I stumbled upon some interesting Public DNS services/resolvers:
Not sure what is their affiliation but they seem to run a similar setup.
unbound (resolver) + [haproxy (dns-over-tls)
I figured I should post it here and see if it’s worth to include in the Wiki
-no logs, DNSSEC, DoT, Uncensored or Adblock is optional, QNAME minimisation
-Anycast or choose 3 servers
Another one is
resolver-eu.lelux.fi
51.158.147.50
Privacy policy
95.216.24.230
fi.dot.dns.snopyta.org
Thank you for this! I can’t elaborate enough just how wonderful it is to utilize DoT cause it’s just so much better than DoH when it comes to security and reliability.
Here’s mine:
dot.seby.io139.99.222.7245.76.113.31
Nixnet is also my personal favorite. I have more to list here but I forgot to update my to-go notes about it - will add more later.
Not that sensitive when it comes to Privacy Policies cause my stance is Security > Privacy. While Privacy is important, it’s not something that you can realistically protect up to 100%.
A note for the uninitiated to DoT:
DoT utilizes port 853 and needs to have inputs on BOTH domain name and ip address fields for it to work so if it isn’t working then it’s either of these two things that you should be looking into.
Are any of the Nixnet servers working for you on port 853?
I keep getting error for few weeks, all Nixnet servers cannot be reached on port 853, but working fine on 53.
; WARNING: connection timeout for 199.195.251.84@853(TCP)
;; ERROR: failed to query server 199.195.251.84@853(TCP)
This DNS provider seems independent.
I will try it out.
Dismail DNS
Edit: Works pretty good and under 170ms
Flags: qr rd ra ad;
however I just noticed that Dismail uses Ad Filtering 
which is not recommended.
but here is a dig anyways:
kdig @159.69.114.157 +dnssec +bufsize=1232 +tls-ca=/etc/ssl/certs/ca-bundle.crt +tls-hostname=fdns2.dismail.de -d
;; DEBUG: Querying for owner(.), class(1), type(2), server(159.69.114.157), port(853), protocol(TCP)
;; DEBUG: TLS, imported 138 certificates from ‘/etc/ssl/certs/ca-bundle.crt’
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, CN=fdns2.dismail.de
;; DEBUG: SHA-256 PIN: ;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 11106
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 14; AUTHORITY: 0; ADDITIONAL: 1;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: NOERROR;; From 159.69.114.157@853(TCP) in 155.6 ms
I think I figured out why the Nixnet is not responding to my DoT requests. My IPS is blocking it; Emerging Threats 2500010
Name: ET COMPROMISED Known Compromised or Hostile Host Traffic group 6
Priority: 2
Type: Misc Attack
IP Info: 104.244.78.231:853
SID: 2500010