DNS

HARDEN IT Domain Name Resolution Service Information

Custom or manual DNS selection is a way of adding a layer of speed, censorship, or protection to your network. Selecting a safer DNS is one of a few ways to bolster security for IOT or internet of things devices.  There are pros and cons to each DNS service and technology.  Many assorted web services including DNS operate in regions of the world with different laws and policies. Generally, UK is good for privacy, China and
Russia are bad for privacy.

All technology which routes through servers in Russian terrirories including "no-log DNS" services operate under these conditions:
              Yarovaya law (http://www.icnl.org/research/library/files/Russia/Yarovaya.pdf)  Russian companies MUST store your data,for this reason we connot recommend any Russian-based products or services as privacy enhancement tools.
Adgaurd is NOT recommended because of the Yarovaya law.  It routes traffic through Russian servers and it is non-authoritative, so it doesn't even do it's own DNS resolving.
Here are some alternative (to your ISP) DNS resolvers with advantages of anonymity, speed, filtering, etc.  We recommend exploring and evaluating these to find your best fit to upgrade your DNS processing and resolution.
Google
8.8.8.8
8.8.4.4
1.0.0.1
1.1.1.1 Cloudflare has been breached https://github.com/pirate/sites-using-cloudflare
	 nslookup -type=any hardenit.net
		as per Matteo@Cloudflare community, only Cloudflare rejects "any" requests, so failure is confirmation.
	 1.1.1.1/help test to see if you are using 1.1.1.1.
199.85.126.20 Nord DNS
8.8.8.8 Google
8.26.56.26 Comodo DNS
 8.20.247.20 Comodo DNS Blocks malicious sites, does log.
9.9.9.9 CleanerDNS IBM, PCH, GCA (rumored law-enforcement), logs https://www.quad9.net/policy/  Some privacy concerns, though they claim "no PII collected," no IP logging, no info sales.
	Good protection for any IoT devices!  Blocks access to malicious sites. Us
CleanBrowsing
 https://cleanbrowsing.org/ip-address All standard DNS, DNSSEC, DNS over Https, DNS over TLS, DNSCrypt, No Logs, No web bugs or trackers found on website.
	Security filter for phishing and malware
		185.228.168.9
		185.228.169.9
		2a0d:2a00:1::2
		2a0d:2a00:2::2
	Adult filter and Security filter. Adult domains blocked, search engines to safe mode
		185.228.168.10
		185.228.169.11
		2a0d:2a00:1::1
		2a0d:2a00:2::1
	Family filter, Adult filter, Security filter. Proxies, VPNs & Mixed Adult Content blocked; Youtube to safe mode
		185.228.168.168
		185.228.169.168
		2a0d:2a00:1::
		2a0d:2a00:2::
OpenDNS Use Cloudflare DNS-over-HTTP/2 (as per jedisct1@cloudflare community) and https://www.opendns.com/setupguide/
208.67.222.222
208.67.220.220
	https://welcome.opendns.com/ to verify
Reminder, Cloudflare HAS BEEN BREACHED.  Instructions for Xbox, WiiU gaming platforms here. https://support.opendns.com/hc/en-us/articles/115003048283-Changing-DNS-on-Popular-Gaming-Systems-PS4-XBox1-WiiU-
HTTPS encrypts everything after the domain name. i.e. https://www.eff.org/p$p876o%u$%^we@as08dE. SNI is an experimental standard that encrypts the domain name as well. i.e. https://s%98^hn$w*&93b-g09(83kmp%0mso$dbhj5w4^5
If you're not using the Tor browser, here's the quick way to secure Firefox with ESNI:
In the browser address bar, type "about:config"
	ACCEPT and continue
Scroll down the (alphabetical list) for network.security.esni.enabled and double-click to change it to "True."
Scroll ato network.trr.mode and set it's value to "2," if it isn't already.
Go to: https://www.cloudflare.com/ssl/encrypted-sni/# and click "Check my Browser."
To see your current maximum security settings. Mind that websites must support the protocols in order for your browser to use these enhancements.
DNS.watch
German privacy laws, "No bullshit" policy.
https://dns.watch/how-to directions for a few OSs
For most routers, plug into the network and use 192.168.0.1
All No logging, DNSSEC enabled:
84.200.69.80	resolver1.dns.watch
2001:1608:10:25::1c04:b12f resolver1.dns.watch or Explicit v6 FQDN: resolver2v6.dns.watch
84.200.70.40	resolver2.dns.watch
2001:1608:10:25::9249:d69b resolver2.dns.watch or Explicit FDQN resolver1v6.dns.watch 
We recommend selecting a variety of Domain Name Sservers based on the device type and usage. Generally, on a home network, you'll want to set the DNS at your router for simplicity. For most home users, your router will be at http://192.168.1.1 or http://192.168.1.2. If that doesn't work, check the chart for the administration interface for your device. It should require a login. Try the following combinations of defaults first unless you know a password has already been set.
admin	(password blank)
admin	admin
admin	password
admin	root
root	root
root	(password blank)
admin	(your wifi password)
If none of these work for you, check the chart for defaults for your model.
Then, immediately locate "Maintenence" (toward top on Linksys and D-link) or "System Settings" on a Belkin.
Netgear Advanced > Setup > Internet Setup > Domain name Server (DNS) address
Xyzel Maintenence > Administration > Administrator https://www.zyxel.com/support/Zyxel-password-changing-procedure-20161213-v2.pdf
We recommend changing your administrator account name to "Pedro" or something and using a unique password, but using your wifi password is easy to remember and slightly better than nothing.
After you have secured your router with a password, locate the DNS settings. Depending on your router, it may be in "Basic Settings," "WAN settings," "advanced," or even "WiFi settings"
https://forum.xda-developers.com/general/xda-university/guide-how-to-change-dns-android-device-t3273769 Here is a list of different ways to (re)configure DNS mostly on rooted Android devices. There are some directions for those on non-rooted devices. Generally, DNS is protected on newer versions of Android, so many apps will not work.
Comodo has directions here for most computer operating systems and a generic step-by-step for routers.
wireshark
https://www.paessler.com/prtg
OpenDNS
Share by: