DNS Server Overview

DNS stands for Domain Name System, and it is a fundamental part of how the internet works. It is often described as the “phonebook of the internet” because it translates human-readable domain names (such as www.example.com) into IP addresses (such as 192.0.2.1), which computers use to identify each other on the network.

What DNS Does:

When you enter a URL (such as www.example.com) in your web browser, your computer needs to know the IP address of the server that hosts that website in order to establish a connection. Since humans are better at remembering domain names than numerical IP addresses, DNS servers perform this translation.

For example:

  • You type www.example.com in your browser.
  • The DNS system translates it into an IP address, say 93.184.216.34.
  • The browser then uses that IP address to connect to the server hosting the website.

How DNS Works (Step-by-Step):

  1. You type a domain name: When you enter a domain name in your browser (like www.example.com), the request is sent to your local DNS resolver (often provided by your internet service provider).

  2. DNS resolver looks for the domain: If the IP address for that domain is already cached (stored locally from a previous query), the resolver will use it to connect to the website. Otherwise, the DNS resolver will start the process of querying other DNS servers.

  3. Recursive lookup begins: The resolver sends a query to the root DNS server, which doesn’t know the specific IP address but points the resolver to the Top-Level Domain (TLD) server (for example, .com, .org, .net).

  4. TLD server response: The TLD server knows where to find the authoritative DNS server for the domain. For example, it may point the resolver to the authoritative name server for example.com.

  5. Authoritative DNS server: This server is the final source of truth. It holds the actual IP address (or addresses) for www.example.com. The authoritative server responds with the IP address.

  6. DNS response: The DNS resolver sends the IP address back to your computer, which then connects to the server hosting the website using that IP address.

  7. Caching: To make this process more efficient, the DNS resolver and your computer will cache the IP address for a period of time (called the Time-to-Live, or TTL). This helps avoid having to repeat the lookup process each time the website is visited.

DNS Components and Structure:

  1. DNS Records: DNS records are the individual entries in the DNS database that map domain names to IP addresses or other resources. Some of the most common types of DNS records are:

    • A (Address) Record: Maps a domain name to an IPv4 address.
    • AAAA (IPv6 Address) Record: Maps a domain name to an IPv6 address.
    • CNAME (Canonical Name) Record: Maps one domain name to another domain name (aliasing).
    • MX (Mail Exchange) Record: Specifies the mail servers responsible for receiving email for the domain.
    • NS (Name Server) Record: Specifies the DNS servers responsible for the domain.
    • PTR (Pointer) Record: Used for reverse DNS lookups, mapping IP addresses to domain names.
    • TXT Record: Used to store arbitrary text or information, commonly for domain verification or security purposes (e.g., SPF records for email security).

  2. DNS Server Types:

    • Recursive Resolver: A DNS server that receives queries from client devices and performs the necessary lookups to resolve a domain name.
    • Root DNS Servers: The highest level of DNS servers in the hierarchy. They provide pointers to TLD servers.
    • TLD Servers: Manage the top-level domain (.com, .net, .org, etc.) and point to the authoritative servers.
    • Authoritative DNS Servers: The servers that store the actual records for the domain, such as the IP address for example.com.

  3. DNS Caching: DNS resolvers and local computers cache domain name lookups for a specified period of time to improve performance and reduce the load on DNS servers. Cached information is kept based on the TTL value set by the authoritative server.

Why DNS Is Important:

  • Human-Friendly: DNS allows us to use domain names (e.g., www.google.com) instead of having to memorize numerical IP addresses.
  • Speed and Efficiency: It reduces the load on websites and servers by caching DNS queries, speeding up the resolution process.
  • Scalability: DNS is hierarchical, meaning it can scale globally and manage millions of domain names and IP addresses.
  • Reliability: DNS is a distributed system, so there’s no single point of failure. It is designed to be resilient and provide redundancy.

Common DNS Issues:

  • DNS Resolution Failures: If the DNS server is down or misconfigured, the browser will not be able to resolve the domain name, and you’ll see an error like “DNS server not found.”
  • DNS Cache Poisoning: This is a type of attack where incorrect DNS records are introduced into the cache, redirecting users to malicious sites.
  • DNS Spoofing: An attacker may forge DNS responses, tricking users into visiting malicious websites that appear legitimate.

DNS and Internet Security:

  • DNSSEC (DNS Security Extensions): An extension to DNS that adds an additional layer of security, preventing attacks like DNS spoofing and ensuring the integrity of DNS responses.
  • DDoS Protection: DNS is a key target for Distributed Denial of Service (DDoS) attacks. Many organizations use specialized services to protect DNS infrastructure from large-scale attacks.

Summary:

  • DNS is a system that translates domain names into IP addresses.
  • It allows us to use easily memorable names (like www.google.com) instead of IP addresses (like 172.217.15.78).
  • The process involves DNS resolvers, root servers, TLD servers, and authoritative servers to resolve a domain name.
  • DNS is vital for internet functionality, making the web easier to navigate for users and enabling efficient communication between devices.

Without DNS, navigating the web would be incredibly difficult since we’d have to rely on remembering numerical IP addresses instead of user-friendly domain names.

 
DNS (Domain Name System) is a distributed system that is responsible for mapping human-readable domain names to IP addresses. There are several different types of DNS records, DNS servers, and DNS query types. Below is a breakdown of the key types of DNS:

1. Types of DNS Records

DNS records are used to store information about a domain, such as its associated IP addresses, mail servers, and other related data. Some of the most common types of DNS records include:

A Record (Address Record)

  • Purpose: Maps a domain name to an IPv4 address.
  • Example:
    • example.com. A 93.184.216.34
    • This means that example.com resolves to the IPv4 address 93.184.216.34.

AAAA Record (IPv6 Address Record)

  • Purpose: Maps a domain name to an IPv6 address.
  • Example:
    • example.com. AAAA 2606:2800:220:1:248:1893:25c8:1946
    • This means that example.com resolves to the specified IPv6 address.

CNAME Record (Canonical Name Record)

  • Purpose: Maps one domain name to another (aliasing).
  • Example:
    • www.example.com. CNAME example.com.
    • This means that www.example.com is an alias for example.com.

MX Record (Mail Exchange Record)

  • Purpose: Specifies the mail servers responsible for receiving email for the domain.
  • Example:
    • example.com. MX 10 mail.example.com.
    • This means that emails for example.com should be delivered to mail.example.com with a priority of 10 (lower numbers indicate higher priority).

NS Record (Name Server Record)

  • Purpose: Specifies the authoritative name servers for the domain.
  • Example:
    • example.com. NS ns1.exampledns.com.
    • This means that ns1.exampledns.com is an authoritative nameserver for example.com.

PTR Record (Pointer Record)

  • Purpose: Used for reverse DNS lookups, mapping an IP address to a domain name.
  • Example:
    • 34.216.184.93.in-addr.arpa. PTR example.com.
    • This means that the IP address 93.184.216.34 maps to the domain example.com.

TXT Record (Text Record)

  • Purpose: Allows domain administrators to add arbitrary text to a DNS record. This is often used for things like SPF (Sender Policy Framework) or domain verification.
  • Example:
    • example.com. TXT "v=spf1 include:_spf.google.com ~all"
    • This specifies an SPF record that tells email servers which IP addresses are allowed to send mail on behalf of example.com.

SRV Record (Service Locator Record)

  • Purpose: Defines the location of a specific service, like a VoIP or instant messaging service, for a domain.
  • Example:
    • _sip._tcp.example.com. SRV 10 60 5060 sipserver.example.com.
    • This means that the SIP service for example.com is located at sipserver.example.com on port 5060 with a priority of 10 and weight of 60.

SOA Record (Start of Authority Record)

  • Purpose: Contains administrative information about the domain, such as the primary name server, the administrator’s email address, and zone file information.
  • Example:
    • example.com. SOA ns1.exampledns.com. admin.example.com. 2021010101 7200 3600 1209600 86400
    • This record provides details like the primary name server, email address of the domain administrator, and various timers related to the zone’s cache.

2. Types of DNS Servers

DNS servers handle the process of resolving domain names to IP addresses and vice versa. The types of DNS servers can be categorized based on their role in the DNS resolution process:

Recursive DNS Server

  • Role: A recursive resolver is the first point of contact for a user’s device (e.g., a computer or mobile phone) when performing a DNS query. It is responsible for recursively querying other DNS servers (like root, TLD, and authoritative servers) to resolve a domain name to an IP address.
  • Example: When you enter a URL in your browser, your device sends a request to the recursive resolver, which queries multiple DNS servers to return the IP address.

Root DNS Server

  • Role: These are the highest-level DNS servers in the DNS hierarchy. They do not store the actual domain name records but can direct a resolver to the appropriate Top-Level Domain (TLD) server based on the domain extension (like .com, .org, etc.).
  • Example: If you want to resolve example.com, the root DNS server will refer the query to the .com TLD server.

TLD (Top-Level Domain) Server

  • Role: A TLD server manages the domain names for a specific TLD (e.g., .com, .org, .net). It doesn’t resolve a full domain but points to the authoritative name server for the specific domain.
  • Example: The .com TLD server would refer example.com queries to the authoritative name server responsible for example.com.

Authoritative DNS Server

  • Role: The authoritative DNS server is the final source of truth for a domain. It stores the DNS records for the domain (like A, MX, CNAME records) and provides the definitive answers for queries about the domain.
  • Example: The authoritative server for example.com will provide the IP address for www.example.com when queried.

Forwarding DNS Server

  • Role: A forwarding DNS server forwards DNS queries it cannot resolve locally to another DNS server, usually a recursive resolver or another DNS server. It acts as an intermediary between clients and DNS servers.
  • Example: A company may use a forwarding DNS server to pass queries to an external DNS provider or public DNS servers like Google DNS (8.8.8.8).

Cache DNS Server

  • Role: This type of DNS server temporarily stores (caches) DNS query results to speed up subsequent lookups. Caching reduces the need for repetitive queries and improves the overall efficiency of DNS resolution.
  • Example: When you visit a website, your DNS resolver caches the IP address for a period of time (based on the TTL value) to avoid querying the authoritative DNS server on every visit.

3. Types of DNS Queries

When a DNS query is made, it can be of several different types, depending on the information requested:

Recursive Query

  • Definition: A recursive query occurs when a DNS resolver is asked to retrieve the IP address for a domain, and it must query other DNS servers to resolve the request fully.
  • Example: When you type a URL into your browser, the recursive resolver will continue querying the DNS hierarchy until it retrieves the correct IP address.

Iterative Query

  • Definition: In an iterative query, the DNS resolver can give a partial answer, typically referring the client to another DNS server that may have the requested data.
  • Example: A recursive server might tell the client, “I don’t have the answer, but you can ask the .com TLD server.”

Non-Recursive Query

  • Definition: In a non-recursive query, the DNS server responds immediately with the information it already knows without further queries. It is typically used for cached data.
  • Example: If the DNS resolver already knows the IP address (from cache), it responds without querying other DNS servers.

Reverse DNS Query

  • Definition: A reverse DNS query maps an IP address to a domain name (using PTR records). This is the opposite of a typical DNS query.
  • Example: A reverse query on IP 93.184.216.34 may return example.com if the PTR record exists for that IP.

4. Public vs. Private DNS Servers

Public DNS Servers

  • Definition: Public DNS servers are open to anyone and can be used as alternatives to the DNS servers provided by an ISP.
  • Examples:
    • Google DNS: 8.8.8.8 (primary), 8.8.4.4 (secondary)
    • Cloudflare DNS: 1.1.1.1 (primary), 1.0.0.1 (secondary)
    • OpenDNS: 208.67.222.222 (primary), 208.67.220.220 (secondary)

Private DNS Servers

  • Definition: Private DNS servers are used within private networks, such as corporate or home networks, and are not publicly accessible.
  • Example: An enterprise might set up an internal DNS server to handle queries for its internal domain names, ensuring that sensitive resources are not exposed to the public internet.

Summary:

  • DNS Records: Various types of records (A, AAAA, MX, CNAME, etc.) store information about a domain name, such as IP addresses

DNS Check Commands:

CommandPurposeExample Usage
nslookupQuery DNS information from a DNS servernslookup example.com
digDetailed DNS query and troubleshootingdig example.com MX
hostSimple DNS query tool for basic lookupshost example.com
pingTest DNS resolution and network connectivityping example.com
tracert / tracerouteTrace network route and DNS resolutiontracert example.com
systemd-resolveQuery DNS information on Linux (systemd)systemd-resolve example.com
ipconfig /flushdnsClear DNS resolver cache (Windows)ipconfig /flushdns
resolvectlQuery DNS info on systemd-based Linux systemsresolvectl status

Mail Record For DNS

In DNS (Domain Name System), email-related DNS records are crucial for ensuring that email systems can route messages to the correct mail servers. The main DNS records related to email are MX (Mail Exchange) records, SPF (Sender Policy Framework) records, DKIM (DomainKeys Identified Mail) records, and DMARC (Domain-based Message Authentication, Reporting & Conformance) records. These records help manage email delivery, prevent spam, and verify the authenticity of sent emails.

1. MX (Mail Exchange) Record

  • Purpose: The MX record defines the mail servers responsible for receiving email messages for a specific domain. When an email is sent to a domain (e.g., user@example.com), the sending mail server looks up the MX records of example.com to determine where to deliver the message.

  • Structure: An MX record includes:

    • The mail server’s hostname (e.g., mail.example.com).
    • The priority (an integer value) of the mail server. The priority determines the order in which mail servers are tried. Lower values indicate higher priority.

  • Example:

     
      example.com. MX 10 mail.example.com.

    example.com. MX 20 mail2.example.com.

    In this example:

    • Mail to example.com will first be routed to mail.example.com (priority 10).
    • If mail.example.com is unavailable, mail will be routed to mail2.example.com (priority 20).

2. SPF (Sender Policy Framework) Record

  • Purpose: SPF records are used to prevent email spoofing by specifying which mail servers are authorized to send emails on behalf of a domain. When an email is received, the recipient mail server checks the SPF record of the sending domain to verify that the sender’s IP address is authorized.

  • Structure: An SPF record is a TXT record that contains a list of authorized sending IP addresses or hostnames.

  • Example:

    example.com. TXT “v=spf1 ip4:192.168.1.1 include:_spf.google.com ~all”

    This SPF record:

    • Authorizes 192.168.1.1 to send emails on behalf of example.com.
    • Includes Google’s SPF record to allow Google’s servers to send mail.
    • The ~all means that any other server is “soft-failed,” meaning emails from unauthorized servers should be marked as potentially suspicious but not outright rejected.

3. DKIM (DomainKeys Identified Mail) Record

  • Purpose: DKIM allows the sender to add a digital signature to their emails, which is then verified by the recipient’s mail server using a public key stored in the DKIM record. It ensures that the email has not been altered during transmission and verifies the authenticity of the sender.

  • Structure: The DKIM record is a TXT record containing the public key used to verify the digital signature. It also includes other parameters related to the signing algorithm and selector used.

  • Example:

     
     

    default._domainkey.example.com. TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD
    CBiQKBgQCtLoT1lbklrXYV2Sz0FEkgFf7qHZBQzzbBEnD
    1L+JNBxVUsy3FCw9BskdZT3WAtStD
    gbTeX5xZnl2Ln4g2+ZTlmF6dCae9phgfUfnP
    YQ9zmZUzkrpBQ0PUdxeLDb
    mjsfTbw30tYABxH5kLdyEvFpRSsJv94g5VrphbHJALcbA==”

     

    In this example:

    • The selector (default) specifies which key to use from the DKIM records.
    • The v=DKIM1 indicates the DKIM version.
    • The p= part is the actual public key used to verify the email’s signature.

4. DMARC (Domain-based Message Authentication, Reporting & Conformance) Record

  • Purpose: DMARC is an email authentication protocol that uses both SPF and DKIM to improve email security and prevent phishing. It allows domain owners to set policies on how to handle emails that fail SPF and/or DKIM checks (such as rejecting, quarantining, or reporting them). DMARC also enables the domain owner to receive feedback on email authentication results.

  • Structure: The DMARC record is a TXT record that specifies the policy for handling emails and the reporting mechanism.

  • Example:

    css
     
    _dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-failures@example.com; sp=none"

    In this example:

    • v=DMARC1: Specifies the DMARC version.
    • p=reject: Emails that fail both SPF and DKIM checks will be rejected.
    • rua=mailto:dmarc-reports@example.com: DMARC aggregate reports will be sent to this email address.
    • ruf=mailto:dmarc-failures@example.com: Forensic reports on failed emails will be sent to this address.
    • sp=none: Policy for subdomains (in this case, no specific policy for subdomains).

5. CNAME (Canonical Name) Record (for email services)

  • Purpose: A CNAME record can be used for domain aliases. It’s often used for email-related services when you need to alias a subdomain (e.g., mail.example.com) to a different service or server (e.g., mailservice.provider.com). While not strictly used for email delivery itself, it’s commonly part of the setup for email services.

  • Example:

    mail.example.com. CNAME mailservice.provider.com.
     
