is there a list of public resolvers? e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
etc.?
we have a measurement set which contains a list of resolvers, some of
which we suspect are intentionally open, some unintentionally open,
and some not open. we are trying to filter that first set, the
intentionally open.
the open resolver finders would seem not to meet our need. but, yes, it
would be nice if they documented the intentional public open resolvers.
randy
?
Nick
There are several good articles about the different ones out there and the level of filtering and response they can offer. I personally have been happy with Quad9's free DNS server (9.9.9.9) and the basic anti-bad stuff filtering it does. You get no reporting on what it blocks, but there are services (OpenDNS for example) out there you can pay for that offer reporting if needed.
Thank you,
Spencer
is there a list of public resolvers? e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8,
etc.?
interesting, but probably too broad.
but i suspect my question was too broad.
we have a measurement set which contains resolvers, some of which we
suspect are intentionally open, some unintentionally open, and some
not open. we are trying to filter that first set, the intentionally
open.
i suspect it hinges on what one thinks of as 'public'. i.e. dtag's
servers for its customers is not what i think of as public. maybe
i mean globally public or something.
randy, who clearly needs to think a bit more
I don't know of an exhaustive list, but a while ago I collected these:
cloudflare 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
comodo: 8.26.56.26 8.20.247.20
dyn: 216.146.35.35 216.146.36.36
google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
level3: 4.2.2.2 4.2.2.1
norton: 199.85.126.10 199.85.127.10
opendns: 208.67.222.222 208.67.220.220
quad9: 9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9
ultradns: 156.154.71.1 156.154.70.1
Hugo
There’s also a list of interesting resolvers at
—Chris
Nearly all of those seem to error out.
Is that a wishful thinking list?
Thank you,
Kevin McCormick
Are all y’all allergic to Wikipedia or something?
-Bill
Those that do answer to anyone who asks are flagged "recursion-yes,” but I don’t know how often it’s updated.
—Chris
Oh, Bill. If you’d use Wikipedia to check out Wikipedia, you’d be allergic too! 
https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_is_not_a_reliable_source
-mel
Curious! (wkipedia random page look):
Comodo -> 8.26.56.26 && 8.20.247.20
as-path for those both:
174 23393 23393 16589
6762 3257 23393 23393 16589
$ whois AS16589
No match found for a 16589.
(https://bgp.he.net/AS16589#_whois)
So, sending your DNS queries into what sure looks like hijacked ip
space and asn ... seems bad.
$ whois AS16589
No match found for a 16589.
whois -r AS16589 # perhaps?
aut-num: AS16589
as-name: ELV-ANYCAST-NET
$ whois AS16589
No match found for a 16589.
* lists@benappy.com (Michel 'ic' Luczak) [Tue 02 Feb 2021, 14:48 CET]:
whois -r AS16589 # perhaps?
aut-num: AS16589
as-name: ELV-ANYCAST-NET
You skipped the most important line:
source: RIPE-NONAUTH
In other words, this object dates back to the times when anybody could throw almost anything into RIPE's IRRdb. In other words, it's not authoritative and its presence doesn't mean anything.
It's probably legit, the data is old but somewhat consistent. Comodo should probably try to clean up the RIR administration surrounding this ASN, though.
-- Niels.
From: "Bill Woodcock" <woody@pch.net>
Are all y’all allergic to Wikipedia or something?
Lots of people seem to be... :-}
I find it interesting that that article mentions alt-roots, but doesn't
have a column for that, nor any actual mention of such resolvers...
Cheers,
-- jra