公共域名解析服务

公共递归名称服务(也称为公共DNS解析)是一种名称服务器服务,用于替换或补充本地互联网服务供应商(ISP)的提供的域名系统(DNS)。

使用公共DNS可能包括以下原因:

  • 与使用ISP的DNS服务相比,速度更快[1]
  • 过滤(安全、广告拦截、成人内容等)[2]
  • 统计[3]
  • 避开审查制度[4]
  • 冗余 (智能缓存)[5]
  • 访问官方DNS根中没有的非官方顶级域名
  • ISP的DNS服务暂时无法使用

个别公共DNS服务运营商将保护隐私作为其服务的一个优势;有批评者认为,使用这些服务公共DNS潜在大规模数据收集的风险。

公共DNS解析由商业公司运营向公众免费提供服务,或者由私人爱好者运营用于传播新技术和支持非营利社区。个别服务商开始提供安全DNS查询传输服务,如DNS over HTTPS(DoH)和DNS over TLS(DoT)。

知名的公共DNS服务运营商

运营商 节点数 隐私权政策 DNS over UDP/TCP DNSSEC DNS over TLS DNS over HTTPS DNS over QUIC EDNS Padding 主機名稱 IPv4地址 IPv6地址 过滤 备注
AdGuard 12[6] [7] [8] [9] [10] dns.adguard.com 94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
Default[11] 以隐私为导向的免费DNS解析系统,可阻止跟踪、广告和网络钓鱼。[12]
dns-family.adguard.com (過時) 94.140.14.15
94.140.15.16
2a10:50c0::bad1:ff
2a10:50c0::bad2:ff
Family[11]
dns-unfiltered.adguard.com 94.140.14.140
94.140.14.141
2a10:50c0::1:ff
2a10:50c0::2:ff
[11]
CleanBrowsing英语CleanBrowsing 20 [13] [14] [15] [16] family-filter-dns.cleanbrowsing.org 185.228.168.168
185.228.169.168
2a0d:2a00:1::
2a0d:2a00:2::
Family 设计用于13岁以下儿童的设备
adult-filter-dns.cleanbrowsing.org 185.228.168.10
185.228.169.11
2a0d:2a00:1::1
2a0d:2a00:2::1
Adult
security-filter-dns.cleanbrowsing.org 185.228.168.9
185.228.169.9
2a0d:2a00:1::2
2a0d:2a00:2::2
Security
Cloudflare 200[17] [18] [19] [20] [21] one.one.one.one[22]
1dot1dot1dot1.cloudflare-dns.com
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
dns64.cloudflare-dns.com 2606:4700:4700::64
2606:4700:4700::6400
用于仅有IPv6的网络[23]详情请看IPv6过渡机制
security.cloudflare-dns.com 1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002
Malware, Phishing
family.cloudflare-dns.com 1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
Malware, Phishing,
Adult content
Dyn英语Dyn (company) [24] resolver1.dyndnsinternetguide.com
resolver2.dyndnsinternetguide.com
216.146.35.35
216.146.36.36
于2022年5月31日关闭
Google 23[25] [26] [27] dns.google[28]
google-public-dns-a.google.com
google-public-dns-b.google.com
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
dns64.dns.google 2001:4860:4860::6464
2001:4860:4860::64
在NAT64网关中使用[29]
Neustar英语Neustar [30] 64.6.64.6

