/
Recursive DNS Operators

Recursive DNS Operators

Owned by Steven Kim
Last updated: Mar 02, 2025 by Aleksey KhapchenkoVersion comment

1. Scope/Audience

  1. When considering a recursive DNS resolver:
    1. Is the resolver service public or private ?
    2. Is the resolver service open or closed ?
  2. Clarification:
    1. Public: can be reached over the open internet (public IP address, not restricted)
    2. Private: cannot be reached over the open internet (private IP address, or ACL restrictions, or a combination)
    3. Open: reachable by, and responds to queries from any client
    4. Closed: requires authentication of some sort to be used
      1. IP address, TSIG, TLS cert (DoT)

2. In practice, the following services are found on the internet:

  1. Private Resolvers - Found in corporate / restricted networks, not publicly accessible.

  2. Shared Private Resolvers - ISPs or similar hosting service providers

  3. Public Resolver Operators - Commercial DNS filtering / scrubbing service.