公共递归名称服务(也称为公共DNS解析)是一种名称服务器服务,用于替换或补充本地互联网服务供应商(ISP)的提供的域名系统(DNS)。
使用公共DNS可能包括以下原因:
- 与使用ISP的DNS服务相比,速度更快[1]
- 过滤(安全、广告拦截、成人内容等)[2]
- 统计[3]
- 避开审查制度[4]
- 冗余 (智能缓存)[5]
- 访问官方DNS根中没有的非官方顶级域名
- ISP的DNS服务暂时无法使用
个别公共DNS服务运营商将保护隐私作为其服务的一个优势;有批评者认为,使用这些服务公共DNS潜在大规模数据收集的风险。
公共DNS解析由商业公司运营向公众免费提供服务,或者由私人爱好者运营用于传播新技术和支持非营利社区。个别服务商开始提供安全DNS查询传输服务,如DNS over HTTPS(DoH)和DNS over TLS(DoT)。
知名的公共DNS服务运营商
运营商 | 节点数 | 隐私权政策 | DNS over UDP | DNSSEC | DNS over TLS | DNS over HTTPS | DNSCrypt | 主机名称 | IPv4地址 | IPv6地址 | 过滤 | 备注 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
AdGuard | 12[6] | 是[7] | 是 | 是[8] | 是 | 是[9] | 是[10] | dns.adguard.com | 94.140.14.14 94.140.15.15 |
2a10:50c0::ad1:ff 2a10:50c0::ad2:ff |
Default[11] | 以隐私为导向的免费DNS解析系统,可阻止跟踪、广告和网络钓鱼。[12] |
dns-family.adguard.com | 94.140.14.15 94.140.15.16 |
2a10:50c0::bad1:ff 2a10:50c0::bad2:ff |
Family[11] | |||||||||
dns-unfiltered.adguard.com | 94.140.14.140 94.140.14.141 |
2a10:50c0::1:ff 2a10:50c0::2:ff |
无[11] | |||||||||
CleanBrowsing | 20 | 是[13] | 是 | 是 | 是[14] | 是[15] | 是[16] | family-filter-dns.cleanbrowsing.org | 185.228.168.168 185.228.169.168 |
2a0d:2a00:1:: 2a0d:2a00:2:: |
Family | 设计用于13岁以下儿童的设备 |
adult-filter-dns.cleanbrowsing.org | 185.228.168.10 185.228.169.11 |
2a0d:2a00:1::1 2a0d:2a00:2::1 |
Adult | |||||||||
security-filter-dns.cleanbrowsing.org | 185.228.168.9 185.228.169.9 |
2a0d:2a00:1::2 2a0d:2a00:2::2 |
Security | |||||||||
Cloudflare | 200[17] | 是[18] | 是 | 是[19] | 是[20] | 是[21] | 否 | one.one.one.one[22] 1dot1dot1dot1.cloudflare-dns.com |
1.1.1.1 1.0.0.1 |
2606:4700:4700::1111 2606:4700:4700::1001 |
无 | |
dns64.cloudflare-dns.com | — | 2606:4700:4700::64 2606:4700:4700::6400 |
无 | 用于仅有IPv6的网络[23]详情请看IPv6过渡机制 | ||||||||
security.cloudflare-dns.com | 1.1.1.2 1.0.0.2 |
2606:4700:4700::1112 2606:4700:4700::1002 |
Malware, Phishing | |||||||||
family.cloudflare-dns.com | 1.1.1.3 1.0.0.3 |
2606:4700:4700::1113 2606:4700:4700::1003 |
Malware, Phishing, Adult content |
|||||||||
Dyn | 是[24] | 是 | 是 | 否 | 否 | 否 | resolver1.dyndnsinternetguide.com resolver2.dyndnsinternetguide.com |
216.146.35.35 216.146.36.36 |
— | 将于2022年5月31日关闭 | ||
23[25] | 是[26] | 是 | 是 | 是 | 是[27] | 否 | dns.google[28] google-public-dns-a.google.com google-public-dns-b.google.com |
8.8.8.8 8.8.4.4 |
2001:4860:4860::8888 2001:4860:4860::8844 |
无 | ||
dns64.dns.google | — | 2001:4860:4860::6464 2001:4860:4860::64 |
