DNS Servers You Should Have Memorized

By Daniel Miessler

, DNS Servers You Should Have Memorized

If you’re a programmer, a systems administrator, or really any type of IT worker, you probably have your favorite go-to IP addresses for troubleshooting. And if you’re like me, you’ve probably been using the same ones for years.

Such IPs can be used for:

  • Testing ping connectivity
  • Checking DNS resolution using dig or nslookup
  • Updating a system’s permanent DNS settings

Most DNS servers allow you to ping them.

I like using DNS servers for this because you can use them for both connectivity and name resolution testing, and for the longest time I used the Google DNS servers:

8.8.8.8
8.8.4.4

…but they don’t have any filtering enabled, and in recent years I’ve become less thrilled about sending Google all my DNS queries.

Cisco bought OpenDNS, which is where Umbrella came from.

Alternatives to Google DNS

At some point I switched to using Cisco’s Umbrella servers because they do URL filtering for you. They maintain a list of dangerous URLs and block them automatically for you, which can help protect from malware.

208.67.222.222
208.67.220.220

The OpenDNS servers are great, but I always have to look them up. Then, a few years ago, a new set of DNS servers came out that focused not only on speed and functionality, but also memorability.

One of the first easy-to-remember options with filtering that came out was IBM’s Quad 9—which as you might expect has an IP address of four nines:

9.9.9.9

I figured they were being overwhelmed at launch time, or their filtering wasn’t tweaked yet.

I tried to use Quad9 one for a bit when it first came out, but found it a bit slow. I imagine they have probably fixed that by now, but more on performance below.

Enter CloudFlare

, DNS Servers You Should Have Memorized

So with Google, Cisco, and IBM providing interesting options with various functionality, we then saw CloudFlare enter the arena.

But rather than provide filtering, they instead focused on privacy.

Some other recursive DNS services may claim that their services are secure because they support DNSSEC. While this is a good security practice, users of these services are ironically not protected from the DNS companies themselves. Many of these companies collect data from their DNS customers to use for commercial purposes. Alternatively, 1.1.1.1 does not mine any user data. Logs are kept for 24 hours for debugging purposes, then they are purged.

CloudFlare Website