Public Cloud DNS Resolvers are now well known in the industry. Google DNS has opened the door for many solutions offering a variety of DNS Resolver base solutions. Today, there is a multitude of cloud-based DNS Resolvers. These are services individuals might wish to explore. Everyone has the ability to control which DNS Resolver they connect. Normally, people and devices will get two DNS Service IPs from the provisioning (DHCP, Radius, Diameter via their WIFI, Mobile, Broadband or Network). There are times where people would prefer their devices use a DNS Resolver (rDNS) of their own choice. This choice has many reasons:
- Better rDNS Performance. Many times, rDNS is neglected in their Operator. Entropy decays the performance of anything on the Internet over time. Without care, the rDNS in the Operator will get slower and slower. DNS is set up so that the end users can bypass the provisioned rDNS and use one with better performance.
- Security. The DNS Resolver IS A SECURITY TOOL. If you know the domain name is bad (malicious), then why resolve the domain. It would be better to warn the person “this domain is trying to infect you with malware” or just block it. There are many malware, botnet, and ransomware attacks that could have been prevented if the DNS Resolver would have been used as a DNS Firewall. There are not many services that offer this to the public.
- Parental Control Services. Several Cloud DNS Resolver Solutions off Parental Control services. These service work with WIFI routers in the home and/or applications on the devices to provide parents with the tools to “parentally interact” with their family on when, where, and what content is accessed on the Internet.
- Business Security. There are several large DNS Resolver operators who provide specialized business security/services using the DNS Cloud Resolver. These services provide the business with extra visibility into the DNS security threatscape constantly poking and attacking their organization.
All of these reasons are powerful incentives for individuals to seek out “over the top” Cloud DNS Resolvers. This is an evolving list of the known Cloud DNS Resolvers. Please contact firstname.lastname@example.org if you have more information on others on the list.
Is there a “Best” Cloud DNS Security Solution?
Security tools, the “blacklist” that feed those tools, and the state of the Internet all changes all the time. One moment one tool might be considered the “best.” The next time … depending on how the test is measured …. another vendor might be considered the “best.” What is true is that security is nothing unless it is USED and USEFUL. Hence, the purpose of this master list. The goal is to allow the individual and organization to explore all options to find the Cloud DNS Resolver that provides the services that they see as being adopted (used) and provides the reporting that they need to be useful.
Cloud rDNS Anycast/Unicast Address
The following is a list of all the known rDNS Cloud Operators. It is recommended that the individual or organization interact with each of the organization. Try several. There is no one solution that works best for every organization. Each organization would explore which DNS services are best for them.
|Provider||IPv4 Anycast Address||IPv6 Anycast Address|
(Will get specific IPs for the trial)
|eSentire DNS Firewall
|DNS Advantage (Neustar)||184.108.40.206