtime,named.conf} /srv/named/etc/<br />
cp -av /usr/lib/engines-1.1/* /srv/named/usr/lib/engines/<br />
cp -av /var/named/* /srv/named/var/named/.<br />
# Set up required dev nodes<br />
mknod /srv/named/dev/null c 1 3<br />
mknod /srv/named/dev/random c 1 8<br />
# Set Ownership of the files<br />
chown -R named:named /srv/named<br />
<br />
This should create the required file system for the jail.<br />
<br />
=== Service File ===<br />
<br />
Next we need to create the new service file which will allow force bind into the chroot<br />
<br />
cp -av /usr/lib/systemd/system/named.service /etc/systemd/system/named-chroot.service<br />
<br />
we need to edit how the service calls bind.<br />
<br />
{{hc|/etc/systemd/system/named-chroot.service|<nowiki><br />
ExecStart=/usr/bin/named -4 -f -u named -t "/srv/named"<br />
</nowiki>}}<br />
<br />
Now, restart the systemd service.<br />
<br />
== See also ==<br />
* [https://www.isc.org/downloads/bind/doc/ BIND 9 Administrator Reference Manual]<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Liu and Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND] with [http://www.zytrax.com/books/dns/ abbreviated version online]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [https://cira.ca/domain-name-system-dns-glossary DNS Glossary]<br />
* [https://lists.archlinux.org/pipermail/arch-dev-public/2013-March/024588.html Archived mailing list discussion on BIND's future]<br />
* [https://www.heise.de/netze/rfc/rfcs/rfc7706.shtml#page-9 root zone transfer made simple - serve root@home] copy the /etc/named.conf , restart BIND & enjoy!</div>UBF6