DNS Servers to use in Australia:
There are a LOT of DNS severs in Australia, and most do not block any websites. If all you want to do is unblock stuff then you can use any of these AAPT DNS servers: 220.127.116.11 / 18.104.22.168 / 22.214.171.124 ( it appears only on iiNet/TPG group ISPs). In fact, you can even use this TPG server, strangely enough: 126.96.36.199, or of course any ISP not covered by the court order that has public DNS resolvers (many are network-locked) such as Broadband Solutions 188.8.131.52, or MyRepublic 184.108.40.206 / 220.127.116.11 (Au), 18.104.22.168 / 22.214.171.124 (NZ). There are also pubic resolvers operated by organisations as well, like this one from UNILINC: 126.96.36.199, or this one from Northwest Aviation Services: 188.8.131.52. […] Now that's just a short list really, and confined to Australia[…] But before you enter them consider that most of those providers will log your data use, any run by an ISP are required to by law, and none of the others say they don't log use. GetFlix DNS servers: 184.108.40.206 (Melbourne), 220.127.116.11 (Sydney 1), 18.104.22.168 (Sydney 2), 22.214.171.124 (Perth). One downside: if you don't pay for their service they don't resolve Netflix and other such domains!
You can also use DNS servers provided by VPNs. The PIA servers are 126.96.36.199 / 188.8.131.52. There are two Openic servers in Australia as well: 184.108.40.206 (NSW), 220.127.116.11 (Vic). Other options not recommended are GoogleDNS and CISCO. Google do say how long they keep logs for, so we'll assume forever, and you're giving all your metadata to the world's largest advertising company! CISCO also keeps logs indefinitely, do not use.
The best option is to use one of these severs above as your back-up server, and set up dnscrypt, and use the d0wn Australia server (or really any server that doesn't log, it's up to you). Dnscrypt severs send all enquires and responses via HSTS meaning they are encrypted from the DNS sever to your device, and cannot be spied upon by your ISP or anyone else. Your ISP can still learn what you're doing through deep-packet sniffing, but I understand this is used only occasionally by ISPs, and typically to allocate prioritised traffic not to log use. In addition, no one can hijack the DNS enquires either, which is important for security. Finally, if you really don't want to set up dnscrypt, you can just use the d0wn servers as regular DNS servers, for example by using 18.104.22.168 (the AU server) and whatever other servers you choose.
TODO: update this list for modern metadata retention laws etc.
CCC's recommended DNS servers globally:
- 22.214.171.124 (FoeBud)
- 126.96.36.199 (f.6to4-servers.net, ISC, USA)
- 2001:4f8:0:2::14 (f.6to4-servers.net, IPv6, ISC)
- 188.8.131.52 (dns.as250.net; Berlin/Frankfurt)
- 184.108.40.206 (dnscache.berlin.ccc.de)
The Google Public DNS IP addresses (IPv4) are as follows:
The Google Public DNS IPv6 addresses are as follows:
How to use them
If you are using these for VPN on Ubuntu, you need extra steps. But maybe your DNS cache is already poisoned with false records? You need to expunge them.
Your OS can benefit from a DNS flush; but also your browsers can keep stinky poisoned records around. clearing browser DNS cachesis also possible.
sudo systemd-resolve --flush-cache sudo systemd-resolve --statistics
DNS flush command keeps changing, eh?:
sudo dscacheutil -flushcache sudo killall -HUP mDNSResponder