Whence one obtains proxy DNS service

You've come to this page because you've asked a question similar to the following:

From whence can I obtain proxy DNS service ? What publically available proxy DNS servers exist ?

or because you've provided the wrong answer to such questions by saying something similar to the following:

Just look up the IP addresses of an ISP's/university's DNS servers with the relevant "NS" and "A" queries, and configure your DNS Client to send its queries to those addresses.

This is the Frequently Given Answer to those questions and such statements.

Provision of proxy DNS service is something that happens by private arrangement. Anyone who intends to provide you with proxy DNS service will have told you directly what IP address(es) to employ to obtain it.

Some organisations have content DNS servers, listed in the public DNS database, that also just happen to provide proxy DNS service. However, picking someone else's content DNS servers and trying to use them for proxy DNS service won't necessarily work either now or in the future. The listings in the public DNS database indicate where to find an organisation's content DNS servers, not where to find its proxy DNS servers. (Indeed, if an organisation is employing best practice, its proxy DNS server won't actually be listening on an IP address that you can reach.)

Moreover, as organizations gradually come to realize that it isn't in their interest to provide free proxy DNS service to complete strangers, they will tighten up their listed DNS services to provide only content DNS service, in line with the best practice that is recommended by many experts in the field, most DNS software authors (including, for example, Dan Bernstein), and most books on DNS. (Indeed, hitting an organisation's listed content DNS server for proxy DNS service is a good way to draw a DNS administrator's attention, via the increased cost and resource usage, to the fact that he/she is unwisely providing promiscuous proxy DNS service and should stop doing so.)

ISPs often provide proxy DNS service to their paying customers, as part of the private service arrangements between the ISP and the customers. If you are a customer of such an ISP, you will have been told about the IP addresses of its proxy DNS servers in one of several ways:

For some ISPs, this information is provided in a "welcome pack" that is given to all customers when they first subscribe to the service.
Good quality ISPs also publish it on a "Summary of configuration information that you need" web page of some sort on their own web sites.
Other ISPs provide the information dynamically as part of the information sent to your machine via DHCP/PPP.

If your ISP does not provide you with proxy DNS service, or if the proxy DNS service that it provides is unsatisfactory (for example, because it is not secure against cache poisoning, because it provides the wrong view of the DNS namespace, or because it can leak information about your DNS lookups to other customers) then one option that you have is to run your own resolving proxy DNS server, of course.

Another option is to obtain proxy DNS service from an organisation that explicitly provides promiscuous proxy DNS service for use by the public at large. There are two such organisations:

© Copyright 2003 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.