Public Cloud DNS Resolvers (which offer services)

Public Cloud DNS Resolvers are now well known in the industry.  Google DNS has opened the door for many solutions offering a variety of DNS Resolver base solutions. Today, there is a multitude of cloud-based DNS Resolvers. These are services individuals might wish to explore. Everyone has the ability to control which DNS Resolver they connect. Normally, people and devices will get two DNS Service IPs from the provisioning (DHCP, Radius, Diameter via their WIFI, Mobile, Broadband or Network). There are times where people would prefer their devices use a DNS Resolver (rDNS) of their own choice. This choice has many reasons:

  • Better rDNS Performance. Many times, rDNS is neglected in their Operator. Entropy decays the performance of anything on the Internet over time. Without care, the rDNS in the Operator will get slower and slower. DNS is set up so that the end users can bypass the provisioned rDNS and use one with better performance.
  • Security. The DNS Resolver IS A SECURITY TOOL. If you know the domain name is bad (malicious), then why resolve the domain. It would be better to warn the person “this domain is trying to infect you with malware” or just block it. There are many malware, botnet, and ransomware attacks that could have been prevented if the DNS Resolver would have been used as a DNS Firewall. There are not many services that offer this to the public.
  • Parental Control Services. Several Cloud DNS Resolver Solutions off Parental Control services. These service work with WIFI routers in the home and/or applications on the devices to provide parents with the tools to “parentally interact” with their family on when, where, and what content is accessed on the Internet.
  • Business Security. There are several large DNS Resolver operators who provide specialized business security/services using the DNS Cloud Resolver. These services provide the business with extra visibility into the DNS security threatscape constantly poking and attacking their organization.

All of these reasons are powerful incentives for individuals to seek out “over the top” Cloud DNS Resolvers. This is an evolving list of the known Cloud DNS Resolvers. Please contact bgreene@senki.org if you have more information on others on the list.

Is there a “Best” Cloud DNS Security Solution?

Security tools, the “blacklist” that feed those tools, and the state of the Internet all changes all the time. One moment one tool might be considered the “best.” The next time … depending on how the test is measured …. another vendor might be considered the “best.” What is true is that security is nothing unless it is USED and USEFUL. Hence, the purpose of this master list. The goal is to allow the individual and organization to explore all options to find the Cloud DNS Resolver that provides the services that they see as being adopted (used) and provides the reporting that they need to be useful. 

Cloud rDNS Anycast/Unicast Address

The following is a list of all the known rDNS Cloud Operators. It is recommended that the individual or organization interact with each of the organization. Try several. There is no one solution that works best for every organization. Each organization would explore which DNS services are best for them. 

Provider IPv4 Anycast Address IPv6 Anycast Address
Akamai’s ETP

(Will get specific IPs for the trial)

104.104.58.2
104.103.234.2
2600:1480::2
2600:1480:2::2
AliDNS (Alibaba) 223.5.5.5
223.6.6.6 
 
Alternate.DNS 198.101.242.72
23.253.163.53 
 
CIRA D-ZONE 162.219.51.2

 

2620:10a:8054::2
Cloudflare 1.1.1.1
1.0.0.1
 2606:4700:4700::1111
2606:4700:4700::1001
 
Comodo 8.26.56.26
8.20.247.20 
 
DNS Filter 103.247.36.3
103.247.37.37
 
DNS.WATCH 84.200.69.80
84.200.70.40
2001:1608:10:25::1c04:b12f
2001:1608:10:25::9249:d69b
Dyn (Oracle) 216.146.35.35
216.146.36.36
 
eSentire DNS Firewall
Cymon.io
 (Contact eSentire)  
FreeDNS 37.235.1.174
37.235.1.177 
 
FoolDNS
87.118.111.215
213.187.11.62
 
 
Google
8.8.8.8
8.8.4.4 
2001:4860:4860::8888
2001:4860:4860::8844
GreenTeam Internet
81.218.119.11
209.88.198.133
 
 
Hurricane Electric

 

74.82.42.42 2001:470:20::2
Level 3 209.244.0.3
4.2.2.1
4.2.2.2
 
DNS Advantage (Neustar) 156.154.70.1
156.154.71.1
2610:a1:1018::1
2610:a1:1019::1
Norton ConnectSafe 199.85.126.10
199.85.127.10 
 
OpenDNS 208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
OpenNIC

 

185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
puntCAT 109.69.8.51

 

2a00:1508:0:4::9
Quad 9 9.9.9.9

 

2620:fe::fe
SafeDNS 195.46.39.39
195.46.39.40
 
SmartViper 208.76.50.50
208.76.51.51
 
UncensoredDNS 91.239.100.100
89.233.43.71 
2001:67c:28a4::
2a01:3a0:53:53::
Verisign 64.6.64.6
64.6.65.6 
2620:74:1b::1:1
2620:74:1c::2:2
Yandex.DNS 77.88.8.8
77.88.8.1
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff