List of public DNS servers and their latencies

Discussion in 'privacy technology' started by Stefan Froberg, Jan 18, 2020.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Sometimes you might need to use some other DNS server than the one provided by
    your ISP. Be it privacy reason or evading DNS-level censorship you
    can choose one from the list at:

    https://public-dns.info/

    But unfortunately, I could not find any listed latencies for those servers. :(
    So I made my own ICMP pinger (because using traditional ping tool from script was just too slow)
    and created the following list of all the above DNS servers + their latencies.

    Sorted from best to worst.

    Please note that depending of your geographical location and the connection you use (wired vs. wireless)
    your latencies might be 20 - 40 ms bigger than in that list.

    https://www.orwell1984.today/cname/dns_pings.txt
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I use either adguard or airvpn dns servers.

    Thanks never the less
     
  3. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I don't know about airvpn but isn't adguard just forwarding DNS server software with adblock filtering slapped on?
    https://kb.adguard.com/en/general/dns-providers

    I mean: Does it have its own servers or is it apple to use root DNS serves directly
    without middle-men ?
     
  4. 142395

    142395 Guest

    Yeah, they manage their own cache server.
     
  5. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Can you give their IP addresses?

    Or did you mean by own cache server that it's just locally running, caching forwarding DNS server?

    Because if it is just forwarding DNS, then it's probably already using some of those servers in the list. (and i already found few of them)
     
  6. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Im making new version of list with also country and possible city (if any) included for each entry.

    Im quite disappointed to find out that 1.1.1.1 (which I added myself because it was not listed) is located
    in **** anti-encryption Australia ...
     
  7. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    Cloudflare uses anycast, same as google, adguard and many other DNS providers. So, you get the closest located server they have. Although sometimes due to messed up routing they pick others.

    Huge props for making such a novel list. :thumb:

    You could use GRC's tool too.
    https://www.grc.com/dns/benchmark.htm

    For preventing any MITM in DNS though, you could use DOT in android (called private DNS) and DNSCrypt or DOH (slightly faster in my experience, ESNI enabled in FF) in PC. With an inbuilt adblocking/antimalware DNS like NextDNS, DNSWarden etc it's quite a passive protection.
     
    Last edited: Jan 19, 2020
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Ah, that could be it then.
    But it is still little strange that it picked server that is almost half a planet away from my location o_O

    Thanks! :)

    Yea, unfortunately I have to use Intra application for DOT on my android because I can't get Android Pie (and so, the native way of changing phone DNS settings) update to my phone anymore ... :(
     
  9. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
  10. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,623
    Location:
    USA still the best. But barely.
  11. 142395

    142395 Guest

    Here you can find.

    Personally I've not cared latency. What I'd like to see (not saying "do it" to you) is a large scale test of false positives. It's understandable AdGuard DNS has FPs, but Quad9, CleanBrowsing, and deprecated Norton ConnectSafe also occasionally caused FPs and only filtering DNS I haven't got FP was OpenDNS (I haven't used Comodo long enough so can't speak on it). Even more surprising was CloudFlare also caused FP, since in this context "FP" simply means a name not resolved while other DNS resolve. I don't remember what each FP was as I always use 2+ DNS and when I encounter it I just switch to another (after confirming the domain is safe by VT & 2 scan services), but Archive.is case seems to be well-known in this field. I know it's better to run my own stub resolver and this is my homework, maybe after I get new Raspberry Pi 4 or replace my router.
     
  12. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    I used Intra app for sometimes but dropped it in favor of DNSFilter and coupled with InviZible Pro. DNSFilter can be further enhanced with a blocklist such as this. They can be installed from F-Droid repos too as I linked. Its quite effective and the lightest solution I have found for ad/malware blocking on Android, and I can run so on 1GB RAM phones released in 2015. I have tested others like Adguard, Intra, NextDNS, Blockada, DNS66 but all of them were too heavy for older phones and obligatory FOSS preference.

    I do. Also GRC's DNS Spoofability test is quite good to compare any DNS server.
     
    Last edited: Jan 20, 2020
  13. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I try and try to click that server map but for some reason it gives me nothing o_O
    The rest of those IPs in down the page seem all be in Russia

    176.103.130.130 Russian Federation 55.738602,37.606800
    176.103.130.131 (176-103-130-131.dns.adguard.com) Russian Federation 55.738602,37.606800
    176.103.130.132 Russian Federation 55.738602,37.606800
    176.103.130.134 Russian Federation 55.738602,37.606800
    2a00:5a60::ad1:0ff Russian Federation 60.000000,100.000000
    2a00:5a60::ad2:0ff Russian Federation 60.000000,100.000000
    2a00:5a60::bad1:0ff Russian Federation 60.000000,100.000000
    2a00:5a60::bad2:0ff Russian Federation 60.000000,100.000000
     
  14. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    adguard is a company located in russia.
    At least they will not be sharing data with the west. :)
     
  15. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Heh, Im sure of that...

    Unfortunately Putin Russia is not very privacy friendly with it's VPN bans, Telegram fiasco and it
    plans to make Rusnet (aka it's own version of Great Firewall) :(

    EDIT:
    Actually, from the 195 countries currently, I would right out remove USA, China, Russia, Australia and UK out as being most hostile to privacy in general and encryption in particular.

    Canada and New Zealand I would take out too but only because they are part of the 5-eye spy ring.

    And if you want to include rest of the global spy ring too then take out
    Denmark,France, Netherlands, Norway,Germany, Belgium, Italy, Spain, Sweden

    Those and few other smaller countries in Africa, Asia and Middle-East.

    Not many left
     
    Last edited: Jan 26, 2020
  16. A_mouse

    A_mouse Registered Member

    Joined:
    Jul 29, 2019
    Posts:
    101
    Location:
    A field
    It does seem that you have reinvented the wheel, as Steve Gibsons DNS Benchmark tool will first offer to download the whole worlds list of public resolvers, and test them for speed and functionality.
    If you enable checking for DNSSec it will mark those DNS as green.
    Once it has collected a list of the fastest 50, you can then benchmark them.
    You can manually add or remove from the saved list and reuse again.

    I am a DNSCrypt user and have been for a few years.
    Since DNSCrypt 2 it has the ability to use its list of resolvers in a dynamic automatic mode.
    Using Simple DNSCrypt (windows) you can easily filter the used list based on DNSSec, ipv6, DNSCrypt, DoH, logging, and if they block domains.
    As you use it the response times of the DNS are noted and the fastest responding end up being the primary few actually being used.
    You can enable logging and watch the info scroll by. If you see resolvers you prefer not to use you can disable automatic mode and hand-pick any number of resolvers you want.
    You can for example select only Cloudflare and Quad9 if you wish.

    DNSCrypt uses OpenDNS, so you will also see the official cisco resolvers if you show the DNS that log activity.
     
  17. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I am aware of Steves Windows only tool (and have been a long time).
    Some of the DNS in that list (like the cloudflare and quad9 which are there) support encryption but my tool does not currently test it (and neither does Steves)
     
  18. 142395

    142395 Guest

  19. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.