    This means that mail.example.com is an alias for mailservice.provider.com.

6. Additional Email-related Records

  • RBL (Real-time Blackhole List): Some DNS services provide a way to query RBLs or blacklists to check whether an IP address is associated with spam or malicious activity. This isn’t a specific DNS record, but rather a service that uses DNS to provide spam filtering.

Summary of Common Email DNS Records

Record TypePurposeExample Syntax
MXDefines mail servers for the domain.example.com. MX 10 mail.example.com.
SPFSpecifies which mail servers can send email for the domain.example.com. TXT "v=spf1 ip4:192.168.1.1 ~all"
DKIMProvides a public key for verifying email signatures.default._domainkey.example.com. TXT "v=DKIM1; k=rsa; p=MIGfMA0G...
DMARCSpecifies policy for SPF and DKIM validation and reporting._dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc@...
CNAMEUsed to alias subdomains for email services (e.g., mail).mail.example.com. CNAME mailservice.provider.com.

How These Email Records Work Together

  1. MX Records: Direct email traffic to the correct mail servers.
  2. SPF Records: Ensure that only authorized servers can send email on behalf of your domain, preventing spoofing.
  3. DKIM Records: Sign outgoing emails with a cryptographic signature to ensure they haven’t been altered in transit.
  4. DMARC Records: Combine SPF and DKIM to set a policy for how to handle failed email authentication and provide feedback.

These records are crucial for email deliverability, security, and reducing spam or phishing attacks. It’s important for domain owners to configure all these records properly to ensure their email system operates securely and reliably.

How Many World DNS Server

As of 2024, there are 13 root DNS servers in total. These are operated by various organizations and distributed across multiple geographic locations around the world. The root DNS servers are critical to the functioning of the Internet, as they serve as the first step in resolving domain names. They provide the authoritative records for the root zone of the DNS system, essentially directing queries to the appropriate Top-Level Domain (TLD) servers (such as those for .com, .org, .net, etc.).

Details of the 13 Root DNS Servers

The root DNS servers are labeled with letters A to M, and they are distributed worldwide using a system called Anycast, which allows multiple copies of the same server to be located in different places. This improves both redundancy and performance by allowing DNS queries to be answered from the nearest available server.

  1. A Root Server

    • Operator: Verisign, Inc.
    • Location(s): Multiple global locations.

  2. B Root Server

    • Operator: University of Southern California (ISI)
    • Location(s): Multiple global locations.

  3. C Root Server

    • Operator: Cogent Communications
    • Location(s): Multiple global locations.

  4. D Root Server

    • Operator: University of Maryland
    • Location(s): Multiple global locations.

  5. E Root Server

    • Operator: NASA Ames Research Center
    • Location(s): Multiple global locations.

  6. F Root Server

    • Operator: Internet Systems Consortium (ISC)
    • Location(s): Multiple global locations.

  7. G Root Server

    • Operator: U.S. Department of Defense (NIC)
    • Location(s): Multiple global locations.

  8. H Root Server

    • Operator: ARL (U.S. Army Research Laboratory)
    • Location(s): Multiple global locations.

  9. I Root Server

    • Operator: Netnod (Swedish Internet Foundation)
    • Location(s): Multiple global locations.

  10. J Root Server

    • Operator: Verisign, Inc.
    • Location(s): Multiple global locations.

  11. K Root Server

    • Operator: RIPE NCC (Network Coordination Centre)
    • Location(s): Multiple global locations.

  12. L Root Server

    • Operator: ICANN (Internet Corporation for Assigned Names and Numbers)
    • Location(s): Multiple global locations.

  13. M Root Server

    • Operator: WIDE Project (Japan)
    • Location(s): Multiple global locations.

Important Points about Root DNS Servers:

  1. Anycast Technology: Each of the 13 root DNS servers operates using Anycast, meaning that there are actually many instances of each root server spread out across the world in various locations. This helps ensure that DNS queries are handled quickly and reliably, even if some servers experience issues.

  2. Global Distribution: The servers are distributed globally, making them resilient to regional network failures or attacks. For example, root servers are present in North America, Europe, Asia, and other regions to reduce latency and increase reliability.

  3. Critical for DNS Resolution: The root DNS servers are at the top of the DNS hierarchy. When you type a domain name into your browser, your local DNS resolver often needs to query a root DNS server to find the appropriate Top-Level Domain (TLD) server. From there, the query moves downward to authoritative DNS servers that resolve the domain to its IP address.