无 | 在NAT64网关中使用[29] | ||||||||
Neustar | 是[30] | 是 | 是 | 否 | 否 | 否 | 64.6.64.6
64.6.65.6 156.154.70.1 |
2620:74:1b::1:1
2620:74:1c::2:2 2610:a1:1018::1 |
无 | Verisign于2020年12月3日将其公共DNS(以64.和2620:开头的IP)转让给Neustar[31] | ||
156.154.70.2 156.154.71.2 |
2610:a1:1018::2 2610:a1:1019::2 |
Malware, ransomware, spyware, phishing | ||||||||||
156.154.70.3 156.154.71.3 |
2610:a1:1018::3 2610:a1:1019::3 |
Low security + gambling, pornography, violence, hate | ||||||||||
156.154.70.4 156.154.71.4 |
2610:a1:1018::4 2610:a1:1019::4 |
Medium security + gaming, adult, drugs, alcohol, anonymous proxies | ||||||||||
156.154.70.5 156.154.71.5 |
2610:a1:1018::5 2610:a1:1019::5 |
无 | 不会将不存在的域名重定向到别的页面 | |||||||||
OpenDNS | 31[32] | 是[33] | 是 | 是[34] | 是 | 是[35] | 是[36] | dns.opendns.com | 208.67.222.222 208.67.220.220 |
2620:119:35::35 2620:119:53::53 |
Basic Security filtering + user defined policies | |
familyshield.opendns.com | 208.67.222.123 208.67.220.123 |
2620:119:35::123 2620:119:53::123 |
"FamilyShield": adult content | |||||||||
sandbox.opendns.com | 208.67.222.2 208.67.220.2 |
2620:0:ccc::2 2620:0:ccd::2 |
无 | 沙盒地址不提供任何过滤功能 | ||||||||
OpenNIC | 是[37] | 是 | 是 | 部分[38] | 部分[39] | 部分[40] | Several [41] | 185.121.177.177 169.239.202.202 |
2a05:dfc7:5::53 2a05:dfc7:5::5353 |
OpenNIC Tier 2 DNS Resolvers列表 | ||
Quad9 | 149[42] | 是[43] | 是 | 是[44] | 是[45] | 是[46] | 是[47] | dns.quad9.net rpz-public-resolver1.rrdns.pch.net |
9.9.9.9 149.112.112.112 |
2620:fe::fe 2620:fe::9 |
Malicious domains (phishing, malware, exploit kit domains) | |
否[48] | dns-nosec.quad9.net | 9.9.9.10 149.112.112.10 |
2620:fe::10 2620:fe::fe:10 |
无 | ||||||||
Yandex | 是[49] | 是 | 否 | 否 | 否 | 是 | dns.yandex.ru secondary.dns.yandex.ru |
77.88.8.1 77.88.8.8 |
2a02:6b8::feed:0ff 2a02:6b8:0:1::feed:0ff |
无 | ||
safe.dns.yandex.ru secondary.safe.dns.yandex.ru |
77.88.8.2 77.88.8.88 |
2a02:6b8::feed:bad 2a02:6b8:0:1::feed:bad |
"Safe": fraudulent / infected / bot sites | |||||||||
family.dns.yandex.ru secondary.family.dns.yandex.ru |
77.88.8.3 77.88.8.7 |
2a02:6b8::feed:a11 2a02:6b8:0:1::feed:a11 |
"Family": fraudulent / infected / bot / adult sites |
参考文献
- ↑ How to Change Your Default DNS to Google DNS for Fast Internet Speeds. TechWorm. 2016-08-20 [2016-10-22] (美国英语).
- ↑ A simple way to get around Rogers' DNS re-directing. IT Business. [2016-10-22].
