Use an alternative DNS service¶
This mini tutorial starts by using OpenDNS, and then the DNS service of Google.
Note
More details about OpenDNS?
That Wikipédia page gives more information about that free (but questionable) service.
This (French) blog post is quite aggressive against OpenDNS, with quite valid arguments. As an extremely short sum-up, you should not use OpenDNS.
To start using OpenDNS, you just need to specify these addresses as additional DNS servers.
- For IPv4
208.67.222.222,208.67.220.220,208.67.222.220,208.67.220.222- For IPv6
2620:0:ccc::2,2620:0:ccd::2
More details on the procedure needed to start using an alternative DNS provider can be found here (thanks to developers.Google.com). An other tutorial explaining precisely here (for Windows 7).
Check your settings¶
To check that you use indeed the OpenDNS servers, you just need to go on that web-page www.OpenDNS.com/welcome.
Or you can test this from the command line (with the dig command):
$ echo -e "# Main answer (208.67.222.222 OpenDNS server) :"
$ dig @208.67.222.222 perso.crans.org
# Main answer (208.67.222.222 OpenDNS server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51710
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;perso.crans.org. IN A
;; ANSWER SECTION:
perso.crans.org. 2868 IN CNAME hodaur.crans.org.
hodaur.crans.org. 2868 IN A 185.230.79.10
;; Query time: 8 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 81
$ echo -e "# Other answer (208.67.220.220 OpenDNS server) :"
$ dig @208.67.220.220 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.220.220 OpenDNS server) :
perso.crans.org. 717 IN CNAME hodaur.crans.org.
hodaur.crans.org. 717 IN A 185.230.79.10
$ echo -e "# Other answer (208.67.222.220 OpenDNS server) :"
$ dig @208.67.222.220 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.222.220 OpenDNS server) :
perso.crans.org. 230 IN CNAME hodaur.crans.org.
hodaur.crans.org. 230 IN A 185.230.79.10
$ echo -e "# Other answer (208.67.220.222 OpenDNS server) :"
$ dig @208.67.220.222 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.220.222 OpenDNS server) :
perso.crans.org. 230 IN CNAME hodaur.crans.org.
hodaur.crans.org. 230 IN A 185.230.79.10
You can also check how the OpenDNS servers protect you against fishing and « bad » Internet web-sites, by going to the (safe) web-page www.InternetBadGuys.com (the DNS request to OpenDNS required to know where to look up the www.InternetBadGuys.com page will be interpreted as dangerous, and so you will be redirected to that « nicer » page).
Voir aussi
- monip.org
In order to know your IP address (v4 or v6).
- WhoIsMyISP.org
In order to know your Internet Service Provider (ISP).
- DNSLeaktest.com
In order to check if your ISP is not doing any DNS leaks behind your back.
- Hidester’s DNS Leak Test
Another tool of this kind (hidester.com/dns-leak-test), quoted here because the author asked me to include a link here…
- Pixel Privacy’s DNS Leak Test
I’ve been kindly asked to add a link to this test (PixelPrivacy.com/resources/dns-leak).
Why this rather empty page on my web-site?¶
Mainly because I wanted to have one easy-to-find web-page where to quickly find the IPv4 (and IPv6) addresses of the OpenDNS (and Google DNS) servers, in order to be able to quickly copy/paste them when I configure a new Wi-Fi (or Ethernet) connexion on my personal laptop.
Now it’s done!
An other alternative DNS provider?¶
Google also offers a free, non-restrictive, and open-to-anyone DNS service:
- For IPv4
8.8.8.8,8.8.4.4- For IPv6
2001:4860:4860::8888,2001:4860:4860::8844
Or you can test this from the command line (with the dig command):
$ echo -e "# Main answer (8.8.8.8 Google server) :"
$ dig @8.8.8.8 perso.crans.org
# Main answer (8.8.8.8 Google server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23536
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org. IN A
;; ANSWER SECTION:
perso.crans.org. 3600 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3600 IN A 185.230.79.10
;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 81
$ echo -e "# Other answer (8.8.4.4 Google server) :"
$ dig @8.8.4.4 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (8.8.4.4 Google server) :
perso.crans.org. 3600 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3600 IN A 185.230.79.10
$ echo -e "# And with IPv6 (2001:4860:4860::8888 Google server) :"
$ dig @2001:4860:4860::8888 perso.crans.org AAAA +cd
# And with IPv6 (2001:4860:4860::8888 Google server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @2001:4860:4860::8888 perso.crans.org AAAA +cd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18995
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org. IN AAAA
;; ANSWER SECTION:
perso.crans.org. 3600 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3600 IN AAAA 2a0c:700:2::ff:fe01:4502
;; Query time: 28 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 93
Note
More information?
As always, more details can be found here on Wikipédia, or on the official web-page on developers.Google.com.
Google DNS is supposed to be quicker and more efficient, but we do not really care in fact (except if you are on a really quick network, the DNS requests velocity cannot be the limiting bottleneck for your web browsing).
But that free service is supposed to not modify the domain names space, contrarily to other services of that kind; and it is known to be quite safe.
Note
Safe? Hum, really…?
It seems legit to assume that all the main DNS services are spied by governmental agencies… Or private agencies, or activist groups or… by Batman? Anyway, keep this in mind: when you use an external DNS service, you cannot be sure of their neutrality and security. By default, you should probably assume that every DNS request your laptop/smartphone makes can simply be read by your government. Reassuring, right?
Two other alternative DNS providers?¶
Recently, CloudFare also offers a free, non-restrictive, and open-to-anyone DNS service:
- For IPv4
1.1.1.1,1.0.0.1(even easier to remember!)- For IPv6
2606:4700:4700::1111,2606:4700:4700::1001
$ echo -e "# Main answer (1.1.1.1 CloudFare server) :"
$ dig @1.1.1.1 perso.crans.org
# Main answer (1.1.1.1 CloudFare server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @1.1.1.1 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56301
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;perso.crans.org. IN A
;; ANSWER SECTION:
perso.crans.org. 3600 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3600 IN A 185.230.79.10
;; Query time: 28 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 81
$ echo -e "# And with IPv6 (2606:4700:4700::1111 CloudFare server) :"
$ dig @2606:4700:4700::1111 perso.crans.org AAAA +cd
# And with IPv6 (2606:4700:4700::1111 CloudFare server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @2606:4700:4700::1111 perso.crans.org AAAA +cd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54836
;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;perso.crans.org. IN AAAA
;; ANSWER SECTION:
perso.crans.org. 3600 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3600 IN AAAA 2a0c:700:2::ff:fe01:4502
;; Query time: 24 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 93
And Quad9 also offers its own DNS.
- For IPv4
9.9.9.9
$ echo -e "# Main answer (9.9.9.9 Quad9 server) :"
$ dig @9.9.9.9 perso.crans.org
# Main answer (9.9.9.9 Quad9 server) :
; <<>> DiG 9.16.1-Ubuntu <<>> @9.9.9.9 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14501
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org. IN A
;; ANSWER SECTION:
perso.crans.org. 3551 IN CNAME hodaur.crans.org.
hodaur.crans.org. 3551 IN A 185.230.79.10
;; Query time: 12 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE rcvd: 81
Voir aussi
resolv.conf?¶
Our Linuxian friends can also use a resolv.conf, and for example that one on www.chaz6.com/files/resolv.conf can help, or by following these explanations. Some extra explanations are also here on theos.in or here on die.net, or as always on Wikipédia (yes, I like Wikipédia!).
