Keep Factually independent
Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.
How long do major ISPs retain DNS query logs in the United States and Europe as of 2025?
Executive summary
Major public DNS operators commonly state short technical retention windows — e.g., Google’s public DNS logs IP-related metadata for about 24–48 hours and Cloudflare’s public statements put retention around ~25 hours — while specialized privacy resolvers (Quad9, some EU initiatives) promote little or no identifiable log retention [1] [2] [3]. Legal regimes differ sharply: the United States has no single nationwide mandatory ISP DNS-retention law, while parts of Europe and several European countries have long-standing or proposed data‑retention regimes that can require ISPs to keep connection or metadata for months to years [4] [5] [6].
1. Short technical retention by major public DNS services — what vendors say
Major public DNS resolvers publish operational retention times that are short and framed as security/maintenance windows: Google’s public DNS logs “IP address and other technical information” for roughly 24–48 hours [1], and multiple reports and analyses treat Cloudflare’s public resolver as keeping around 25 hours of query-related data [2]. Independent guides and 2025 roundups that compare providers routinely cite these short windows as the standard for big, consumer-facing resolvers [1] [2].
2. Privacy-focused resolvers and European projects — claims of no-identifiable logs
Privacy‑centric resolvers advertise stronger limits: Quad9, for example, positions itself as a non‑profit that “never log[s] IP addresses for DNS queries” and operates under Swiss jurisdiction, asserting higher privacy protections [3]. New European efforts such as DNS4EU are described in commentary as implementing immediate anonymization and “zero log retention” for identifiable data, offering an alternative model to U.S. commercial resolvers [2]. These are provider claims reported in industry and blog coverage [3] [2].
3. The legal backdrop — U.S. absence of a single mandatory retention rule
United States reporting and legal analyses note there is no comprehensive federal mandatory data‑retention regime forcing ISPs to keep DNS query logs for a fixed period; instead, retention practice is shaped by business decisions and law‑enforcement requests [4]. That means many American ISPs and operators set their own retention policies unless a court order or targeted law enforcement process compels production [4].
4. European regulatory pressure and national retention rules
By contrast, European law and national rules create a more complex landscape: the EU’s GDPR and national laws constrain processing of personal data and push for necessity and proportionality, while some member states or national statutes have required longer retention of connection metadata in various forms [5] [6]. Reporting notes EU court decisions that have invalidated blanket, indiscriminate metadata retention, but also that governments and regulators continue to shape selective retention or “quick‑freeze” powers [5]. Commentary on new European resolver policies explicitly aims to set privacy and retention standards for operators to follow [7].
5. What “DNS logs” mean in practice — scope and limits of what’s stored
Technical community posts and security forums explain that DNS logs typically show the hostname queried and the source IP address; they do not contain full URLs or page content, but correlating timestamps and IP assignments can reconstruct browsing patterns [8] [9]. Thus retention of DNS query logs — even for hours or days — can reveal a detailed picture of visited domains tied to specific devices or subscribers [8] [9].
6. Variation by data type and retention horizons — short vs. long horizons
Industry guides and comparative articles indicate a two‑tier reality: many public recursive resolvers (Google, Cloudflare) retain recent query metadata for hours to a few days as part of operational security [1] [2], while ISPs’ connection records, IP assignment logs, or law‑mandated metadata in some jurisdictions may be held for months to years — examples in secondary reporting cite retention horizons of 12 months or longer in non‑EU jurisdictions and two years in some national regimes outside Western Europe [5] [6]. Note: the provided sources do not list a consolidated table of every major ISP or country retention period; available sources do not mention a comprehensive 2025 catalog of operator-by-operator retention periods.
7. How to read conflicting claims — motives and limits of sources
Vendor blogs and privacy guides have incentives: public resolvers highlight short retention as a privacy selling point; privacy projects emphasize “no logs” to attract users [3] [2]. Advocacy and commercial sites (reviews, VPNs, or DNS rankings) may amplify those claims. Legal and watchdog analyses stress that actual practice can diverge when law‑enforcement demands or national laws apply [4] [5]. Readers should weigh technical policy pages against independent audits and statutory obligations.
8. Practical takeaway for users in 2025
If you want to avoid your ISP or default resolver logging your DNS queries, use a privacy‑centric resolver that publishes a strict no‑logging policy (e.g., Quad9 claims never to log IPs) or encrypted DNS with clear minimization practices [3] [2]. If your concern is legal retention by ISPs, remember U.S. law does not impose a uniform retention period while some European frameworks and national laws can require months‑to‑years of metadata retention — check specific national rules or ISP transparency notices for precise retention periods [4] [5] [6].