Another promising DNS resolver with a security and privacy focus is the new free offer from Cloudflare called 184.108.40.206.
Olafur Gudmundsson, director of engineering at Cloudflare, said: “Our goals with the public resolver are simple: Cloudflare wants to operate the fastest public resolver on the planet while raising the standard of privacy protections for users.”
”We began talking with browser manufacturers about what they would want from a DNS resolver. One word kept coming up: privacy. Beyond just a commitment not to use browsing data to help target ads, they wanted to make sure we would wipe all transaction logs within a week. That was an easy request. In fact, we knew we could go much further. We committed to never writing the querying IP addresses to disk and [to] wiping all logs within 24 hours.”
Features that interest me include;
- Query Minimization RFC7816,
- DNS-over-TLS (Transport Layer Security) RFC7858,
- DNS-over-HTTPS protocol DoH,
- Aggressive negative answers RFC8198,
“While DNSSEC ensures integrity of data between a resolver and an authoritative server, it does not protect the privacy of the “last mile” towards you. DNS resolver, 220.127.116.11, supports both emerging DNS privacy standards – DNS-over-TLS, and DNS-over-HTTPS, which both provide last mile encryption to keep your DNS queries private and free from tampering.”
“The DNS resolver, 18.104.22.168, is also supporting privacy-enabled TLS queries on port 853 (DNS over TLS), so we can keep queries hidden from snooping networks. Furthermore, by offering the experimental DoH (DNS over HTTPS) protocol, we improve both privacy and a number of future speedups for end users, as browsers and other applications can now mix DNS and HTTPS traffic into one single connection.”
Firefox users who run Firefox Nightly may configure the browser to use DNS over HTTPS right now.
I recommend you use DNS Benchmark and test the speed of the primary (22.214.171.124) and secondary (126.96.36.199) resolver first to make sure they are fast for your location.
How to configure GRC’s DNS Benchmark:
1. Launch the DNS Benchmark.
2. Click on the “Nameservers” tab -and- wait for the initialization to complete.
3. Click the Add/Remove button at the left below the tabs.
4. Enter “188.8.131.52” and click “Add”
5. Enter “184.108.40.206” and click “Add”
6. Click “Run Benchmark”
7. While it’s running, stretch the window to the top and bottom of your screen.
8. When completed, left click on the results and drag the mouse to show numerical timing
Instructions on how to set your DNS here; https://220.127.116.11/
UPDATE: There is now an iOS and Android app that will encrypt your DNS (Not your traffic).