公共域名解析服务
公共递归名称服务(也称为公共DNS解析)是一种名称服务器服务,用于替换或补充本地互联网服务供应商(ISP)的提供的域名系统(DNS)。
使用公共DNS可能包括以下原因:
- 与使用ISP的DNS服务相比,速度更快[1]
- 过滤(安全、广告拦截、成人内容等)[2]
- 统计[3]
- 避开审查制度[4]
- 冗余 (智能缓存)[5]
- 访问官方DNS根中没有的非官方顶级域名
- ISP的DNS服务暂时无法使用
个别公共DNS服务运营商将保护隐私作为其服务的一个优势;有批评者认为,使用这些服务公共DNS潜在大规模数据收集的风险。
公共DNS解析由商业公司运营向公众免费提供服务,或者由私人爱好者运营用于传播新技术和支持非营利社区。个别服务商开始提供安全DNS查询传输服务,如DNS over HTTPS(DoH)和DNS over TLS(DoT)。
知名的公共DNS服务运营商
运营商 | 节点数 | 隐私权政策 | DNS over UDP/TCP | DNSSEC | DNS over TLS | DNS over HTTPS | DNS over QUIC | EDNS Padding | 主機名稱 | IPv4地址 | IPv6地址 | 过滤 | 备注 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AdGuard | 12[6] | 是[7] | 是 | 是[8] | 是 | 是[9] | 是[10] | 否 | dns.adguard.com | 94.140.14.14 94.140.15.15 |
2a10:50c0::ad1:ff 2a10:50c0::ad2:ff |
Default[11] | 以隐私为导向的免费DNS解析系统,可阻止跟踪、广告和网络钓鱼。[12] |
dns-family.adguard.com (過時) | 94.140.14.15 94.140.15.16 |
2a10:50c0::bad1:ff 2a10:50c0::bad2:ff |
Family[11] | ||||||||||
dns-unfiltered.adguard.com | 94.140.14.140 94.140.14.141 |
2a10:50c0::1:ff 2a10:50c0::2:ff |
无[11] | ||||||||||
CleanBrowsing | 20 | 是[13] | 是 | 是 | 是[14] | 是[15] | 是[16] | 是 | family-filter-dns.cleanbrowsing.org | 185.228.168.168 185.228.169.168 |
2a0d:2a00:1:: 2a0d:2a00:2:: |
Family | 设计用于13岁以下儿童的设备 |
adult-filter-dns.cleanbrowsing.org | 185.228.168.10 185.228.169.11 |
2a0d:2a00:1::1 2a0d:2a00:2::1 |
Adult | ||||||||||
security-filter-dns.cleanbrowsing.org | 185.228.168.9 185.228.169.9 |
2a0d:2a00:1::2 2a0d:2a00:2::2 |
Security | ||||||||||
Cloudflare | 200[17] | 是[18] | 是 | 是[19] | 是[20] | 是[21] | 否 | 是 | one.one.one.one[22] 1dot1dot1dot1.cloudflare-dns.com |
1.1.1.1 1.0.0.1 |
2606:4700:4700::1111 2606:4700:4700::1001 |
无 | |
dns64.cloudflare-dns.com | — | 2606:4700:4700::64 2606:4700:4700::6400 |
无 | 用于仅有IPv6的网络[23]详情请看IPv6过渡机制 | |||||||||
security.cloudflare-dns.com | 1.1.1.2 1.0.0.2 |
2606:4700:4700::1112 2606:4700:4700::1002 |
Malware, Phishing | ||||||||||
family.cloudflare-dns.com | 1.1.1.3 1.0.0.3 |
2606:4700:4700::1113 2606:4700:4700::1003 |
Malware, Phishing, Adult content |
||||||||||
Dyn | 是[24] | 是 | 是 | 否 | 否 | 否 | 否 | resolver1.dyndnsinternetguide.com resolver2.dyndnsinternetguide.com |
216.146.35.35 216.146.36.36 |
— | 于2022年5月31日关闭 | ||
23[25] | 是[26] | 是 | 是 | 是 | 是[27] | 否 | 是 | dns.google[28] google-public-dns-a.google.com google-public-dns-b.google.com |
8.8.8.8 8.8.4.4 |
2001:4860:4860::8888 2001:4860:4860::8844 |
无 | ||
dns64.dns.google | — | 2001:4860:4860::6464 2001:4860:4860::64 |
无 | 在NAT64网关中使用[29] | |||||||||
Neustar | 是[30] | 是 | 是 | 否 | 否 | 否 | 否 | 64.6.64.6
64.6.65.6 156.154.70.1 |
2620:74:1b::1:1
2620:74:1c::2:2 2610:a1:1018::1 |
无 | Verisign于2020年12月3日将其公共DNS(以64.和2620:开头的IP)转让给Neustar[31] | ||
156.154.70.2 156.154.71.2 |
2610:a1:1018::2 2610:a1:1019::2 |
Malware, ransomware, spyware, phishing | |||||||||||
156.154.70.3 156.154.71.3 |
2610:a1:1018::3 2610:a1:1019::3 |
Low security + gambling, pornography, violence, hate | |||||||||||
156.154.70.4 156.154.71.4 |
2610:a1:1018::4 2610:a1:1019::4 |
Medium security + gaming, adult, drugs, alcohol, anonymous proxies | |||||||||||