  4. Security and Stability: These servers are managed by well-established organizations, and their operation is critical to the global Internet infrastructure. They are highly protected and monitored to ensure the stability and security of the DNS system.

  5. Expanding Capacity: The root DNS infrastructure is continuously evolving to handle more traffic as the Internet grows. Newer technologies like DNSSEC (DNS Security Extensions) are being integrated into root server operations to further enhance security.

How Root DNS Servers Work:

When you try to visit a website (e.g., www.example.com), the following steps typically occur:

  1. Local DNS Cache: First, your device checks if it has the domain’s IP address cached from a previous visit.
  2. Recursive Resolver: If the IP address is not cached, your request is sent to a recursive resolver (usually provided by your ISP or a public DNS service like Google DNS or Cloudflare).
  3. Root DNS Query: If the recursive resolver doesn’t know the IP address, it queries one of the 13 root DNS servers.
  4. Referral to TLD Server: The root DNS server responds with a referral to the appropriate TLD DNS server (e.g., for .com, .org, .net).
  5. Authoritative DNS Server: The TLD server then directs the query to the authoritative DNS server for example.com, which responds with the actual IP address.
  6. Return Response: Finally, the recursive resolver sends the IP address back to your device, which can then connect to the website.

Summary:

There are 13 root DNS servers worldwide, which are critical components of the DNS infrastructure. They help route queries to the correct top-level domain (TLD) servers, ensuring that domain names can be resolved into IP addresses. These servers are distributed across multiple locations using Anycast technology to improve performance, security, and redundancy.

World Public DNS Server Address

There are several public DNS servers provided by various organizations around the world that offer free, fast, and secure DNS resolution services. These DNS servers can be used as alternatives to the default DNS servers provided by your Internet Service Provider (ISP). Below is a list of popular public DNS server addresses provided by some well-known organizations, along with some details about their services:

1. Google Public DNS

Google provides one of the most widely used public DNS services, known for its speed and reliability.

  • IPv4 addresses:
    • Primary DNS: 8.8.8.8
    • Secondary DNS: 8.8.4.4
  • IPv6 addresses:
    • Primary DNS: 2001:4860:4860::8888
    • Secondary DNS: 2001:4860:4860::8844

Features:

  • No filtering or censorship.
  • Privacy-focused with no tracking of user queries.
  • Fast and reliable performance.

2. Cloudflare DNS

Cloudflare offers a privacy-focused DNS service that emphasizes security and speed, including support for DNS over HTTPS (DoH) and DNS over TLS (DoT).

  • IPv4 addresses:
    • Primary DNS: 1.1.1.1
    • Secondary DNS: 1.0.0.1
  • IPv6 addresses:
    • Primary DNS: 2606:4700:4700::1111
    • Secondary DNS: 2606:4700:4700::1001

Features:

  • Privacy-centric, with Cloudflare claiming not to log personal information.
  • Fast DNS resolution with low latency.
  • Supports DNS over HTTPS (DoH) and DNS over TLS (DoT) for enhanced security and privacy.

3. OpenDNS (by Cisco)

OpenDNS provides DNS services with added security features, such as phishing protection and content filtering.

  • IPv4 addresses:

    • Primary DNS: 208.67.222.222
    • Secondary DNS: 208.67.220.220

  • IPv6 addresses:

    • Primary DNS: 2620:119:35::35
    • Secondary DNS: 2620:119:53::53

Features:

  • Phishing protection and security filtering.
  • Customizable filtering options (through OpenDNS FamilyShield and OpenDNS Home).
  • DNS caching to speed up resolution.

4. Quad9 DNS

Quad9 is a security-focused DNS service that blocks access to known malicious websites by checking domain names against threat intelligence feeds.

  • IPv4 addresses:

    • Primary DNS: 9.9.9.9
    • Secondary DNS: 149.112.112.112

  • IPv6 addresses:

    • Primary DNS: 2620:fe::fe
    • Secondary DNS: 2620:fe::9

Features:

  • Focuses on security, blocking access to malicious websites and preventing phishing.
  • Uses threat intelligence from various cybersecurity partners to protect users.
  • Privacy-oriented with no tracking or logging of user queries.

5. Comodo Secure DNS

Comodo offers a free DNS service with a focus on security, blocking phishing sites, malware domains, and other malicious content.

