ClassicConnect ClassicConnect
"640k ought to be enough for everybody."
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

DNS Resolver Thread

 
Post new topic   Reply to topic    ClassicConnect Forum Index -> Networking
View previous topic :: View next topic  
Author Message
LyraNovaHeart
Gorts


Joined: 15 Apr 2025
Age: 27
Posts: 48
Location: Los Angeles, California
PostPosted: Wed Jul 30, 2025 7:43 am    Post subject: DNS Resolver Thread Reply with quote
Hey there! Did you know your ISPs DNS can be fucking awful? Well now you do!

Quick Info on what DNS does: DNS or Domain Name System is a system that resolves IP addresses to their respective domain names, kind of like a digital phonebook. An example is if a DNS resolver is set up correctly, 150.136.244.63 will point to classicconnect.net.

Obviously the point of this thread is to talk about DNS resolvers you can use, and there are a few types.

DNS over HTTPS: Implementation of DNS using HTTPS, this is considered secure DNS as this encrypts your query when sent, to a network this just looks like HTTPS traffic, and this also prevents networks from seeing your requests. May also have a side effect of unblocking pages blocked by unencrypted/insecure DNS. DoH is also resistant to tampering with requests.

DNS over TLS: Similar to DoH, DoT is also considered secure DNS, as it also encrypts your requests. The difference however is that DoT uses TLS to send your queries, and runs on a standard port of 853, leaving it susceptible to being blocked.

Clear/Plaintext DNS: The original DNS implementation, runs over port 53 and does not encrypt your traffic. You should try not to use unencrypted DNS unless you can't use DoH or DoT.

Last notes: when using Adblock DNS, some sites may be erroneously blocked. This sadly is an issue that can only be solved by either using a non adblocking DNS or turrning off DoH/DoT in general.

Anyways, onto the list of resolvers you can use:

- 1. LibreDNS/radicalDNS

DoH: https://doh.libredns.gr/dns-query, https://doh.libredns.gr/noads (Adblocking)
DoT: dot.libredns.gr, noads.libredns.gr (Adblocking)
Plain (radicalDNS): 88.198.92.222, 192.71.166.92, 2a01:4f8:1c0c:82c0::1, 2a03:f80:30:192:71:166:92:1
Privacy Perserving: Yes
Jurisdiction: Germany

- 2. Mullvad DNS

DoH: https://dns.mullvad.net/dns-query (No Blocks), https://adblock.dns.mullvad.net/dns-query (Blocks Ads and Trackers), https://base.dns.mullvad.net/dns-query (Blocks Ads, Trackers and Malware), https://extended.dns.mullvad.net/dns-query (Blocks Ads, Trackers, Malware and Social Media), https://family.dns.mullvad.net/dns-query (Blocks Ads, Trackers, Malware, Adult Content, and Gambling), https://all.dns.mullvad.net/dns-query (Blocks everything mentioned)
DoT: dns.mullvad.net (No Blocks), adblock.dns.mullvad.net (Blocks Ads and Trackers), base.dns.mullvad.net (Blocks Ads, Trackers and Malware), extended.dns.mullvad.net (Blocks Ads, Trackers, Malware and Social Media), family.dns.mullvad.net (Blocks Ads, Trackers, Malware, Adult Content, and Gambling), all.dns.mullvad.net (Blocks everything mentioned)
Plain: No
Privacy Perserving: Yes
Jurisdiction: Sweden (HQ), all over the world via Anycast

- 3. Adguard DNS

DoH: https://dns.adguard-dns.com/dns-query, https://unfiltered.adguard-dns.com/dns-query (Doesn't filter anything), https://family.adguard-dns.com/dns-query (Family)
DoT: dns.adguard-dns.com, unfiltered.adguard-dns.com, family.adguard-dns.com
Plain: 94.140.14.14, 94.140.14.140 (No filtering), 94.140.14.15 (Family)
Privacy Perserving: Unknown
Jurisdiction: Cypress

- 4. UncensoredDNS

DoH: https://anycast.uncensoreddns.org/dns-query, https://unicast.uncensoreddns.org/dns-query
DoT: anycast.uncensoreddns.org, unicast.uncensoreddns.org
Plain: 91.239.100.100 (Anycast), 89.233.43.71 (Unicast)
Privacy Perserving: Yes
Jurisdiction: Denmark, Multiple Countries (Anycast)

- 5. ControlD

DoH: https://freedns.controld.com/p0 (Unfiltered), https://freedns.controld.com/p2 (Blocks Ads, Tracking and Malware), https://freedns.controld.com/p3 (Blocks Ads, Tracking, Malware and Social Media), https://freedns.controld.com/family (Blocks Ads, Tracking, Malware, Adult Content, Drugs), https://freedns.controld.com/uncensored (Uncensored)
DoT: p0.freedns.controld.com (Unfiltered), p2.freedns.controld.com (Ads, Trackers, and Malware), p3.freedns.controld.com (Ads, Tracking, Malware, and Social Media), family.freedns.controld.com (Ads, Trackers, Malware, Adult Content, Drugs), uncensored.freedns.controld.com (Uncensored)
Plain: 76.76.2.0:76.76.10.10 (Unfiltered), 76.76.2.2:76.76.10.2 (Ads, Tracking, and Malware), 76.76.2.3:76.76.10.3 (Ads, Tracking, Malware, Social Media), 76.76.2.4:76.76.10.4 (Family), 76.76.2.5:76.76.10.5 (Uncensored)
Privacy Perserving: Yes
Jurisdiction: Unknown

These are recommended DNS resolvers to use, there are some below this but these aren't recommended, just an option if needed.

Non Recommended:

- 1. Google Public DNS

DoH: https://dns.google/dns-query
DoT: dns.google
Plain: 8.8.8.8, 8.8.4.4
Reason for not being recommended: Privacy Invasive
Jurisdiction: United States (California)

- 2. Cisco OpenDNS

DoH: https://doh.opendns.com/dns-query, https://doh.familyshield.opendns.com/dns-query (Family), https://doh.sandbox.opendns.com/dns-query (Sandbox)
DoT: dns.opendns.com, familyshield.opendns.com (Family), sandbox.opendns.com (Sandbox)
Plain: 208.67.222.222:208.67.220.220, 208.67.222.123:208.67.220.123 (Family), 208.67.220.2:208.67.222.2 (Sandbox)
Reason for not being recommended: Privacy status is unknown.
Jurisdiction: United States (California)

- 3. Quad9

DoH: https://dns.quad9.net/dns-query, https://dns11.quad9.net/dns-query (ECS), https://dns10.quad9.net/dns-query (Unsecured)
DoT: dns.quad9.net, dns11.quad9.net (ECS), dns10.quad9.net (Unsecured)
Plain: 9.9.9.9:149.112.112.112, 9.9.9.11:149.112.112.11 (ECS), 9.9.9.10:149.112.112.10 (Unsecured)
Reason for not being recommended: Privacy hostile jurisdiction.
Jurisdiction: Switzerland

- 4. Cloudflare

DoH: https://cloudflare-dns.com/dns-query, https://family.cloudflare-dns.com/dns-query (Family)
DoT: cloudflare-dns.com, family.cloudflare-dns.com (Family)
Plain: 1.1.1.1:1.0.0.1, 1.1.1.3:1.0.0.3 (Family)
Reason for not being recommended: Dubious privacy policy
Jurisdiction: United States (California)

If there's any recommendations to add that I've missed, link them in a reply.
_________________
I'm one day closer to being who I wanna be~
Back to top
View user's profile Send private message Visit poster's website
ParzivalWolfram
New Member


Joined: 19 Jul 2025
Age: 25
Posts: 6
Location: Missouri, USA
PostPosted: Thu Sep 25, 2025 7:39 am    Post subject: Reply with quote
I should probably point out for those using this as a guide: if you are in an adverse or hostile computing environment with DNS poisoning, DoH/DoT/DoQ/etc will not save you, as these have to be resolved with normal unencrypted DNS queries to resolve the URLs.


Lyra, you may wish to add DNS-over-QUIC (RFC9250) to your explanations, it's currently out of draft status but still proposed. Cloudflare also supports DNS-over-Tor, which is standard DoH through a hidden service. If we're including shitposts and CNC techniques, there's also DNS-over-ping (the Linux tool, not ICMP) and DNS-over-ICMP (actual ICMP this time) respectively. There's even DNS-over-gRPC, if you're into CoreDNS shenanigans.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ClassicConnect Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartDark Style by Smartor
Powered by phpBB 2.0.25 CC Mod © 2001, 2002 phpBB Group
 
Page generation time: 0.0128s (PHP: 91% - SQL: 9%) - SQL queries: 11 - GZIP enabled - Debug on