Use an alternative DNS service

This mini tutorial starts by using OpenDNS, and then the DNS service of Google.

Note

More details about OpenDNS?

That Wikipédia page gives more information about that free (but questionable) service.

This (French) blog post is quite aggressive against OpenDNS, with quite valid arguments. As an extremely short sum-up, you should not use OpenDNS.

To start using OpenDNS, you just need to specify these addresses as additional DNS servers.

For IPv4

208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222

For IPv6

2620:0:ccc::2, 2620:0:ccd::2

More details on the procedure needed to start using an alternative DNS provider can be found here (thanks to developers.Google.com). An other tutorial explaining precisely here (for Windows 7).

Check your settings

To check that you use indeed the OpenDNS servers, you just need to go on that web-page www.OpenDNS.com/welcome.

Or you can test this from the command line (with the dig command):

$ echo -e "# Main answer (208.67.222.222 OpenDNS server) :"
$ dig @208.67.222.222 perso.crans.org
# Main answer (208.67.222.222 OpenDNS server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51710
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;perso.crans.org.		IN	A

;; ANSWER SECTION:
perso.crans.org.	2868	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	2868	IN	A	185.230.79.10

;; Query time: 8 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 81
$ echo -e "# Other answer (208.67.220.220 OpenDNS server) :"
$ dig @208.67.220.220 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.220.220 OpenDNS server) :
perso.crans.org.	717	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	717	IN	A	185.230.79.10
$ echo -e "# Other answer (208.67.222.220 OpenDNS server) :"
$ dig @208.67.222.220 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.222.220 OpenDNS server) :
perso.crans.org.	230	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	230	IN	A	185.230.79.10
$ echo -e "# Other answer (208.67.220.222 OpenDNS server) :"
$ dig @208.67.220.222 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (208.67.220.222 OpenDNS server) :
perso.crans.org.	230	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	230	IN	A	185.230.79.10

You can also check how the OpenDNS servers protect you against fishing and « bad » Internet web-sites, by going to the (safe) web-page www.InternetBadGuys.com (the DNS request to OpenDNS required to know where to look up the www.InternetBadGuys.com page will be interpreted as dangerous, and so you will be redirected to that « nicer » page).

Voir aussi

monip.org

In order to know your IP address (v4 or v6).

WhoIsMyISP.org

In order to know your Internet Service Provider (ISP).

DNSLeaktest.com

In order to check if your ISP is not doing any DNS leaks behind your back.

Hidester’s DNS Leak Test

Another tool of this kind (hidester.com/dns-leak-test), quoted here because the author asked me to include a link here…

Pixel Privacy’s DNS Leak Test

I’ve been kindly asked to add a link to this test (PixelPrivacy.com/resources/dns-leak).


Why this rather empty page on my web-site?

Mainly because I wanted to have one easy-to-find web-page where to quickly find the IPv4 (and IPv6) addresses of the OpenDNS (and Google DNS) servers, in order to be able to quickly copy/paste them when I configure a new Wi-Fi (or Ethernet) connexion on my personal laptop.

Now it’s done!


An other alternative DNS provider?

Google also offers a free, non-restrictive, and open-to-anyone DNS service:

For IPv4

8.8.8.8, 8.8.4.4

For IPv6

2001:4860:4860::8888, 2001:4860:4860::8844

Or you can test this from the command line (with the dig command):

$ echo -e "# Main answer (8.8.8.8 Google server) :"
$ dig @8.8.8.8 perso.crans.org
# Main answer (8.8.8.8 Google server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23536
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org.		IN	A

;; ANSWER SECTION:
perso.crans.org.	3600	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3600	IN	A	185.230.79.10

;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 81
$ echo -e "# Other answer (8.8.4.4 Google server) :"
$ dig @8.8.4.4 perso.crans.org | grep -v "^\(;.*\|$\)"
# Other answer (8.8.4.4 Google server) :
perso.crans.org.	3600	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3600	IN	A	185.230.79.10
$ echo -e "# And with IPv6 (2001:4860:4860::8888 Google server) :"
$ dig @2001:4860:4860::8888 perso.crans.org AAAA +cd
# And with IPv6 (2001:4860:4860::8888 Google server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @2001:4860:4860::8888 perso.crans.org AAAA +cd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18995
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org.		IN	AAAA

;; ANSWER SECTION:
perso.crans.org.	3600	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3600	IN	AAAA	2a0c:700:2::ff:fe01:4502

;; Query time: 28 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 93

Note

More information?

As always, more details can be found here on Wikipédia, or on the official web-page on developers.Google.com.

Google DNS is supposed to be quicker and more efficient, but we do not really care in fact (except if you are on a really quick network, the DNS requests velocity cannot be the limiting bottleneck for your web browsing).

But that free service is supposed to not modify the domain names space, contrarily to other services of that kind; and it is known to be quite safe.

Note

Safe? Hum, really…?

It seems legit to assume that all the main DNS services are spied by governmental agencies… Or private agencies, or activist groups or… by Batman? Anyway, keep this in mind: when you use an external DNS service, you cannot be sure of their neutrality and security. By default, you should probably assume that every DNS request your laptop/smartphone makes can simply be read by your government. Reassuring, right?

Two other alternative DNS providers?

Recently, CloudFare also offers a free, non-restrictive, and open-to-anyone DNS service:

For IPv4

1.1.1.1, 1.0.0.1 (even easier to remember!)

For IPv6

2606:4700:4700::1111, 2606:4700:4700::1001

$ echo -e "# Main answer (1.1.1.1 CloudFare server) :"
$ dig @1.1.1.1 perso.crans.org
# Main answer (1.1.1.1 CloudFare server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @1.1.1.1 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56301
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;perso.crans.org.		IN	A

;; ANSWER SECTION:
perso.crans.org.	3600	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3600	IN	A	185.230.79.10

;; Query time: 28 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 81
$ echo -e "# And with IPv6 (2606:4700:4700::1111 CloudFare server) :"
$ dig @2606:4700:4700::1111 perso.crans.org AAAA +cd
# And with IPv6 (2606:4700:4700::1111 CloudFare server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @2606:4700:4700::1111 perso.crans.org AAAA +cd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54836
;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;perso.crans.org.		IN	AAAA

;; ANSWER SECTION:
perso.crans.org.	3600	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3600	IN	AAAA	2a0c:700:2::ff:fe01:4502

;; Query time: 24 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 93

And Quad9 also offers its own DNS.

For IPv4

9.9.9.9

$ echo -e "# Main answer (9.9.9.9 Quad9 server) :"
$ dig @9.9.9.9 perso.crans.org
# Main answer (9.9.9.9 Quad9 server) :

; <<>> DiG 9.16.1-Ubuntu <<>> @9.9.9.9 perso.crans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14501
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;perso.crans.org.		IN	A

;; ANSWER SECTION:
perso.crans.org.	3551	IN	CNAME	hodaur.crans.org.
hodaur.crans.org.	3551	IN	A	185.230.79.10

;; Query time: 12 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: sam. févr. 17 13:14:19 CET 2024
;; MSG SIZE  rcvd: 81

resolv.conf?

Our Linuxian friends can also use a resolv.conf, and for example that one on www.chaz6.com/files/resolv.conf can help, or by following these explanations. Some extra explanations are also here on theos.in or here on die.net, or as always on Wikipédia (yes, I like Wikipédia!).