Alternative DNS services
Cisco Umbrella (formerly OpenDNS)
OpenDNS provided free alternative nameservers, was bought by Cisco in Nov. 2016 and continues to offer OpenDNS as end-user product of its "Umbrella" product suite with focus on Security Enforcement, Security Intelligence and Web Filtering. The old nameservers still work but are pre-configured to block adult content:
18.104.22.168 22.214.171.124 2620:0:ccc::2 2620:0:ccd::2
Cloudflare provides a service committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours, with the exception of providing data to APNIC labs for research purposes. APNIC and Cloudfare committed to treat all data with high privacy standards in their research agreement statement.
126.96.36.199 188.8.131.52 2606:4700:4700::1111 2606:4700:4700::1001
Comodo provides another IPv4 set, with optional (non-free) web-filtering. Implied in this feature is that the service hijacks the queries.
DNS.WATCH focuses on neutrality and security and provides two servers located in Germany with no logging and with DNSSEC enabled. Note they welcome commercial sponsorship.
184.108.40.206 # resolver1.dns.watch 220.127.116.11 # resolver2.dns.watch 2001:1608:10:25::1c04:b12f # resolver1.dns.watch 2001:1608:10:25::9249:d69b # resolver2.dns.watch
Google's nameservers can be used as an alternative:
18.104.22.168 22.214.171.124 2001:4860:4860::8888 2001:4860:4860::8844
OpenNIC provides free, essentially uncensored nameservers, a complementing DynDNS service and free domain-registrations such as has-cost-me-nothing.libre located in multiple countries. It is non-commercial and invites more participants to list their newly created nameservers into the network.
Though uncensored, some servers do block bona-fide attacking IPs which just cause technical disruption of service.
Guides to add own nameservers are provided in a wiki with procedures how to serve new Topleveldomains besides the ca. 15 available in 2018: .dyn .geek .libre .pirate and more.
To retrieve a list of nearest nameservers, an API is also available and returns, based on the URL parameters provided, a list of nameservers in the desired format. For example to get the 200 nearest IPv4 servers, one can use https://api.opennicproject.org/geoip/?list&ipv=4&res=200&adm=0&bl&wl.
Alternatively, the anycast servers below can be used; while reliable their latency fluctuates a lot.
126.96.36.199 188.8.131.52 2a05:dfc7:5::53 2a05:dfc7:5::5353
To avoid responsiveness problems, follow RFC-7706: root zone transfer made simple - serve root@home edit an appropriate /etc/named.conf with .libre domains etc. being transferred (see OpenNIC wiki for details) , restart BIND and no longer suffer unresponsive OpenNIC servers. Do a zone transfer just like the full tier 2 servers described in the OpenNIC wiki.
Quad9 is a free DNS service founded by IBM, Packet Clearing House and Global Cyber Alliance; its primary unique feature is a blocklist which avoids resolving known malicious domains. The addresses below are worldwide anycast.
"Secure", with blocklist and DNSSEC:
184.108.40.206 220.127.116.11 2620:fe::fe 2620:fe::9
No blocklist, no DNSSEC:
18.104.22.168 22.214.171.124 2620:fe::10
UncensoredDNS is a free uncensored DNS service. It is run by a private individual and consists in one anycast served by multiple servers and one unicast node hosted in Denmark.
126.96.36.199 # anycast.censurfridns.dk 188.8.131.52 # unicast.censurfridns.dk 2001:67c:28a4:: # anycast.censurfridns.dk 2a01:3a0:53:53:: # unicast.censurfridns.dk
Yandex.DNS has servers in Russia, Eastern and Western Europe and has three options, Basic, Safe and Family.
Basic - no traffic filtering:
184.108.40.206 220.127.116.11 2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff
Safe - protection from infected and fraudulent sites:
18.104.22.168 22.214.171.124 2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad
Family - protection from dangerous sites and sites with adult content:
126.96.36.199 188.8.131.52 2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11