64.6.65.6

156.154.70.1
156.154.71.1

2620:74:1b::1:1

2620:74:1c::2:2

2610:a1:1018::1
2610:a1:1019::1

Verisign于2020年12月3日将其公共DNS(以64.和2620:开头的IP)转让给Neustar[31]
156.154.70.2
156.154.71.2
2610:a1:1018::2
2610:a1:1019::2
Malware, ransomware, spyware, phishing
156.154.70.3
156.154.71.3
2610:a1:1018::3
2610:a1:1019::3
Low security + gambling, pornography, violence, hate
156.154.70.4
156.154.71.4
2610:a1:1018::4
2610:a1:1019::4
Medium security + gaming, adult, drugs, alcohol, anonymous proxies
156.154.70.5
156.154.71.5
2610:a1:1018::5
2610:a1:1019::5
不会将不存在的域名重定向到别的页面
Cisco Umbrella (OpenDNS) 31[32] [33] [34] [35] [36] dns.opendns.com
dns.umbrella.com[37]
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Basic Security filtering + user defined policies
familyshield.opendns.com 208.67.222.123
208.67.220.123
2620:119:35::123
2620:119:53::123
"FamilyShield": adult content
sandbox.opendns.com 208.67.222.2
208.67.220.2
2620:0:ccc::2
2620:0:ccd::2
沙盒地址不提供任何过滤功能
OpenNIC [38] 部份[39] 部份[39] 部份[40] Several [41] 185.121.177.177
169.239.202.202
2a05:dfc7:5::53
2a05:dfc7:5::5353
OpenNIC Tier 2 DNS Resolvers页面存档备份,存于互联网档案馆)列表
Quad9英语Quad9 149[42] [43] [44] [45] [46] [47] dns.quad9.net
rpz-public-resolver1.rrdns.pch.net
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
Malicious domains (phishing, malware, exploit kit domains)
[48] dns-nosec.quad9.net 9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
Yandex [49] common.dot.dns.yandex.net 77.88.8.1
77.88.8.8
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff
safe.dot.dns.yandex.net 77.88.8.2
77.88.8.88
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad
"Safe": fraudulent / infected / bot sites
family.dot.dns.yandex.net 77.88.8.3
77.88.8.7
2a02:6b8::feed:a11
2a02:6b8:0:1::feed:a11
"Family": fraudulent / infected / bot / adult sites

知名的中國大陸公共DNS服务运营商

运营商 节点数 隐私权政策 DNS over UDP/TCP DNSSEC DNS over TLS DNS over HTTPS DNS over QUIC EDNS Padding 主機名稱 IPv4地址 IPv6地址 过滤 备注
阿里DNS alidns.com 223.5.5.5
223.6.6.6
2400:3200::1
2400:3200:baba::1
騰訊DNS dns.pub 119.29.29.29 2402:4e00::
114 DNS 114dns.com 114.114.114.114
114.114.115.115

