Sometimes you might need to use some other DNS server than the one provided by your ISP. Be it privacy reason or evading DNS-level censorship you can choose one from the list at: https://public-dns.info/ But unfortunately, I could not find any listed latencies for those servers. So I made my own ICMP pinger (because using traditional ping tool from script was just too slow) and created the following list of all the above DNS servers + their latencies. Sorted from best to worst. Please note that depending of your geographical location and the connection you use (wired vs. wireless) your latencies might be 20 - 40 ms bigger than in that list. https://www.orwell1984.today/cname/dns_pings.txt
I don't know about airvpn but isn't adguard just forwarding DNS server software with adblock filtering slapped on? https://kb.adguard.com/en/general/dns-providers I mean: Does it have its own servers or is it apple to use root DNS serves directly without middle-men ?
Can you give their IP addresses? Or did you mean by own cache server that it's just locally running, caching forwarding DNS server? Because if it is just forwarding DNS, then it's probably already using some of those servers in the list. (and i already found few of them)
Im making new version of list with also country and possible city (if any) included for each entry. Im quite disappointed to find out that 1.1.1.1 (which I added myself because it was not listed) is located in **** anti-encryption Australia ...
Cloudflare uses anycast, same as google, adguard and many other DNS providers. So, you get the closest located server they have. Although sometimes due to messed up routing they pick others. Huge props for making such a novel list. You could use GRC's tool too. https://www.grc.com/dns/benchmark.htm For preventing any MITM in DNS though, you could use DOT in android (called private DNS) and DNSCrypt or DOH (slightly faster in my experience, ESNI enabled in FF) in PC. With an inbuilt adblocking/antimalware DNS like NextDNS, DNSWarden etc it's quite a passive protection.
Ah, that could be it then. But it is still little strange that it picked server that is almost half a planet away from my location Thanks! Yea, unfortunately I have to use Intra application for DOT on my android because I can't get Android Pie (and so, the native way of changing phone DNS settings) update to my phone anymore ...
Here's another list that I produced with my little tool and maybe could become handy.... List of masscanners that have been scanning me in these few months https://www.orwell1984.today/cname/masscan.txt
I think I'm on the same page. But is anyone else using Simple DNSCrypt? https://simplednscrypt.org/ Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
Here you can find. Personally I've not cared latency. What I'd like to see (not saying "do it" to you) is a large scale test of false positives. It's understandable AdGuard DNS has FPs, but Quad9, CleanBrowsing, and deprecated Norton ConnectSafe also occasionally caused FPs and only filtering DNS I haven't got FP was OpenDNS (I haven't used Comodo long enough so can't speak on it). Even more surprising was CloudFlare also caused FP, since in this context "FP" simply means a name not resolved while other DNS resolve. I don't remember what each FP was as I always use 2+ DNS and when I encounter it I just switch to another (after confirming the domain is safe by VT & 2 scan services), but Archive.is case seems to be well-known in this field. I know it's better to run my own stub resolver and this is my homework, maybe after I get new Raspberry Pi 4 or replace my router.
I used Intra app for sometimes but dropped it in favor of DNSFilter and coupled with InviZible Pro. DNSFilter can be further enhanced with a blocklist such as this. They can be installed from F-Droid repos too as I linked. Its quite effective and the lightest solution I have found for ad/malware blocking on Android, and I can run so on 1GB RAM phones released in 2015. I have tested others like Adguard, Intra, NextDNS, Blockada, DNS66 but all of them were too heavy for older phones and obligatory FOSS preference. I do. Also GRC's DNS Spoofability test is quite good to compare any DNS server.
I try and try to click that server map but for some reason it gives me nothing The rest of those IPs in down the page seem all be in Russia 176.103.130.130 Russian Federation 55.738602,37.606800 176.103.130.131 (176-103-130-131.dns.adguard.com) Russian Federation 55.738602,37.606800 176.103.130.132 Russian Federation 55.738602,37.606800 176.103.130.134 Russian Federation 55.738602,37.606800 2a00:5a60::ad1:0ff Russian Federation 60.000000,100.000000 2a00:5a60::ad2:0ff Russian Federation 60.000000,100.000000 2a00:5a60::bad1:0ff Russian Federation 60.000000,100.000000 2a00:5a60::bad2:0ff Russian Federation 60.000000,100.000000
Heh, Im sure of that... Unfortunately Putin Russia is not very privacy friendly with it's VPN bans, Telegram fiasco and it plans to make Rusnet (aka it's own version of Great Firewall) EDIT: Actually, from the 195 countries currently, I would right out remove USA, China, Russia, Australia and UK out as being most hostile to privacy in general and encryption in particular. Canada and New Zealand I would take out too but only because they are part of the 5-eye spy ring. And if you want to include rest of the global spy ring too then take out Denmark,France, Netherlands, Norway,Germany, Belgium, Italy, Spain, Sweden Those and few other smaller countries in Africa, Asia and Middle-East. Not many left
It does seem that you have reinvented the wheel, as Steve Gibsons DNS Benchmark tool will first offer to download the whole worlds list of public resolvers, and test them for speed and functionality. If you enable checking for DNSSec it will mark those DNS as green. Once it has collected a list of the fastest 50, you can then benchmark them. You can manually add or remove from the saved list and reuse again. I am a DNSCrypt user and have been for a few years. Since DNSCrypt 2 it has the ability to use its list of resolvers in a dynamic automatic mode. Using Simple DNSCrypt (windows) you can easily filter the used list based on DNSSec, ipv6, DNSCrypt, DoH, logging, and if they block domains. As you use it the response times of the DNS are noted and the fastest responding end up being the primary few actually being used. You can enable logging and watch the info scroll by. If you see resolvers you prefer not to use you can disable automatic mode and hand-pick any number of resolvers you want. You can for example select only Cloudflare and Quad9 if you wish. DNSCrypt uses OpenDNS, so you will also see the official cisco resolvers if you show the DNS that log activity.
I am aware of Steves Windows only tool (and have been a long time). Some of the DNS in that list (like the cloudflare and quad9 which are there) support encryption but my tool does not currently test it (and neither does Steves)
@trott3r @Stefan Froberg Actually AG has headquartered to Cyprus partly for that reason. https://forum.adguard.com/index.php?threads/adguard-cyprus-didnt-expect-this.26749/