156.154.70.5 156.154.71.5 |
2610:a1:1018::5 2610:a1:1019::5 |
无 | 不会将不存在的域名重定向到别的页面 | ||||||||||
Cisco Umbrella (OpenDNS) | 31[32] | 是[33] | 是 | 是[34] | 是 | 是[35] | 是[36] | 是 | dns.opendns.com dns.umbrella.com[37] |
208.67.222.222 208.67.220.220 |
2620:119:35::35 2620:119:53::53 |
Basic Security filtering + user defined policies | |
familyshield.opendns.com | 208.67.222.123 208.67.220.123 |
2620:119:35::123 2620:119:53::123 |
"FamilyShield": adult content | ||||||||||
sandbox.opendns.com | 208.67.222.2 208.67.220.2 |
2620:0:ccc::2 2620:0:ccd::2 |
无 | 沙盒地址不提供任何过滤功能 | |||||||||
OpenNIC | 是[38] | 是 | 是 | 部份[39] | 部份[39] | 部份[40] | 否 | Several [41] | 185.121.177.177 169.239.202.202 |
2a05:dfc7:5::53 2a05:dfc7:5::5353 |
OpenNIC Tier 2 DNS Resolvers (页面存档备份,存于互联网档案馆)列表 | ||
Quad9 | 149[42] | 是[43] | 是 | 是[44] | 是[45] | 是[46] | 是[47] | 否 | dns.quad9.net rpz-public-resolver1.rrdns.pch.net |
9.9.9.9 149.112.112.112 |
2620:fe::fe 2620:fe::9 |
Malicious domains (phishing, malware, exploit kit domains) | |
否[48] | dns-nosec.quad9.net | 9.9.9.10 149.112.112.10 |
2620:fe::10 2620:fe::fe:10 |
无 | |||||||||
Yandex | 是[49] | 是 | 否 | 是 | 是 | 否 | 是 | common.dot.dns.yandex.net | 77.88.8.1 77.88.8.8 |
2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff |
无 | ||
safe.dot.dns.yandex.net | 77.88.8.2 77.88.8.88 |
2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad |
"Safe": fraudulent / infected / bot sites | ||||||||||
family.dot.dns.yandex.net | 77.88.8.3 77.88.8.7 |
2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11 |
"Family": fraudulent / infected / bot / adult sites |
知名的中國大陸公共DNS服务运营商
运营商 | 节点数 | 隐私权政策 | DNS over UDP/TCP | DNSSEC | DNS over TLS | DNS over HTTPS | DNS over QUIC | EDNS Padding | 主機名稱 | IPv4地址 | IPv6地址 | 过滤 | 备注 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
阿里DNS | 是 | 是 | 是 | 是 | 是 | 是 | 否 | alidns.com | 223.5.5.5 223.6.6.6 |
2400:3200::1 2400:3200:baba::1 |
|||
騰訊DNS | 是 | 是 | 是 | 是 | 是 | 是 | 否 | dns.pub | 119.29.29.29 | 2402:4e00:: | |||
114 DNS | 是 | 是 | 否 | 否 | 否 | 否 | 否 | 114dns.com | 114.114.114.114 114.114.115.115 |
参考文献
- ^ How to Change Your Default DNS to Google DNS for Fast Internet Speeds. TechWorm. 2016-08-20 [2016-10-22]. (原始内容存档于2021-09-16) (美国英语).
- ^ A simple way to get around Rogers' DNS re-directing. IT Business. [2016-10-22]. (原始内容存档于2021-09-16).
- ^ OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella. mspmentor.net. [2016-10-22]. (原始内容存档于2016-10-22).
- ^ Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak. TorrentFreak. 2015-12-03 [2016-10-22]. (原始内容存档于2021-09-16) (美国英语).
- ^ Security; Iana. DNS devastation: Top websites whacked offline as Dyn dies again. The Register. [2016-10-22]. (原始内容存档于2016-10-22).
- ^ AdGuard DNS servers map. [2021-05-29]. (原始内容存档于2017-01-06).
- ^ AdGuard DNS Privacy Notice. [2021-05-29]. (原始内容存档于2021-09-16).
- ^ AdGuard DNS FAQ: What is DNSSEC?. [2021-05-29]. (原始内容存档于2017-01-06).
- ^ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS. [2021-05-29]. (原始内容存档于2021-09-16).
- ^ Adguard DNS now supports DNSCrypt. [2021-05-29]. (原始内容存档于2021-09-16).