参考文献

  1. ^ How to Change Your Default DNS to Google DNS for Fast Internet Speeds. TechWorm. 2016-08-20 [2016-10-22]. (原始内容存档于2021-09-16) (美国英语). 
  2. ^ A simple way to get around Rogers' DNS re-directing. IT Business. [2016-10-22]. (原始内容存档于2021-09-16). 
  3. ^ OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella. mspmentor.net. [2016-10-22]. (原始内容存档于2016-10-22). 
  4. ^ Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak. TorrentFreak. 2015-12-03 [2016-10-22]. (原始内容存档于2021-09-16) (美国英语). 
  5. ^ Security; Iana. DNS devastation: Top websites whacked offline as Dyn dies again. The Register. [2016-10-22]. (原始内容存档于2016-10-22). 
  6. ^ AdGuard DNS servers map. [2021-05-29]. (原始内容存档于2017-01-06). 
  7. ^ AdGuard DNS Privacy Notice. [2021-05-29]. (原始内容存档于2021-09-16). 
  8. ^ AdGuard DNS FAQ: What is DNSSEC?. [2021-05-29]. (原始内容存档于2017-01-06). 
  9. ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS. [2021-05-29]. (原始内容存档于2021-09-16). 
  10. ^ Adguard DNS now supports DNSCrypt. [2021-05-29]. (原始内容存档于2021-09-16). 
  11. ^ 11.0 11.1 11.2 AdGuard DNS Setup guide. [2021-05-29]. (原始内容存档于2017-01-06). 
  12. ^ AdGuard DNS FAQ: What is AdGuard DNS?. adguard.com. [2019-08-12]. (原始内容存档于2017-01-06) (英语). 
  13. ^ NOC.org / dcid. CleanBrowsing Privacy and Terms of Service. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-08-06). 
  14. ^ Parental Control with DNS over TLS Support. [2019-06-03]. (原始内容存档于2018-05-16). 
  15. ^ NOC.org / dcid. Parental Control with DNS Over HTTPS (DoH) Support. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-03-28). 
  16. ^ NOC.org / dcid. Parental Control with DNSCrypt Support. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-02-21). 
  17. ^ Cloudflare: Our Anycast Network Map. [2019-06-03]. (原始内容存档于2020-12-16). 
  18. ^ Privacy Policy. Cloudflare. [2019-01-04]. (原始内容存档于2018-05-14). 
  19. ^ The Nitty Gritty - Cloudflare Resolver. [2019-06-03]. (原始内容存档于2018-04-02). 
  20. ^ Cloudflare Inc. DNS over TLS - Cloudflare Resolver. Developers.cloudflare.com. 2018-03-31 [2019-01-04]. (原始内容存档于2018-04-02). 
  21. ^ Cloudflare Inc. DNS over HTTPS - Cloudflare Resolver. Developers.cloudflare.com. [2019-01-04]. (原始内容存档于2018-04-01). 
  22. ^ Test DNS owner one.one.one.one. 2018-08-21 [2019-06-03]. (原始内容存档于2019-01-21). 
  23. ^ Supporting IPv6-only Networks. [2019-06-03]. (原始内容存档于2020-12-09). 
  24. ^ Oracle's Privacy Policy. dyn.com. [2018-12-31]. (原始内容存档于2011-09-14) (美国英语). 
  25. ^ Google Public DNS: Where are your servers currently located?. [2019-06-03]. (原始内容存档于2013-01-15). 
  26. ^ Google Public DNS: Your Privacy. [2019-06-03]. (原始内容存档于2021-09-16). 
  27. ^ Google Public DNS: DNS-over-HTTPS. [2019-06-03]. (原始内容存档于2018-03-20). 
  28. ^ Get Started | Public DNS. [2019-06-03]. (原始内容存档于2012-04-17). 
  29. ^ Google Public DNS64. [2019-06-03]. (原始内容存档于2020-12-06). 
  30. ^ Privacy Policy | Neustar. home.neustar. [2019-06-03]. (原始内容存档于2018-06-25) (英语). 
  31. ^ Verisign Public DNS Offers DNS Stability And Security – Verisign. www.verisign.com. [2020-12-05]. (原始内容存档于2021-03-31) (美国英语). 
  32. ^ OpenDNS: Data Center Locations. [2019-06-03]. (原始内容存档于2020-11-05). 
  33. ^ Cisco Online Privacy Statement. [2019-06-03]. (原始内容存档于2021-09-16). 
  34. ^ DNSSEC General Availability - OpenDNS. [2021-05-29]. (原始内容存档于2021-09-16). 
  35. ^ Cisco Umbrella Enhances Support of DNS Over HTTPS - Cisco Umbrella. [2022-11-16]. (原始内容存档于2022-12-13). 
  36. ^ OpenDNS and DNSCrypt. [2021-05-29]. (原始内容存档于2021-09-16). 
  37. ^ Cisco Umbrella Enhances Support of DNS Encryption with DNS Over HTTPS
  38. ^ OpenNIC: Privacy Policy. [2019-06-03]. (原始内容存档于2021-09-16). 
  39. ^ 39.0 39.1 OpenNIC Public Servers. [2019-06-03]. (原始内容存档于2021-09-16). 
  40. ^ OpenNIC: DNSCrypt. [2019-06-03]. (原始内容存档于2020-07-11). 
  41. ^ OpenNIC Tier 2 DNS Resolvers. [2019-06-03]. (原始内容存档于2021-09-16). 
  42. ^ Quad9 Locations. [2021-05-29]. (原始内容存档于2021-01-23). 
  43. ^ Quad9: Privacy, Data Collection and Use Policy. [2019-06-03]. (原始内容存档于2020-04-07). 
  44. ^ Quad9 FAQ: Does Quad9 implement DNSSEC?. [2019-06-03]. (原始内容存档于2019-05-04). 
  45. ^ Quad9 Frequently Asked Questions. [2019-06-03]. (原始内容存档于2019-05-04). 
  46. ^ DoH with Quad9 DNS Servers. [2019-06-03]. (原始内容存档于2020-07-15). 
  47. ^ Quad9 DNSCrypt Now In Testing. [2019-06-03]. (原始内容存档于2019-12-28). 
  48. ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?. [2019-06-03]. (原始内容存档于2019-05-04). 
  49. ^ Terms of use of the Yandex.DNS service. [2019-06-03]. (原始内容存档于2020-05-15).