Help with choosing a DNS resolver

Hello everyone,

I’m currently using Mullvad DNS with a profile on iOS and I’m having issues with resolving some websites.

Don’t get me wrong, Mullvad DNS works fine when using the VPN but when it comes to choosing a main DNS resolver I’m looking for a more stable provider.

What do you recommend or use personally as your main DNS server when you don’t use a vpn ?

(Preferably, with ad blocking or at least malware blocking)

1 Like

Quad9? But even when you are not on vpn, why don’t you like mullvad’s?

1 Like

Depends on which profile you are using, for example if I use this: https://all.dns.mullvad.net/dns-query

Then I’m not able to open X/Twitter etc.

If you use dns.mullvad.net every website will work just fine. It doesn’t use any filter or block lists.
Mullvad DNS is very stable.

1 Like

Here is a list of trusted DNS Servers which don’t use filter lists.
Most of them are european.

Switzerland - https://dns.digitale-gesellschaft.ch/dns-query
[Öffentliche DNS-Resolver - Digitale Gesellschaft]

Germany - https://dnsforge.de/dns-query
[ https://dnsforge.de/]
The Service is operated by adminforge.de

Germany - dns3.digitalcourage.de
[Zensurfreier DNS-Server | Digitalcourage]

Germany - https://doh.ffmuc.net/dns-query
[DNS-over-HTTPS- und DNS-over-TLS-Unterstützung [ffmuc.net/wiki/]]

Denmark - https://anycast.uncensoreddns.org/dns-query
[DNS Servers - uncensoreddns blog]


Your DNS Server can still see what websites you want to visit. It’s just that it’s a little bit more complicated for your ISP to see what websites you request through DNS. Because of SNI and other things in the DNS Protocoll your ISP will still see what Websites you request.
But if the traffic is encrypted it can be more complicated to manipulate DNS as a MITM.

I personally wouldn’t use Cloudflare or Adguard. Both are commercial Companies which probably collect data for the US (in Cloudflares case) and the Russian (in Adguards case) government. Cloudflare is too big. There are a lot of independent free dns providers from non profits. The only reason to use something like Quad9 or Cloudflare is if there isn’t a trusted dns provider in your country and all others are too slow.

2 Likes

Here are more DNS Servers: DNSCrypt - List of public DoH and DNSCrypt servers
Most of them should be good.
You can also just look up who operates the server.

If you’re looking for something different, just pick a different one from PrivacyGuides’ list

2 Likes

I stopped using any of the advanced Mullvad DNS providers as I would run into weird issues with websites loading, I even had cases where Mullvad’s own website wouldn’t load sometimes, using their adblock or base profile, so I switched back to using Quad9 and Cloudflare and letting my pi-hole do it’s job with the adlists.

1 Like

One of the founders of Adguard addressed every issue that was brought up about trusting them here: Can AdGuard VPN be trusted? - #68 by ameshkov

Continuing to say they can’t be trusted when they’re open source, not headquartered in Russia, openly answered many questions about their operations, and actually have very few staff left in the country is just FUD.

2 Likes

Can always try NextDNS, that way you can view the logs and whitelist whatever is keeping the site from loading correctly.

4 Likes

Second for this. I even have premium subscription with NextDNS - great so far.

2 Likes

Use dns0.eu within the EU or Quad9 if outside the EU, as upstream.

https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/

1 Like

Using a custom DNS server is not recommended by PG. Please ensure if your threat modeling allows for that.

In my case, it does, and I find NextDNS to be good for blocking ads, trackers, and threats at a network level. I find the free tier of NextDNS the best for this. If you don’t mind paying, I heard that Control-D is also good. Then there is Adguard personal DNS as well, but I find it a bit confusing and had latency issues.

There may be more but these are what I’m aware of.

1 Like

I prefer to use Mullvad DNS but unfortunately it has slow reloads for some websites and sometimes even won’t resolve websites.

I just selfhost an authoritative resolver on my own. Probably not as fast as commercial, public resolvers out there but now I’m self reliant and controls my query data myself.

Bind9 aren’t that hard to manage and if prefers gui theres technitium dns too. Bind9 coupled with adguardhome basically lets me emulate nextdns myself. Technitium can even be authoritative without needing bind9 and filtering ads itself but i prefer adguardhome modern and simpler query log view.

NextDNS
Rethink DNS

1 Like

What about 1.1.1.1?

ControlD made by the same company that manages WindScribe VPN

1 Like

Please look at DNS Resolvers - Privacy Guides

1 Like

It’s from Cloudflare.
We shouldn’t put our trust in these big central for profit corporations.

1 Like