- ^ 11.0 11.1 11.2 AdGuard DNS Setup guide. [2021-05-29]. (原始内容存档于2017-01-06).
- ^ AdGuard DNS FAQ: What is AdGuard DNS?. adguard.com. [2019-08-12]. (原始内容存档于2017-01-06) (英语).
- ^ NOC.org / dcid. CleanBrowsing Privacy and Terms of Service. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-08-06).
- ^ Parental Control with DNS over TLS Support. [2019-06-03]. (原始内容存档于2018-05-16).
- ^ NOC.org / dcid. Parental Control with DNS Over HTTPS (DoH) Support. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-03-28).
- ^ NOC.org / dcid. Parental Control with DNSCrypt Support. Cleanbrowsing.org. [2019-01-04]. (原始内容存档于2018-02-21).
- ^ Cloudflare: Our Anycast Network Map. [2019-06-03]. (原始内容存档于2020-12-16).
- ^ Privacy Policy. Cloudflare. [2019-01-04]. (原始内容存档于2018-05-14).
- ^ The Nitty Gritty - Cloudflare Resolver. [2019-06-03]. (原始内容存档于2018-04-02).
- ^ Cloudflare Inc. DNS over TLS - Cloudflare Resolver. Developers.cloudflare.com. 2018-03-31 [2019-01-04]. (原始内容存档于2018-04-02).
- ^ Cloudflare Inc. DNS over HTTPS - Cloudflare Resolver. Developers.cloudflare.com. [2019-01-04]. (原始内容存档于2018-04-01).
- ^ Test DNS owner one.one.one.one. 2018-08-21 [2019-06-03]. (原始内容存档于2019-01-21).
- ^ Supporting IPv6-only Networks. [2019-06-03]. (原始内容存档于2020-12-09).
- ^ Oracle's Privacy Policy. dyn.com. [2018-12-31]. (原始内容存档于2011-09-14) (美国英语).
- ^ Google Public DNS: Where are your servers currently located?. [2019-06-03]. (原始内容存档于2013-01-15).
- ^ Google Public DNS: Your Privacy. [2019-06-03]. (原始内容存档于2021-09-16).
- ^ Google Public DNS: DNS-over-HTTPS. [2019-06-03]. (原始内容存档于2018-03-20).
- ^ Get Started | Public DNS. [2019-06-03]. (原始内容存档于2012-04-17).
- ^ Google Public DNS64. [2019-06-03]. (原始内容存档于2020-12-06).
- ^ Privacy Policy | Neustar. home.neustar. [2019-06-03]. (原始内容存档于2018-06-25) (英语).
- ^ Verisign Public DNS Offers DNS Stability And Security – Verisign. www.verisign.com. [2020-12-05]. (原始内容存档于2021-03-31) (美国英语).
- ^ OpenDNS: Data Center Locations. [2019-06-03]. (原始内容存档于2020-11-05).
- ^ Cisco Online Privacy Statement. [2019-06-03]. (原始内容存档于2021-09-16).
- ^ DNSSEC General Availability - OpenDNS. [2021-05-29]. (原始内容存档于2021-09-16).
- ^ Cisco Umbrella Enhances Support of DNS Over HTTPS - Cisco Umbrella. [2022-11-16]. (原始内容存档于2022-12-13).
- ^ OpenDNS and DNSCrypt. [2021-05-29]. (原始内容存档于2021-09-16).
- ^ Cisco Umbrella Enhances Support of DNS Encryption with DNS Over HTTPS
- ^ OpenNIC: Privacy Policy. [2019-06-03]. (原始内容存档于2021-09-16).
- ^ 39.0 39.1 OpenNIC Public Servers. [2019-06-03]. (原始内容存档于2021-09-16).
- ^ OpenNIC: DNSCrypt. [2019-06-03]. (原始内容存档于2020-07-11).
- ^ OpenNIC Tier 2 DNS Resolvers. [2019-06-03]. (原始内容存档于2021-09-16).
- ^ Quad9 Locations. [2021-05-29]. (原始内容存档于2021-01-23).
- ^ Quad9: Privacy, Data Collection and Use Policy. [2019-06-03]. (原始内容存档于2020-04-07).
- ^ Quad9 FAQ: Does Quad9 implement DNSSEC?. [2019-06-03]. (原始内容存档于2019-05-04).
- ^ Quad9 Frequently Asked Questions. [2019-06-03]. (原始内容存档于2019-05-04).
- ^ DoH with Quad9 DNS Servers. [2019-06-03]. (原始内容存档于2020-07-15).
- ^ Quad9 DNSCrypt Now In Testing. [2019-06-03]. (原始内容存档于2019-12-28).
- ^ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?. [2019-06-03]. (原始内容存档于2019-05-04).
- ^ Terms of use of the Yandex.DNS service. [2019-06-03]. (原始内容存档于2020-05-15).