Public DNS servers list

nu01 · February 21, 2026, 5:49pm

Today, the 76.76.10.0 & the 76.76.2.0 went crazy and were not resolving for more than 13 hours, at least not for me. Could not make head or tail of it, as this was the result of it:

`Grand total summary

                                                              At least one address

TOTAL Volume Messages Addresses Hosts Delayed Failed
Received 440KB 16 13 1 6.2% 1 6.2%
Delivered 450KB 20 20 5
Rejects 121 61
Temp Rejects 671 37`

Of course I went crazy too, as this is my production server.

Finally, after several tries (as 78.X series was not resolving either), I had to switch to some other open resolver.

Now it works, but I lost a lot of emails it seems, and I am not even sure, as the reject log is filled till 10K lines.

Anyways, long story short, here is a good curated list of public resolver:

https://github.com/trickest/resolvers

A backup mirror is available here: https://git.flossboxin.org.in/FbIN/public-dns-resolvers

Just in case this helps someone.

Also: https://public-dns.info/

sahsanu · February 21, 2026, 6:33pm

Could you please show the output of these commands?

dig @76.76.2.0 hestiacp.com +short
dig @76.76.10.0 hestiacp.com +short
curl -fsSLm10 https://7j.gg/chksph2 | bash -s -- 76.76.2.0
curl -fsSLm10 https://7j.gg/chksph2 | bash -s -- 76.76.10.0

Also, keep in mind that most of the suggested public dns resolvers could fail resolving Spamhaus block list.

nu01 · February 21, 2026, 6:35pm

I just turned off my laptop.

Spamhaus (zen) is disabled/removed from my exim list since ages. Will check tomorrow and confirm to you.

nu01 · February 21, 2026, 7:14pm

Meanwhile I just got this Email:

exim paniclog /var/log/exim4/paniclog on panel.domain has non-zero size, mail system might be broken. Up to 10 lines are quoted below.

2026-02-21 22:39:27 daemon_notifier_socket bind: Address already in use

This is odd. Never received such issue earlier. Port was not being used by other than Exim AFAIK.

sahsanu · February 21, 2026, 7:33pm

nu01:

exim paniclog /var/log/exim4/paniclog on panel.domain has non-zero size, mail system might be broken. Up to 10 lines are quoted below.

2026-02-21 22:39:27 daemon_notifier_socket bind: Address already in use

Maybe Exim didn’t stop correctly.

It’s not related to Exim ports but a unix socket used by Exim.

Show the output of this command:

ss -xlpn | grep -i exim

Restart Exim and check again:

systemctl restart exim4
ss -xlpn | grep -i exim
tail /var/log/exim4/paniclog

nu01 · February 22, 2026, 5:49am

dig @76.76.2.0 hestiacp.com +short
104.26.10.237
104.26.11.237
172.67.72.183

dig @76.76.10.0 hestiacp.com +short
104.26.10.237
104.26.11.237
172.67.72.183

curl -fsSLm10 https://7j.gg/chksph2 | bash -s -- 76.76.2.0
Test 01: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 02: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 03: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 04: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 05: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 06: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 07: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 08: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 09: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 10: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4

Result is good, Spamhaus works fine with the DNS Resolver 76.76.2.0

curl -fsSLm10 https://7j.gg/chksph2 | bash -s -- 76.76.10.0
Test 01: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 02: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 03: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 04: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 05: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 06: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 07: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 08: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 09: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 10: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4

Result is good, Spamhaus works fine with the DNS Resolver 76.76.10.0

ss -xlpn | grep -i exim
u_dgr UNCONN 0      0            @/var/spool/exim4/exim_daemon_notify 181626            * 0    users:(("exim4",pid=36821,fd=3))

systemctl restart exim4
ss -xlpn | grep -i exim
u_dgr UNCONN 0      0            @/var/spool/exim4/exim_daemon_notify 309324            * 0    users:(("exim4",pid=123801,fd=3))

tail /var/log/exim4/paniclog
2026-02-21 22:25:38 1vtqEu-0002pR-2X spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:25:38 1vtqEO-0002pH-1c spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:25:38 1vtqFR-0002pv-35 spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:25:38 1vtqF3-0002pr-0L spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:25:38 1vtqEu-0002pR-2X spam acl condition: all spamd servers failed
2026-02-21 22:25:38 1vtqDo-0002pC-39 spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:25:38 1vtqF3-0002pr-0L spam acl condition: all spamd servers failed
2026-02-21 22:25:38 1vtqFR-0002pv-35 spam acl condition: all spamd servers failed
2026-02-21 22:25:38 1vtqDH-0002p5-00 spam acl condition: error reading from spamd [127.0.0.1]:783, socket: Connection reset by peer
2026-02-21 22:39:17 daemon_notifier_socket bind: Address already in use

nu01 · February 22, 2026, 5:51am

So just to give a small background. I had done the checks, logs, DNS resolver, but nothing was working. I was getting the following:

Then I switched the DNS resolver to one of the other 76/77/78.X series, but this error continued.
My own Netcup DNS resolvers are filled with SPAM, so I never use them. Finally currently (even though I do not wish to use it), I am stuck with 1.X resolver from foogle.

I lost around 2 mails from yesterday it seems.

nu01 · February 24, 2026, 2:58am

I switched to 76.X series again, as it seems to be working once more (for me at least).
@sahsanu i have given the details above as requested. Also, I guess I will have to keep some resolvers readily available.
Or else I will have to host my own resolvers somehow.

sahsanu · February 24, 2026, 6:47am

After the restart you didn’t get more messages so looks like socket is created again. You can empty the paniclog file:

:> /var/log/exim4/paniclog

I use them for some personal computers and I haven’t had any issues. Maybe a blocked IP in your ipsets affected them…

For servers, I use my own DNS resolver (pdns-recursor). But if you’re already using Bind in Hestia, you can configure it to act as a DNS resolver as well.

nu01 · February 24, 2026, 7:59am

Yup, will do in the evening.

But that is odd, as the server it was was unable to communicate with the outbound network connection, and all of a sudden. I housekeep once a week, and when this happened, the housekeep was not even anywhere near. I had not touched it at all in 3-4 days.

Not exactly sure why it could not connect at all.

Power DNS. I had Technitium DNS, but now I have forgotten how I had done it earlier (it was 7 years ago). I do wanna have my own ADNS.

How do I do this with Hestia please? I have just 1 IP btw, and my NS1 & NS2 both point to this same IP.

Or I can use the other (second) server IP which also has Hestia installed with Bind.

sahsanu · February 24, 2026, 8:49am

I don’t use bind in Hestia but I think it is allowing recursion by default, check it:

dig @127.0.0.1 hestiacp.com

If it works, you just need to add 127.0.0.1 as name server.

nu01 · February 25, 2026, 7:48am

Unfortunately does not work.

dig @127.0.0.1 hestiacp.com

; <<>> DiG 9.18.44-1~deb12u1-Debian <<>> @127.0.0.1 hestiacp.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39932
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 21aabd72435ef40901000000699ea932c199d19761a28515 (good)
;; QUESTION SECTION:
;hestiacp.com.                  IN      A

;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 25 13:18:02 IST 2026
;; MSG SIZE  rcvd: 69

sahsanu · February 25, 2026, 8:00am

Try the same command twice

nu01 · February 25, 2026, 8:36am

Works. Wow. Okay, so in my panel (cp.domain.tld) DNS entries, I need to add 127.0.0.1 as NS right? Example ns3.domain.tld.

sahsanu · February 25, 2026, 10:02am

It works on the second try because it attempts IPv6 first and has issues resolving. You need to modify the bind startup options to use only IPv4.

Edit /etd/default/named and in OPTIONS, add the argument -4:

OPTIONS="-u bind -4"

After that, restart the service systemctl restart named and it should work always at first try.

No. This is only for your server to act as its own DNS resolver; it is not related to the name servers (NS) used by your domains. You just need to modify /etc/resolv.conf or use the appropriate tool to assign DNS resolvers to your server (not your domains).

nu01 · February 25, 2026, 10:15am

Ahh understood. Done, and works the first attempt.

I do use this file directly after removing the attributes and reapply once edited. Will check how this works out.

system · March 27, 2026, 10:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.