Public DNS Services that block the bad stuff

We are spending an incredible/stupendous amount of time on the Internet now because of having to endure Covid-19/Coronavirus/’rona/’vid. As a result, we are definitely at risk of exposing ourselves to more bad things that are on the Internet.

This post should hopefully give you a quick overview of how to provide some additional protection for you, friends, family, anyone/anything connecting to your network.

If you’re a little more technically savvy, you can browse to https://www.dnsperf.com to look at which DNS provider has the best performance for your location in the world.

Cloudflare

IPv4
Normal DNS services
  • Primary DNS: 1.1.1.1
  • Secondary DNS: 1.0.0.1
Normal DNS Services with Malware Blocking
  • Primary DNS: 1.1.1.2
  • Secondary DNS: 1.0.0.2
Normal DNS Servers with Malware and Adult Content Blocking
  • Primary DNS: 1.1.1.3
  • Secondary DNS: 1.0.0.3
IPv6
Normal DNS
  • Primary DNS: 2606:4700:4700::1111
  • Secondary DNS: 2606:4700:4700::1001
Normal DNS Services with Malware Blocking
  • Primary DNS: 2606:4700:4700::1112
  • Secondary DNS: 2606:4700:4700::1002
Normal DNS Servers with Malware and Adult Content Blocking
  • Primary DNS: 2606:4700:4700::1113
  • Secondary DNS: 2606:4700:4700::1003
References

OpenDNS

IPv4
Normal DNS
  • Primary DNS: 208.67.222.222
  • Secondary DNS: 208.67.220.220
Normal DNS with Adult Content Blocking
  • Primary DNS: 208.67.222.123
  • Secondary DNS: 208.67.220.123
IPv6
Normal DNS
  • Primary DNS: 2620:119:35::35
  • Secondary DNS: 2620:119:53::53
Normal DNS with Adult Content Blocking (requires dual-stack connectivity)
  • Primary DNS: ::ffff:d043:de7b
  • Secondary DNS: ::ffff:d043:dc7b
Test Websites
References

Quad9

(Quad9 will not provide a censoring component and will limit its actions solely to the blocking of malicious domains around phishing, malware, and exploit kit domains.)

IPv4
No Content Filtering, but Malware Filtering

Primary DNS: 9.9.9.9

IPv6

Secure IPv6 Primary: 2620:fe::fe Blocklist, DNSSEC, No EDNS Client-Subnet

Secure IPv6 Secondary: 2620:fe::9 Blocklist, DNSSEC, No EDNS Client-Subnet

Unsecured IPv6 Primary: 2620:fe::10 No blocklist, no DNSSEC,No EDNS Client-Subnet

Unsecured IPv6 Secondary: 2620:fe::fe:10 No blocklist, no DNSSEC,No EDNS Client-Subnet

Secure IPv6 Primary (EDNS): 2620:fe::11  Blocklist, DNSSEC, EDNS Client-Subnet sent.

Secured IPv6 Secondary(EDNS): 2620:fe::fe:11 Blocklist, DNSSEC, EDNS Client-Subnet sent.

Testing?

Try to resolve the hostname isitblocked.org it should resolve to NXDOMAIN.

Other tests that you can perform (from Twitter):

To test what a blocked domain would look like,

try resolving β€˜blocked.test.on.quad9.net’ – that should result in an NXDOMAIN,

while β€˜notblocked.test.on.quad9.net’ should resolve to 9.9.9.9.

References

Google

I thought it would be useful to mention that Google doesn’t offering any filtering services through their DNS servers. They believe in providing an unfiltered internet.

IPv4
Normal DNS
  • Primary DNS: 8.8.8.8
  • Secondary DNS: 8.8.4.4
IPv6
Normal DNS
  • Primary DNS: 2001:4860:4860::8888
  • Secondary DNS: 2001:4860:4860::8844
ProviderDescriptionIPv4 PrimaryIPv4 SecondaryIPv6 PrimaryIPv6 Secondary
CloudflareNormal DNS services1.1.1.11.0.0.12606:4700:4700::11112606:4700:4700::1001
CloudflareNormal DNS Services with Malware Blocking1.1.1.21.0.0.22606:4700:4700::11122606:4700:4700::1002
CloudflareNormal DNS Servers with Malware and Adult Content Blocking1.1.1.31.0.0.32606:4700:4700::11132606:4700:4700::1003
OpenDNSNormal DNS208.67.222.222208.67.220.2202620:119:35::352620:119:53::53
OpenDNSNormal DNS with Adult Content Blocking208.67.222.123208.67.220.123::ffff:d043:de7b::ffff:d043:dc7b
Quad9Normal DNS9.9.9.9
GoogleNormal DNS8.8.8.88.8.4.42001:4860:4860::88882001:4860:4860::8844
, , , , , , , ,

Personal Blog

Personal blog of myself and what I do.

Home About Cybersecurity Links and Tools

πŸ”’ Cybersecurity πŸ” PKI 🍲 Foodie πŸ’°Cryptocurrency 🐳 Docker πŸ‘¨β€πŸ’» Programming 🧠 Personal πŸ“Έ Photography