DNS privacy: Use a DNS provider that doesn’t track you

Many ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.

To use a fast and free – as in cost and censorship-free – DNS provider that doesn’t track you, many people recommend using Google’s DNS servers. However, Google Public DNS permanently logs your ISP and location information for analysis. Your IP address is also stored for 24 hours.

Since Google’s primary business model is to sell targeted ads, it makes sense that your privacy isn’t their primary concern. It shouldn’t be a shock to anyone if they use data collected from a service provided free of charge to fuel their bank account.

When it comes to services like this, you have to find someone you trust. There is no accountability, as you can’t exactly get access to their backend services to verify that there is no logging. However, if they have a data breach or hire an honest employee, the world will know and their reputation will be destroyed forever. The internet never forgets.

A provider that gives you DNS privacy

DNS.WATCH is a service that exists because the people behind it claims that they believe in freedom of information. What they provide is a fast, free and uncensored DNS service where the resolvers are configured to not log any queries.

No censorship. No Bullshit. Just DNS.

~ DNS.WATCH

So what’s their business model? Where’s the catch?

They’re not a business and doesn’t have anything to sell. Their costs are covered by sponsors and donations. They are not running an ad network. There is no DNS hijacking or any other humbug.

We’re not interested in shady deals with your data. You own it. We’re not a big corporation and don’t have to participate in shady deals. We’re not running any ad network or anything else where your DNS queries could be of interest for us. Other providers do.

The technical details

These are their DNS servers, as provided on the DNS.WATCH website. They have DNSSEC enabled, they don’t do any logging, and they can be used free of charge. Oh, and in my experience, they are very fast too!

resolver1

IPv4: 84.200.69.80
IPv6: 2001:1608:10:25::1c04:b12f

FQDN: resolver1.dns.watch
Explicit v6 FQDN: resolver1v6.dns.watch

resolver2

IPv4: 84.200.70.40
IPv6: 2001:1608:10:25::9249:d69b

FQDN: resolver2.dns.watch
Explicit v6 FQDN: resolver2v6.dns.watch

If you need any help on setting up your computer to use these resolvers, they have handy howtos for changing DNS resolvers here.


Update September 10, 2018

Since CloudFlare released their DNS resolver 1.1.1.1 on April 1st, I’ve been using that one, and it has great speed, stability and privacy. You might want to check it out!

12 Comments

  1. Hi,
    Thank you for this! What do you think of servers such as ns0dnscrypt.is? or d0wn resolver?

  2. Hi,

    So you trust them on their Blue eyes and what they wrote on their website? How can you be so sure they respect the users privacy? I searched for their written privacy policy, but couldn’t find any on their website, you can’t even send them an e-mail with questions.

    1. You’ll find the info you’re looking for if you do some digging around. Again: You have to find someone you trust, since verification would be hard.

    1. Except it is not. Why would it be?

      Anyways, the main point is to use a DNS provider that doesn’t track you. There are others out there too, so find one you trust (enough).

    2. Why is article this “obviously” an ad? Maybe you meant this is obviously an “add” –> 1 + 1 = 2.

  3. Hello Björn! Today i read a new article about securing DNS by DNS over HTTPS in the german magazin CHIP 12/2018, Page 104.
    Open a newest firefox. Insert “about:config”. Go to “network.trr.mode” and change the settings from “0” to “2”. Go to “network.trr.uri” , delete the standard entry and insert a trusted dns resolver like this one: https://doh.securedns.eu/dns-query
    Then go to “network.trr.bootstrapAddress” and insert this ip: 146.185.167.43
    Thats it. Close and restart firefox. Go to https://dnsleaktest.com/ and make and extended test. If dns over https works, the result you could see, now should be the IP frome securedns.eu
    I think, this resolver is uncensored too. I will contact the owner of the resolver.
    Regards!
    Cloudflare, i do not trust! Sorry!

Comments are closed.