  • IPv4 addresses:
    • Primary DNS: 8.26.56.26
    • Secondary DNS: 8.20.247.20

Features:

  • Security and malware protection, including blocking of phishing and malicious sites.
  • Faster browsing speeds due to optimized DNS infrastructure.
  • Privacy-focused with no user tracking.

6. CleanBrowsing

CleanBrowsing offers a family-friendly DNS service, with different filtering levels for content filtering. They focus on providing a safer browsing experience, especially for children.

  • IPv4 addresses:
    • Family Filter (Blocks adult content):
      • Primary DNS: 185.228.168.168
      • Secondary DNS: 185.228.169.169
    • Security Filter (Blocks phishing sites):
      • Primary DNS: 185.228.168.9
      • Secondary DNS: 185.228.169.9
    • Adult Filter (Blocks adult content and sites):
      • Primary DNS: 185.228.168.88
      • Secondary DNS: 185.228.169.88

Features:

  • Three filtering levels (family, security, adult).
  • Protects against adult content, malware, and phishing.
  • Easy setup for parents or educational institutions.

7. DNS.Watch

DNS.Watch is a German-based DNS provider that offers a privacy-focused, uncensored DNS service with no logging.

  • IPv4 addresses:
    • Primary DNS: 84.200.69.80
    • Secondary DNS: 84.200.70.40
  • IPv6 addresses:
    • Primary DNS: 2001:1608:10:25::1c04:4f5b
    • Secondary DNS: 2001:1608:10:25::9249:d69b

Features:

  • No tracking or logging of user queries.
  • Privacy-focused with an emphasis on freedom from censorship.
  • Simple and fast DNS resolution.

8. AdGuard DNS

AdGuard offers DNS services with a focus on blocking advertisements and malicious sites, which can improve privacy and browsing speed.

  • IPv4 addresses:

    • Primary DNS: 94.140.14.14
    • Secondary DNS: 94.140.15.15

  • IPv6 addresses:

    • Primary DNS: 2a10:50c0::ad1:ff
    • Secondary DNS: 2a10:50c0::ad2:ff

Features:

  • Blocks ads and trackers.
  • Protection against malicious websites.
  • Privacy-focused with minimal logging.

9. OpenNIC

OpenNIC is a user-owned, community-driven project that offers DNS services while emphasizing openness and freedom from censorship.

  • IPv4 addresses:

    • Primary DNS: 169.239.202.202
    • Secondary DNS: 185.121.177.177

  • IPv6 addresses:

    • Primary DNS: 2001:470:20::2
    • Secondary DNS: 2001:470:20::1

Features:

  • Open, uncensored DNS service.
  • Community-operated with a focus on user privacy.
  • Access to a wider range of TLDs not usually included in traditional DNS systems.

10. Yandex DNS (Russia)

Yandex provides DNS services with features focused on security, performance, and family-friendly filtering.

  • IPv4 addresses:

    • Primary DNS: 77.88.8.8
    • Secondary DNS: 77.88.8.1

  • IPv6 addresses:

    • Primary DNS: 2a02:6b8::feed:0ff
    • Secondary DNS: 2a02:6b8::feed:0fe

Features:

  • Security features, including protection from malicious sites.
  • Family protection mode (filters adult content).
  • Low-latency and high-speed resolution.

11. DNS Advantage

DNS Advantage is a free public DNS service by a company called Dyn (now part of Oracle). It aims to provide a faster and more reliable DNS service.

  • IPv4 addresses:

    • Primary DNS: 156.154.70.1
    • Secondary DNS: 156.154.71.1

  • IPv6 addresses:

    • Primary DNS: 2001:470:20::2
    • Secondary DNS: 2001:470:20::3

Features:

  • Focus on performance and reliability.
  • Supports DNS resolution for a wide range of domain extensions.

Summary of Popular DNS Server Addresses

ProviderIPv4 Primary DNSIPv4 Secondary DNSIPv6 Primary DNSIPv6 Secondary DNS
Google8.8.8.88.8.4.42001:4860:4860::88882001:4860:4860::8844
Cloudflare1.1.1.11.0.0.12606:4700:4700::11112606:4700:4700::1001
OpenDNS208.67.222.222208.67.220.2202620:119:35::352620:119:53::53
Quad99.9.9.9149.112.112.1122620:fe::fe2620:fe::9
Comodo8.26.56.26`8.20 Â