I added the filtering servers to the Unusable section, but was hesitant to blow away the entries above under servers that support TCP/UDP and DOT, because technically they do (as do many other entries under Unusable).
I’ll leave that for someone else to decide.
I’ll just say, I’m not really happy with the verbiage “Unusable DNS Providers”. They obviously are usable, they just either don’t support DNSSEC at all or break DNSSEC for sites that they block, which depending on the user, may or may not be a deal breaker. I’d prefer something like “Filtering DNS Providers that May Negatively Impact DNSSEC” or something similar.
I use Quad9 because of it privacy policies. And on the surface I think it is a good thing Quad9 helps with malware sites. So to me it is a “Usable DNS Provider”.
Is there such thing as a high privacy, high speed, DNS provider that doesn’t break “bad” DNSSEC? Is this a DNS unicorn?
I would still recommend to remove them from the top then, because the point of the table was to recommend something to people. If they are in the bottom table, they are not recommended.
Snopyta (FI) service haven’t work in ages. Maybe it should be removed from list?
censurfridns.dk gives certificate error for some reason, it’s been like that days maybe weeks.
I’ve come across Blah dns service but not sure if it’s good enough for wiki list since it does filtering. There are servers in Finland, Germany, Singapore, Japan and Switzerland
A hobby Adblock DNS project with HTTP/3, DoH, DoT, DoQ, DNSCryptv2 support.
Just looking through this a bit quick. So much info. I have read the wiki page and its recommendations but at first glance it seems one has to be picky if wanting filtration and dnssec from the same provider.
The IPFire wiki is editable by the community users. You can login with your IPFire People credentials and make the changes yourself.
It might be a good idea to contact the censurfri people about that error in case they don’t know of the problem. There are various ways to contact the censurfri admin. https://blog.uncensoreddns.org/contact/
My usage of IPFire follows the goal “get pure IP access to the internet from some ISP, control the traffic by the device owned by me”.
This means no restrictions outside my gateway, neither by my ISP nor by any DNS server.
Filtering malware etc. by means of DNS can be done with the RPZ functionality of unbound and forcing DNS requests to IPFire’s DNS server.
This allows policies controlled by me only. Filtering DNS by external services includes some external storage of my DNS requests, logging and configuring doesn’t function without.
Perhaps the above quote is what @bbitsch was hinting to?
and perhaps that’s why NextDNS is not even mentioned on the wiki page?
I would recommend using their ‘open’ resolver
# open.dns0.eu
# The unfiltered version of dns0.eu. Use at your own risk.
[DNS-over-TLS/QUIC]
open.dns0.eu
[DNS-over-HTTPS]
https://open.dns0.eu/
[DNS53]
193.110.81.254
185.253.5.254
2a0f:fc80::ffff
2a0f:fc81::ffff
[Apple Configuration Profile]
https://dns0.eu/open.dns0.eu.mobileconfig
Quad9 filtering was discussed here a long while ago,
Anyone following the Sony vs Quad9 dispute? Basically the court ordered Quad9 to censor DNS queries because a DNS provider is just like Youtube .
This 2023 and 2024 test confirms that Quad9 is filtering DNS queries
Most of the tested DNS providers have few resolvers, mostly the “filtered” ones were tested.
Google Public DNS - 8.8.8.8 (for reference, unfiltered)
ControlD Malware - 76.76.2.1 (new in the test)
Norton ConnectSafe - 199.85.126.10 (new in the test)
UltraDNS Threat Protection - 156.154.70.2 (new in the test)
Quad9 - 9.9.9.9
Cloudflare for Families - 1.1.1.2
dns0.eu - 193.110.81.0
dns0.eu ZERO - 193.110.81.9
CleanBrowsing Security Filter - 185.228.169.9
Comodo Secure DNS - 8.26.56.26
If anyone want’s to test Quad9 “unfiltered” the address would be 9.9.9.10 (no DNSSEC)*