Find list of subdomain

http://webbreacher.blogspot.com/2013/08/dns-host-enumeration-tool-bake-off.html

subbrute    https://github.com/TheRook/subbrute

Fierce           http://ha.ckers.org/fierce/

dnsmap:            https://code.google.com/p/dnsmap/

dns-discovery    https://code.google.com/p/dns-discovery/

dnsenum           https://code.google.com/p/dnsenum/

                          https://github.com/fwaeytens/dnsenum

 

 

NameList:              https://github.com/darkoperator/dnsrecon/blob/master/namelist.txt

Online tool

 

http://www.wolframalpha.com/

 

https://pentest-tools.com/reconnaissance/find-subdomains-of-domain#

 

Android repo sync issus: gnutls_handshake failed

The issus was caused by gnutls library,  if network bandwidth is low

 

Fix:

Build git with openssl from source:

cat git_build.sh

GIT_MAJOR=1.7.9
GIT_MINOR=7
GIT_VER=${GIT_MAJOR}.${GIT_MINOR}
GIT_NAME=git-${GIT_VER}

OPENSSL_VER=1.0.1i
OPENSSL_NAME=openssl-${OPENSSL_VER}

CURL_VER=7.38.0
CURL_NAME=curl-${CURL_VER}

EXPAT_VER=2.1.0
EXPAT_NAME=expat-${EXPAT_VER}

TARGET_DIR=/usr/local/git-${GIT_MAIN}
TARGET_DIR=/tmp/local

BUILD_OPENSSL=0
BUILD_CURL=0
BUILD_EXPAT=0
BUILD_GIT=1

if [ “${BUILD_OPENSSL}” == “1” ];then
  if [ ! -f ${OPENSSL_NAME}.tar.gz ];then
    wget http://www.openssl.org/source/${OPENSSL_NAME}.tar.gz
  fi

  if [ -d ${OPENSSL_NAME} ];then
    rm -rf ${OPENSSL_NAME}
  fi

  tar xvfz ${OPENSSL_NAME}.tar.gz
  cd ${OPENSSL_NAME}

  ./config no-shared no-dso –prefix=${TARGET_DIR}
  make -j4
  #make test
  sudo make install
  cd ..
fi

if [ “${BUILD_CURL}” == “1” ];then
  if [ ! -f ${CURL_NAME}.tar.gz ];then
    wget http://curl.haxx.se/download/${CURL_NAME}.tar.gz
  fi

  if [ -d ${CURL_NAME} ];then
    rm -rf ${CURL_NAME}
  fi

  tar xvfz ${CURL_NAME}.tar.gz
  cd  ${CURL_NAME}
  env PKG_CONFIG_PATH=${TARGET_DIR}/lib/pkgconfig ./configure  –disable-shared –prefix=${TARGET_DIR} –without-gnutls –with-ssl
  make -j4
  sudo make install
  cd ..
fi

if [ “${BUILD_EXPAT}” == “1” ];then
  if [ ! -f ${EXPAT_NAME}.tar.gz ];then
    wget http://sourceforge.net/projects/expat/files/expat/${EXPAT_VER}/${EXPAT_NAME}.tar.gz
  fi

  if [ -d ${EXPAT_NAME} ];then
    rm -rf ${EXPAT_NAME}
  fi
  tar xvfz ${EXPAT_NAME}.tar.gz
  cd ${EXPAT_NAME}
  ./configure –disable-shared –prefix=${TARGET_DIR}
  make
  sudo make install
fi

if [ “${BUILD_GIT}” == “1” ];then
  if [ ! -f v${GIT_VER}.tar.gz ];then
    wget http://github.com/git/git/archive/v${GIT_VER}.tar.gz
  fi

 
  if [ -d ${GIT_NAME} ];then
    rm -rf ${GIT_NAME}
  fi

  tar xvfz v${GIT_VER}.tar.gz
  cd ${GIT_NAME}
  make configure
 
  ./configure –prefix=${TARGET_DIR}  –with-curl –with-openssl=${TARGET_DIR} –with-lib=${TARGET_DIR}

  make -j4
  #make test
  sudo make install
fi

SoftEther: New Open Source VPN Package

Become open source at Jan 4, 2014

SSL-VPN Tunneling on HTTPS

Ethernet-bridging (L2) and IP-routing (L3) over VPN

Embedded dynamic-DNS and NAT-traversal

6 major VPN protocols:

    OpenVPN
    IPsec
    L2TP
    MS-SSTP
    L2TP V3
    EtherIP

 

VPN over ICMP or DNS feature

 

https://www.softether.org/

 

VPN Tunneling Protocols

FROM

http://technet.microsoft.com/en-us/library/cc771298%28v=ws.10%29.aspx

 

This article from Microsoft is outdated,  as mentioned by Linda Garth ( linda@thebestvpn.com),  and they have a  review of the VPN technology, the link is:

https://thebestvpn.com/pptp-l2tp-openvpn-sstp-ikev2/

Seem’s the Cisco VPN is still missing in their document, that is Ocserv & OpenConnect client,  an open source project  hosted at www.infradead.org

Similar to OpenVPN,  the Cisco VPN protocol is an application level protocol,  and widely used in Corporation environment

I put the link here,  dosen’t mean any suggestions to adopt Cisco VPN, or OpenVPN.

In fact, I am using

Road Worrie:  Just ssh socket forward, it’s easy and convenient,  together with wpad text file for the sake of proxy selection.  Performance or payload is not important for me,

 

As I have my own VPS server.

Access External Server  with public IP,  from Corp’s network:   Using Stunnel with SNI to enable setup multiple tcp link via http proxy

Access Internal server within Corp’s network from public IP:   Stunnel  with SNI + tgcd

Access Google Play from Handset,  Using PPTP VPN

 

From my experience:

The Stunnel is the most stable software,   the dante (sock5) is the second stable,  and  OpenVPN.

The unstable issue may caused by the fact that the handshake protocol of openvpn can be easy detected, not only the software code it’s self.  The same for the shadowsocks  or socks5 protocol.  Traffic Obfuscation is more important than encryption strength in some use case.

May 11 2017

 

 

 

Applies To: Windows Server 2008

Tunneling enables the encapsulation of a packet from one type of protocol within the datagram of a different protocol. For example, VPN uses PPTP to encapsulate IP packets over a public network, such as the Internet. A VPN solution based on Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or Secure Socket Tunneling Protocol (SSTP) can be configured.

PPTP, L2TP, and SSTP depend heavily on the features originally specified for Point-to-Point Protocol (PPP). PPP was designed to send data across dial-up or dedicated point-to-point connections. For IP, PPP encapsulates IP packets within PPP frames and then transmits the encapsulated PPP-packets across a point-to-point link. PPP was originally defined as the protocol to use between a dial-up client and a network access server.

PPTP

PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or a public IP network, such as the Internet. PPTP can be used for remote access and site-to-site VPN connections. When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.

Encapsulation

PPTP encapsulates PPP frames in IP datagrams for transmission over the network. PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. The following figure shows the structure of a PPTP packet containing an IP datagram.

Structure of a PPTP Packet Containing an IP Datagram

Structure of PPTP Packet Containing IP Datagram

Encryption

The PPP frame is encrypted with Microsoft Point-to-Point Encryption (MPPE) by using encryption keys generated from the MS-CHAP v2 or EAP-TLS authentication process. Virtual private networking clients must use the MS-CHAP v2 or EAP-TLS authentication protocol in order for the payloads of PPP frames to be encrypted. PPTP is taking advantage of the underlying PPP encryption and encapsulating a previously encrypted PPP frame.

L2TP

L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F.

Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE to encrypt PPP datagrams. L2TP relies on Internet Protocol security (IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec.

Both L2TP and IPsec must be supported by both the VPN client and the VPN server. Client support for L2TP is built in to the Windows Vista® and Windows XP remote access clients, and VPN server support for L2TP is built in to members of the Windows Server® 2008 and Windows Server 2003 family.

L2TP is installed with the TCP/IP protocol.

Encapsulation

Encapsulation for L2TP/IPsec packets consists of two layers:

First layer: L2TP encapsulation

A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header.

The following figure shows the structure of an L2TP packet containing an IP datagram.

Structure of an L2TP Packet Containing an IP Datagram

Structure of L2TP Packet Containing an IP Datagram

Second layer: IPsec encapsulation

The resulting L2TP message is then wrapped with an IPsec Encapsulating Security Payload (ESP) header and trailer, an IPsec Authentication trailer that provides message integrity and authentication, and a final IP header. In the IP header is the source and destination IP address that corresponds to the VPN client and VPN server.

The following illustration shows L2TP and IPsec encapsulation for a PPP datagram.

Encryption of L2TP Traffic with IPsec ESP

Encryption of L2TP Traffic with IPsec ESP

Encryption

The L2TP message is encrypted with either Data Encryption Standard (DES) or Triple DES (3DES) by using encryption keys generated from the Internet Key Exchange (IKE) negotiation process.

SSTP

Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking.

When a client tries to establish a SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer with the SSTP server. Over this HTTPS layer, the protocol packets flow as the data payload.

Encapsulation

SSTP encapsulates PPP frames in IP datagrams for transmission over the network. SSTP uses a TCP connection (over port 443) for tunnel management as well as PPP data frames.

Encryption

The SSTP message is encrypted with the SSL channel of the HTTPS protocol.

Choosing between tunneling protocols

When choosing between PPTP, L2TP/IPsec, and SSTP remote access VPN solutions, consider the following:

  • PPTP can be used with a variety of Microsoft clients including Microsoft Windows 2000, Windows XP, Windows Vista, and Windows Server 2008. Unlike L2TP/IPsec, PPTP does not require the use of a public key infrastructure (PKI). By using encryption, PPTP-based VPN connections provide data confidentiality (captured packets cannot be interpreted without the encryption key). PPTP-based VPN connections, however, do not provide data integrity (proof that the data was not modified in transit) or data origin authentication (proof that the data was sent by the authorized user).
  • L2TP can only be used with client computers running Windows 2000, Windows XP, or Windows Vista. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec. Computer certificate authentication, the recommended authentication method, requires a PKI to issue computer certificates to the VPN server computer and all VPN client computers. By using IPsec, L2TP/IPsec VPN connections provide data confidentiality, data integrity, and data authentication.Unlike PPTP and SSTP, L2TP/IPsec enables machine authentication at the IPsec layer and user level authentication at the PPP layer.
  • SSTP can only be used with client computers running Windows Vista Service Pack 1 (SP1) or Windows Server 2008. By using SSL, SSTP VPN connections provide data confidentiality, data integrity, and data authentication.
  • All three tunnel types carry PPP frames on top of the network protocol stack. Therefore, the common features of PPP, such as authentication schemes, Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPV6) negotiation, and Network Access Protection (NAP), remain the same for the three tunnel types.

Additional references

DNS namebench (Chicago)

IP
Descr. Hostname Avg (ms) Diff Min Max TO N
208.67.222.222 OpenDNS-2 resolver1.opendns.com 460.57 3.6% 261.0 3500.0 2 1
8.8.8.8
SYS-8.8.8.8 google-public-dns-a.google.com 476.94 273.9 3500.0 3 0
209.253.113.18
Mcleod 3 US cachens3.mcleodusa.net 513.36 -7.1% 262.7 3500.0 2 1
216.165.129.157 216.165.129.157 ns6.dns.tds.net 529.09 -9.9% 262.6 3500.0 2 0
216.170.153.146 TDS 8 US ns8.dns.tds.net 560.03 -14.8% 262.7 3500.0 3 0
216.52.129.1 Internap CHI US ns1.chi.pnap.net 567.64 -16.0% 264.2 3500.0 3 0
134.48.1.32 Marquette Uni US dns1.mu.edu 596.11 -20.0% 266.2 3500.0 7 0
4.2.2.2 Level 3/GTEI-2 b.resolvers.Level3.net 603.13 -20.9% 261.8 3500.0 2 0
156.154.70.1 UltraDNS rdns1.ultradns.net 610.57 -21.9% 261.7 3500.0 4 0
216.52.129.33 216.52.129.33 ns2.chi.pnap.net 611.23 -22.0% 263.8 3500.0 5 0
4.2.2.3 Level 3/GTEI-3 c.resolvers.level3.net 630.44 -24.3% 261.9 3500.0 3 0
4.2.2.1 Level 3/GTEI a.resolvers.level3.net 654.94 -27.2% 262.4 3500.0 3 0
216.81.128.132 216.81.128.132 nscache3-mngt.dsm.lightedge.com 690.13 -30.9% 268.0 3500.0 3 2
174.34.129.34 174.34.129.34 174.34.129.34.rdns.ubiquityservers.com 690.90 -31.0% 264.0 3500.0 5 0
64.58.254.2 64.58.254.2 ns1.met-net.com 750.62 -36.5% 275.8 3500.0 12 0
216.146.35.35 DynGuide resolver1.dyndnsinternetguide.com 1222.12 -61.0% 262.4 3500.0 55
2

 

 

DNS Namebench ( Las Vegas )

Recommended configuration (fastest + nearest)

Primary Server
12.127.17.71
Wtechlink/Pacinfo/AT&T-2 US
Secondary Server
74.82.42.42
Hurricane Electric
Tertiary Server
208.64.28.219

 

Hostname Avg (ms) Diff Min Max TO NX Notes
12.127.17.71 Wtechlink/Pacinfo/AT&T-2 US dns-rs1.bgtmo.ip.att.net 401.12 3.3% 222.8 1781.2 0 3
8.8.4.4 Google Public DNS-2 google-public-dns-b.google.com 413.25 0.3% 251.3 3500.0 2 3
8.8.8.8 SYS-8.8.8.8 google-public-dns-a.google.com 414.40 249.8 3500.0 2 3
156.154.70.1 UltraDNS rdns1.ultradns.net 479.33 -13.5% 221.5 3500.0 1 0
72.11.150.74 72.11.150.74 72.11.150.74.static.quadranet.com 527.09 -21.4% 222.2 3500.0 2 3
141.1.27.249 Cable & Wireless DE euro-cns1.cw.net 622.22 -33.4% 223.6 3500.0 1 3
208.67.220.220 OpenDNS resolver2.opendns.com 623.78 -33.6% 230.5 3500.0 19 3
72.11.150.10 72.11.150.10 72.11.150.10.static.quadranet.com 639.72 -35.2% 221.4 3215.3 0 3
208.64.28.219 208.64.28.219 placeholder.userdns.com 653.31 -36.6% 214.5 3500.0 5 3
4.2.2.1 Level 3/GTEI a.resolvers.level3.net 665.00 -37.7% 224.2 3500.0 6 3
216.146.36.36 DynGuide-2 resolver2.dyndnsinternetguide.com 849.78 -51.2% 224.2 3503.6 14 0

 

 

 

 

 

 

DNS (Near Las Vegas)

208.64.28.219                                                             7.68

74.222.30.2                                                                7.90

72.11.150.10                                                              7.66

72.11.150.74                                                              7.59

72.37.141.91     ns1.belairinternet.com                     7.86

74.82.42.42       ordns.he.net                                         7.73

 

4.2.2.1               Verizon                                             10
4.2.2.2               Verizon                                             10

8.3.48.20            dns1.linknetinc.com                        11.2

8.3.48.22           dns2.linknetinc.com                         11.6

12.127.17.71     dns-rs1.bgtmo.ip.att.net                   9.00

12.127.17.72    dns-rs2.bgtmo.ip.att.net                    9.00

216.146.35.35    dyn                                                   8.26
216.146.36.36    dyn                                                   8.17

209.244.0.3       Level3                                              10
209.244.0.4       Level3                                              10

208.67.222.222   OPENDNS Primary                       18.3
208.67.222.220   OPENDNS Second                        18.3

DNS (Near Chicago)

8.8.8.8                     13.6
8.8.4.4                     14.0

 

64.50.230.116           ns3.dns.tds.net          1.19
216.165.129.157       ns6.dns.tds.net          0.97
216.165.129.158       ns7.dns.tds.net          1.06
216.170.153.146       ns8.dns.tds.net          0.97

63.150.72.4               ns1.digitalteleport.com        1.07

216.52.129.1             ns1.chi.pnap.net                  1.45
216.52.129.33           ns2.chi.pnap.net                  1.35

209.244.2.66             lo-0.hsa1.Chicago1.Level3.net        1.94

174.34.129.34           174.34.129.34.rdns.ubiquityservers.com 2.34

134.48.1.32                dns1.mu.edu                               5.60
216.81.128.132        nscache3-mngt.dsm.lightedge.com      8.73

64.58.254.2               ns1.met-net.com                        14.6

DNS Server

Root DNS server

http://www.iana.org/domains/root/servers

http://public-dns.tk/

http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

http://portforward.com/networking/dns.htm

 

Listed DNS Server:

http://portforward.com/networking/dns.htm

Google DNS
Primary: 8.8.8.8
Secondary: 8.8.4.4


Australia

QLD
144.140.70.29
144.140.71.15
144.140.70.16

Westnet (ADSL)
203.21.20.20
203.10.1.9


Canada

Shaw Cable
64.59.144.16
64.59.144.17

Telus(BC)
154.11.128.129
154.11.128.150
154.11.128.1
154.11.128.2
154.11.128.130
209.53.4.150


China

I-Cable
(Hong Kong)
210.80.60.1
210.80.60.2


Italy

Alice
212.216.112.112
212.216.172.62


Malaysia

Schoolnet (ADSL)
202.75.44.18
203.106.3.171
202.75.44.20

Tmnet Streamyx (ADSL)
202.188.0.132
202.188.0.133
202.188.0.147
202.188.0.161
202.188.0.181
202.188.0.182
202.188.1.4
202.188.1.5
202.188.1.23
202.188.1.25


Mexico

Cablemas (Cable 128kbps)
69.44.143.245
200.79.192.3


Nederland
Hetnet
10.0.0.5
10.0.0.2
10.0.0.3

Planet Internet
195.121.1.34
195.121.1.66


New Zealand

Xtra (DSL)
202.27.158.40
202.27.156.72

Paradise (DSL)
203.96.152.4
203.96.152.12


Portugal

Netvisão (Cable)
213.228.128.6
213.228.128.5

TVTel
195.22.0.204
195.22.0.205


Sweden

Tele2
130.244.127.161
130.244.127.169


United Kingdom

AOL
205.188.146.145

Blueyonder/Telewest (Cable)
193.38.113.3
194.177.157.4

BTInternet
194.73.73.172
194.73.73.173
194.72.9.44
194.72.9.38 (Cardiff, S.Wales)
194.72.9.39 (Cardiff, S.Wales)

Bulldog Broadband
Ns3.bulldogdsl.com . 83.146.21.5 (South)
Ns4.bulldogdsl.com . 83.146.21.6 (South)
Ns5.bulldogdsl.com . 212.158.248.5 (North)
Ns6.bulldogdsl.com . 212.158.248.6 (North)

Nildram (ADSL)
213.208.106.212
213.208.106.213

NTL (Cable) and Virgin.net (ADSL)
194.168.4.100
194.168.8.100

Pipex (ADSL)
62.241.162.35
62.189.34.83

Silvermead (Satellite, DSL, ISDN)
62.55.96.226
62.55.96.109 (unchecked)

Telewest (Cable)
62.31.176.39
194.117.134.19

Tiscali, Screaming.net, Worldonline, Lineone
212.74.112.66
212.74.112.67
212.74.114.129 (Cambridge)
212.74.114.193 (Cambridge)

Wanadoo UK (ADSL)
195.92.195.94
195.92.195.95

Zen Internet
Primary DNS: 212.23.8.1
Secondary DNS: 212.23.3.1


United States of America

Adelphia
67.21.13.4 Los Angeles, CA
67.21.13.2 Los Angeles, CA
24.48.217.226 Santa Monica, CA
24.48.217.227 Santa Monica, CA
68.168.1.42 Florida
68.168.1.46 Florida

Bellsouth Fast access DSL:
Georgia
205.152.37.23
205.152.37.24
205.152.37.25
205.152.144.24
205.152.144.25

Charter Comms (Cable)
68.116.46.70

Comcast (pick the nearest!)
68.87.66.196 Comcast (national) Primary DNS Server.
68.87.64.196 Comcast Secondary DNS Server.
68.57.32.5 (Virginia)
68.57.32.6 (Virginia)
216.148.227.68 (Denver, Colorado)
204.127.202.4 (Denver, Colorado)
68.42.244.5 (Taylor, Michigan)
68.42.244.6 (Taylor, Michigan)
68.62.160.5 (Huntsville, Alabama)
68.62.160.6 (Huntsville, Alabama)
68.87.96.3 (Pennsylvania)
68.87.96.4 (Pennsylvania)

Cox HSI (Cable)
68.12.16.25 (Oklahoma – Primary)
68.12.16.30 (Oklahoma – Secondary)
68.2.16.30 (Oklahoma – Tertiary)

Cox.net
68.10.16.25
68.10.16.30
68.9.16.30

Earthlink – seem to be shared by Cable and DSL users in several states. Georgia and Florida confirmed.
207.69.188.187
207.69.188.186
207.69.188.185
209.86.63.217 (Cable) – Charlotte, NC

Harrisonville Telephone Company (HTC)
216.114.114.130 (Illinois)
216.114.114.132 (Illinois)

Horry Telephone Coop
66.153.128.98 (Horry County, South Carolina)
66.153.162.98 (Horry County, South Carolina)

ORSC Public Access DNS Nameservers (Anyone can use these, no matter what ISP)
199.166.24.253
199.166.27.253
199.166.28.10
199.166.29.3
199.166.31.3
195.117.6.25
204.57.55.100

Roadrunner (Cable)
24.25.195.1 (San Diego, CA)
24.25.195.2 (San Diego, CA)
24.25.195.3 (San Diego, CA)

SBC Yahoo DSL
206.13.31.13
206.13.28.60
206.13.31.5
206.13.28.31

Speakeasy (pick any two!)
66.93.87.2 (Washington state and Oregon)
216.231.41.2 (Washington DC – probably)
216.254.95.2 (NY, Massachusetts and Pennsylvania)
64.81.45.2 (Los Angeles, California)
64.81.111.2 (Denver, Colorado)
64.81.127.2 (Dallas, Texas)
64.81.79.2 (Sacramento, California)
64.81.159.2 (Baltimore and Washington DC)
66.92.64.2 (Boston, Massachusetts)
66.92.224.2 (Philadelphia)
66.92.159.2 (Washington DC)
216.27.175.2 (Atlanta, Georgia. Serves Florida too)

Sprintlink (nationwide)
204.117.214.10
199.2.252.10
204.97.212.10

TimeWarner
24.93.1.119 (Rochester, NY)

Unicom
216.104.64.5 (Grants Pass, OR)
216.104.72.5 (Portland, OR)

FrontierNet / Citlink / New North DNS addresses:
66.133.170.2 (Rochester, NY)
170.215.255.114 (Rochester, NY)
216.67.192.3 (Arizona)
207.173.225.3 (Arizona)
207.173.225.3 (California)
216.67.192.3 (California)
170.215.255.114 (New York (areas other than Rochester))
66.133.170.2 (New York (areas other than Rochester))
170.215.184.3 (West Virginia)
170.215.126.3 (West Virginia)
170.215.126.3 (Tennessee, Georgia)
170.215.184.3 (Tennessee, Georgia)
67.50.135.146 (Illinois)
66.133.191.35 (Illinois)
66.133.191.35 (Wisconsin, Minnesota, Iowa, North Dakota and Nebraska)
170.215.255.114 (Wisconsin, Minnesota, Iowa, North Dakota and Nebraska)

Suddenlink DNS Numbers
209.55.0.110
209.55.1.220
Verizon (Level3) – these are not restricted to Verizon customers
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Wave Broadband
24.113.32.29
24.113.32.30

 

http://theos.in/windows-xp/free-fast-public-dns-server-list/

Free Public DNS Server

=> Service provider: Google
Google public dns server IP address:

  • 8.8.8.8
  • 8.8.4.4

=> Service provider:OpenDNS
OpenDNS free dns server list / IP address:

  • 208.67.222.222
  • 208.67.220.220

=> Service provider:Opennicproject (visit this url to get nearest DNS server for your country)

  • 151.236.6.156
  • 118.88.20.195

=> Service provider:DynDNS

  • 216.146.35.35
  • 216.146.36.36

=> Service provider:Dnsadvantage
Dnsadvantage free dns server list:

  • 156.154.70.1
  • 156.154.71.1

=> Service provider:SafeDNS

  • 195.46.39.39
  • 195.46.39.40

=> Service provider:Comodo Secure DNS

  • 8.26.56.26
  • 8.20.247.20

=> Service provider:Norton
Norton free dns server list / IP address:

