How to Choose the Best Public DNS: Pros, Cons, and Top Providers

DNS is one of the foundations of the Internet. This article focuses on recursive DNS, also known as public DNS, discussing its necessity, advantages and disadvantages, and the factors to consider when selecting a public DNS service.

2020 update: added support for TCP queries; Alibaba public DNS now supports DoH/DoT; Tencent Public DNS+ began public testing of DoH and DoT.

Do You Really Need a Public DNS?

Before choosing a public DNS, ask yourself whether you truly need one. Whether you connect via PPPoE or DHCP, your ISP provides two DNS servers (referred to as ISP DNS). In the DNS resolution process, the user sends a request to a recursive DNS, which forwards the request to an authoritative DNS. ISP DNS functions as a recursive DNS, and some ISPs or other providers also operate public recursive DNS servers that anyone can use.

For most users, the ISP‑provided DNS is the most accurate and fastest, offering short response times and the most precise CDN resolution results. The ISP DNS is also the most CDN‑friendly because its DNS exit matches the user's actual network location.

However, ISPs may engage in DNS poisoning, hijacking, censorship, TTL manipulation, or return ad‑filled pages, which can degrade the experience even if the ISP is otherwise well‑intentioned.

Public DNS services have their own drawbacks. Two articles by a former CloudXNS engineer discuss the disadvantages of using public DNS, especially the impact of DNS exit on CDN optimization.

If, after reading those articles, you still prefer public DNS for better security or accuracy, continue reading.

What to Consider When Choosing a Public DNS

SLA uptime – DNS reliability directly affects browsing experience.

Response speed – Faster responses improve perceived website load time.

Accuracy – Correct resolution results are essential.

EDNS/ECS – Helps obtain the most accurate CDN results.

Other features – Some public DNS services offer ad‑blocking or special routing.

DNS exit – The IP address used by the public DNS to query upstream servers; it influences CDN node selection. $ dig whoami.akamai.net The DNS exit is crucial for CDN performance because, without EDNS, the authoritative DNS uses the public DNS’s request IP to infer the user’s location and return the nearest CDN node.

Note: This article only covers major, stable public DNS services; unstable or non‑RFC‑compliant services are omitted.

Domestic Public DNS Services

Tencent DNSPod

Anycast: Shanghai, Tianjin, Guangzhou, Hong Kong

DNS exit: same four locations

TCP queries: not supported

DoT/DoH: supported (domains dns.pub and doh.pub)

ECS: partially supported 119.29.29.29 119.28.28.28 DNSPod’s public DNS is free and also provides HTTPDNS. It does not support cookie queries; when using the latest BIND dig, add +nocookie to the command.

Alibaba Cloud Public DNS

Anycast: Chengdu, Shenzhen, Hangzhou

DNS exit: same three locations

TCP queries: not supported

DoT/DoH: both supported (IP or domain dns.alidns.com)

ECS: partially supported (DNS JSON API supports edns_client_subnet)

223.5.5.5 223.6.6.6

Nanjing XinFeng Public DNS

Anycast: Nanjing, Jinan, Chicago

DNS exit: not measured

TCP queries: not supported

DoT/DoH: not supported

ECS: not supported

114.114.114.114 114.114.115.115

Clearwater TUNA 666DNS (deprecated)

Anycast: none (single point at Tsinghua University)

DNS exit: China Education Network

TCP queries: supported

DoT/DoH: both supported (IP only)

ECS: not supported

101.6.6.6

CNNIC Public DNS

Anycast: Beijing, Hangzhou, Hong Kong

DNS exit: CNNIC and Alibaba Cloud

TCP queries: not supported

DoT/DoH: not supported

ECS: not supported

1.2.4.8 210.2.4.8

Baidu Public DNS

Anycast: Beijing, Nanjing, Shenzhen

DNS exit: same three locations

TCP queries: not supported

DoT/DoH: not supported

ECS: not supported

180.76.76.76

International Public DNS Services

Google Public DNS

Anycast: 36 Google data centers (excluding Google Global Cache)

DNS exit: Google global edge network

TCP queries: supported

DoT/DoH: both supported (domains dns.google or IP)

ECS: supported (DNS JSON API supports edns_client_subnet)

8.8.8.8 8.8.4.4

OpenDNS

Anycast: 32 OpenDNS data centers

TCP queries: supported

DoT/DoH: not supported

ECS: supported

208.67.222.222 208.67.220.220

Cloudflare DNS

Anycast: 160+ Cloudflare data centers

DNS exit: same 160+ locations

TCP queries: supported

DoT/DoH: both supported (domains one.one.one.one or IP)

ECS: not supported (privacy policy)

1.0.0.1 1.1.1.1

Freenom World

Anycast: yes

DNS exit: Freenom Transit IP

TCP queries: supported

DoT/DoH: not supported

ECS: supported

80.80.80.80 80.80.81.81

DNS.sb

Anycast: yes

DNS exit: SB Network upstream IP

TCP queries: supported

DoT/DoH: supported (IP or dns.sb)

ECS: not supported

185.222.222.222 185.184.222.222

Public DNS Best Practices

In summary, if you need a public DNS that provides CDN‑friendly results, use Alibaba DNS for stability or Tencent DNSPod for accuracy when accessing domestic sites. For overseas sites, prefer Cloudflare’s 1.0.0.1 or OpenDNS’s 208.67.222.222, with Google’s 8.8.8.8 or 8.8.4.4 as backups.