Our free and open DNS Resolver
89.234.141.66
2a00:5881:8100:1000::3
UDP and TCP, port 53 (standard), DNSSEC validation
DoH coming soon
What is an Open DNS Resolver?
A DNS resolver is a kind of directory that allows your equipment to transform a domain name into an IP address, for example wikipedia.org into 185.15.58.224, thus giving you access to the content of the requested site.
Our solver is open and uncensored. To learn more: we organize from time to time a Network & Magic educational game to learn how the internet works in a fun way, without any digital equipment.
What is the purpose of this DNS Resolver?
Avoiding tracking
This DNS resolver does not record the list of sites you visit and we are not required by law to do so as it only applies to content modification operations.
Provide a service
This DNS resolver is open, which means that it can be used from any IP. This feature is essential for the operation of some programs.
Knowing THE truth
This DNS resolver does not censor any web site: the government does not send us the list of sites to censor, we do not advertise with it, nor do we use parental controls or any other filtering.
How to configure your DNS resolvers
Before going any further in the process, you must know if you want to change your DNS resolver for a single computer or for all the equipment connected to the Internet in your home (computers, tablets, smartphones, etc.). In the first case, modifications can be made on your computer according to your operating system. In the second case, it is faster and easier to make modifications on your Internet router (your box).
Ci-dessous un exemple avec une box d'un BOFS.1 Il est fort possible qu'il y ait des différences de procédure avec votre Box, voir même que votre FAI vous empèche de faire la modification.2
1. Se rendre sur l'interface de la box
Pour vous connecter, essayer d'afficher les pages web suivantes, jusqu'à ce que l'une d'entre-elles affichent quelques choses:
2. Se connecter
En général, si vous ne les avez pas changé, les identifiants se trouvent sur une étiquette sur votre box ou accessible via un petit écran de 5cm.
Astuce : si c'est un vieux routeur, vous pouvez essayer avec admin ou root en identifiant et admin ou 1234 en mot de passe.
3. Fouiller l'interface
Il faut ensuite fouiller l'interface pour trouver les champs qui permettent de configurer le résolveur DNS primaire et le secondaire.
Capture d'écran de l'interface d'une box Red by SFR pour changer les résolveurs DNS
Ci-dessous, quelques chemins qui peuvent vous y mener:
- Red by SFR (Box:
F@st3686 V1b):Réseau>Paramètres de base>Configuration réseau wan>Utiliser l'adresse de serveur DNS suivante
To verify that your change is effective, you can use the IPLeak website. « 89.234.141.66 » needs to be filled below the « DNS Address detection » mention.
-
Bouygues, Orange, Free, SFR ↩
Emergency resolvers
| Associative ISP | IPv4 | IPv6 |
|---|---|---|
| Aquilenet | 185.233.100.100 | 2a0c:e300::100 |
| Aquilenet | 185.233.100.101 | 2a0c:e300::101 |
| FDN | 80.67.169.12 | 2001:910:800::12 |
| FDN | 80.67.169.40 | 2001:910:800::40 |
Frequently asked questions
No. If you are using it for a free project, please let us know and plan for redundancy in case the resolver goes down.
Because these resolvers lie and/or record the sites you visit with them.
Yes:
-
French commercial ISPs have all been tempted to send the user advertisements when a website does not exist (example: you have typed "arnfai.net" instead of "arn- fai.net" in the address bar of your browser). Some have done it like SFR or Alice.
Other DNS resolvers "lie" for security reasons (to prevent access to a site that contains viruses or to automatically correct your typos) which are not necessarily legitimate (individual's autonomy, error in assessing the quality of a website, etc.). -
Judicial blocking is relying on the DNS for gambling websites that do not pay their business licence (law 2010-476 of 2010) or any other website (examples: t411 and Copwatch)... But also all the administrative blocking (outside legal proceedings) on the secret list of the Ministry of the Interior, child pornography websites (LOPPSI 2 law of 2011), or glorifying terrorism (Cazeneuve law of 2014).
These types of blockages are insidious since they do not make the problems go away, nor do they come to the rescue of the victims, nor do they compensate them: violations of the law and personal injury continue... but in silence, since criminals are not arrested.
Blocking websites is like turning a blind eye to problems, rather than tackling them. Moreover, how could we control the legitimacy of the government's action in the case of the administrative blockage to avoid those issues? One of the first websites blocked in this context, islamic-news, was blocked without any real legal or factual arguments from the government.
- The previous point also highlights inequality between citizens. Judicial blockage can only be applied to ISPs who are subject of a final court decision. As part of the administrative blocking, the secret list is communicated by the Ministry of the Interior to the ISPs selected by the government.
In both cases, it turns out that only the largest commercial and national ISPs in France have to take blocking measures. So what about citizens who use the services of another ISP (university, work, association, etc.)? This means that, without specific skills, online content is different for all French citizens. Is this difference in access to information acceptable?
We do not save any connection data because we legally do not have to.
No, we don't want this resolver to generate unusual traffic for a DNS resolver.
Our resolver cryptographically verifies the validity of a DNS response. However, unless your equipment contains a solution to check this, you are still vulnerable to manipulation between you and the DNS resolver. In fact, DNSSEC validation on our resolver is only truly effective for subscribers who access to a service with an ARN IP address.
Because we did not have enough time to work on this yet. Do not hesitate to come and help us so that we can set it up :)
Documentation on how to set up our open DNS resolver service is available on the volunteers wiki page (page in French).
Before opening a DNS resolver to the public, there are some precautions to take to ensure the DNS will not be used to conduct large-scale DDoS attacks.
See in detail the considerations for protecting an open DNS resolver (page in French).