- ↑ OpenDNS Adds Centralized Reporting, IP-Layer Enforcement to Umbrella. mspmentor.net. [2016-10-22].
- ↑ Austrian Pirate Bay Blockade Censors Slovak Internet - TorrentFreak. TorrentFreak. 2015-12-03 [2016-10-22] (美国英语).
- ↑ Security; Iana. DNS devastation: Top websites whacked offline as Dyn dies again. The Register. [2016-10-22].
- ↑ AdGuard DNS servers map. [2021-05-29].
- ↑ AdGuard DNS Privacy Notice. [2021-05-29].
- ↑ AdGuard DNS FAQ: What is DNSSEC?. [2021-05-29].
- ↑ The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS. [2021-05-29].
- ↑ Adguard DNS now supports DNSCrypt. [2021-05-29].
- ↑ 11.0 11.1 11.2 AdGuard DNS Setup guide. [2021-05-29].
- ↑ AdGuard DNS FAQ: What is AdGuard DNS?. adguard.com. [2019-08-12] (英语).
- ↑ NOC.org / dcid. CleanBrowsing Privacy and Terms of Service. Cleanbrowsing.org. [2019-01-04].
- ↑ Parental Control with DNS over TLS Support. [2019-06-03].
- ↑ NOC.org / dcid. Parental Control with DNS Over HTTPS (DoH) Support. Cleanbrowsing.org. [2019-01-04].
- ↑ NOC.org / dcid. Parental Control with DNSCrypt Support. Cleanbrowsing.org. [2019-01-04].
- ↑ Cloudflare: Our Anycast Network Map. [2019-06-03].
- ↑ Privacy Policy. Cloudflare. [2019-01-04].
- ↑ The Nitty Gritty - Cloudflare Resolver. [2019-06-03].
- ↑ Cloudflare Inc. DNS over TLS - Cloudflare Resolver. Developers.cloudflare.com. 2018-03-31 [2019-01-04].
- ↑ Cloudflare Inc. DNS over HTTPS - Cloudflare Resolver. Developers.cloudflare.com. [2019-01-04].
- ↑ Test DNS owner one.one.one.one. 2018-08-21 [2019-06-03].
- ↑ Supporting IPv6-only Networks. [2019-06-03].
- ↑ Oracle's Privacy Policy. dyn.com. [2018-12-31] (美国英语).
- ↑ Google Public DNS: Where are your servers currently located?.
- ↑ Google Public DNS: Your Privacy.
- ↑ Google Public DNS: DNS-over-HTTPS.
- ↑ Get Started | Public DNS.
- ↑ Google Public DNS64.
- ↑ Privacy Policy | Neustar. home.neustar. [2019-06-03] (英语).
- ↑ Verisign Public DNS Offers DNS Stability And Security – Verisign. www.verisign.com. [2020-12-05] (美国英语).
- ↑ OpenDNS: Data Center Locations. [2019-06-03].
- ↑ Cisco Online Privacy Statement. [2019-06-03].
- ↑ DNSSEC General Availability - OpenDNS. [2021-05-29].
- ↑ [1]
- ↑ OpenDNS and DNSCrypt. [2021-05-29].
- ↑ OpenNIC: Privacy Policy. [2019-06-03].
- ↑ OpenNIC Public Servers. [2019-06-03].
- ↑ OpenNIC Public Servers
- ↑ OpenNIC: DNSCrypt
- ↑ OpenNIC Tier 2 DNS Resolvers
- ↑ Quad9 Locations. [2021-05-29].
- ↑ Quad9: Privacy, Data Collection and Use Policy
- ↑ Quad9 FAQ: Does Quad9 implement DNSSEC?. [2019-06-03].
- ↑ Quad9 Frequently Asked Questions. [2019-06-03].
- ↑ DoH with Quad9 DNS Servers
- ↑ Quad9 DNSCrypt Now In Testing. [2019-06-03].
- ↑ Quad9 FAQ: Is there a service that Quad9 offers that does not have the blocklist or other security?. [2019-06-03].
- ↑ Terms of use of the Yandex.DNS service