Charlie Harvey

Anonymous Public DNS with OpenNIC

The Domain Name System (DNS) is like a phone book — you send a query to a server that says "what is the number for" and it sends back an IP address. Nowadays lots of people use either their ISP’s DNS server or one of the public DNS servers like Google’s The problem with this is that it compromises your privacy. Those systems maintain logs, which its safe assume must be accessible to NSA and GCHQ to do traffic analysis on. And presumably the logs are used by Google for analysis of our behaviour. Just another way that we are being farmed like data cattle.

It would be better if that data weren’t logged at all and there are a number of DNS servers in the OpenNIC project that don't keep logs. OpenNIC describes itself as "an alternative DNS provider that is open and democratic" particularly for people who "are … concerned about censorship". They maintain a large number of DNS servers in various countries around the world.

You can switch to using them instead of, just look up a server from the list of OpenNIC Tier 2 Servers. You can see what country the server is in, and whether it maintains logs or not.

Make the change permanent

On a Debian system that has a static ip address you can just change the nameserver line/s in /etc/resolv.conf from thisnameserver thisnameserver

If you are getting your IP address dynamically then things are a bit more of a faff. You need to tell resolvconf to use the servers you specify rather than the ones suggested by DHCP. You can do that by /etc/resolvconf/resolv.conf.d/base so that it contains your chosen OpenNIC servers, like thisnameserver nameserver nameserver .

Other cool things about OpenNIC

As well as protecting your anonymity better than other DNS systems, OpenNIC has some nice features including providing alternate top level domains. A top level domain is the .com or .net or part of a URL. The new top level domains that OpenNIC support include fun ones such as .geek for techie stuff — there's a good search engine called grep.geek. More seriously there are also top level domains for New Nations not recognized by the US-controlled DNS, such as .ti for Tibet.


  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.