  • 198.153.192.1
  • 198.153.194.1

=> Service provider: GTEI DNS (now Verizon)
Public Name server IP address:

  • 4.2.2.1
  • 4.2.2.2
  • 4.2.2.3
  • 4.2.2.4
  • 4.2.2.5
  • 4.2.2.6

 

http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

Provider Primary DNS Server Secondary DNS Server
Level31 209.244.0.3 209.244.0.4
Google2 8.8.8.8 8.8.4.4
Comodo Secure DNS 8.26.56.26 8.20.247.20
OpenDNS Home3 208.67.222.222 208.67.220.220
DNS Advantage 156.154.70.1 156.154.71.1
Norton ConnectSafe4 199.85.126.10 199.85.127.10
GreenTeamDNS5 81.218.119.11 209.88.198.133
SafeDNS6 195.46.39.39 195.46.39.40
OpenNIC7 216.87.84.211 23.90.4.6
Public-Root8 199.5.157.131 208.71.35.137
SmartViper 208.76.50.50 208.76.51.51
Dyn 216.146.35.35 216.146.36.36
FreeDNS9 37.235.1.174 37.235.1.177
censurfridns.dk10 89.233.43.71 89.104.194.142
DNS.WATCH11 84.200.69.80 84.200.70.40
Hurricane Electric12 74.82.42.42
puntCAT13 109.69.8.51

[1] The free DNS servers listed above as Level3 will automatically route to the nearest DNS server operated by Level3 Communications, the company that provides most of the ISPs in the US their access to the Internet backbone.

[2] Google also offers IPv6 public DNS servers: 2001:4860:4860::8888 and 2001:4860:4860::8844.

[3] OpenDNS also offers DNS servers that block adult content, called OpenDNS FamilyShield. Those DNS servers are 208.67.222.123 and 208.67.220.123. A premium DNS offering is also available, called OpenDNS Home VIP.

[4] The Norton ConnectSafe free DNS servers listed above block sites hosting malware, phishing schemes, and scams, and is called Policy 1. Use Policy 2 (199.85.126.20 and 199.85.127.20) to block those sites plus those with pornographic content. Use Policy 3 (199.85.126.30 and 199.85.127.30) to block all previously mentioned site categories plus those Norton deems “non-family friendly.” Be sure to check out the list of things blocked in Policy 3 – there are several controversial topics in there that you may find perfectly acceptable.

[5] GreenTeamDNS “blocks 18 categories which include malware, botnets, dangerous websites, adult related content, aggressive/violent sites as well as advertisements and drug-related websites” according to their FAQ page. Premium accounts have more control.

[6] Register here with SafeDNS for content filtering options in several areas.

[7] The DNS servers listed here for OpenNIC are just two of many in the US and across the globe. Instead of using the OpenNIC DNS servers listed above, see their complete list of public DNS servers here and use two that are close to you or, better yet, let them tell you that automatically here. OpenNIC also offers some IPv6 public DNS servers.

[8] These Public-Root DNS servers are the only two currently operating in the United States but if you’re located ouside the US, see their complete list here and choose the best servers based on your location.

[9] FreeDNS says that they “never log DNS queries.” Their free DNS servers are located in Austria.

[10] The censurfridns.dk DNS servers are uncensored, operated by a privately funded individual, and are physically located in Denmark. You can read more about them here. IPv6 DNS servers are also available at 2002:d596:2a92:1:71:53:: and 2002:5968:c28e::53.

[11] DNS.WATCH also has IPv6 DNS servers at 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b. In an uncommon but much appreciated move, DNS.WATCH publishes live statistics for both of their free DNS servers. Both servers are located in Germany.

[12] Hurricane Electric also has an IPv6 public DNS server available: 2001:470:20::2.

[13] puntCAT is physically located near Barcelona, Spain. The IPv6 version of their free DNS server is 2a00:1508:0:4::9.

Note: Primary DNS servers are sometimes called preferred DNS servers and secondary DNS servers are sometimes called alternate DNS servers. Primary and secondary DNS servers can be “mixed and matched” to provide another layer of redundancy.