Change your DNS server for better privacy, faster browsing, protection against known malicious websites, and to bypass DNS-level censorship.
Are you still using your Internet Service Provider’s DNS server? Not sure why your choice of DNS server is important? Here’s why you might want to change your DNS server right away.
Why is the choice of DNS server important?
DNS stands for Domain Name System and is vital to the way we use the web. When you type a website like “howtogeek.com” into your browser’s address bar, DNS converts the address to a numeric Internet Protocol (IP) address. Think of it like an Internet address book, where the websites are your contacts and their respective IP addresses are the phone numbers.
If you have not chosen to use a specific custom DNS server, then you are automatically using your Internet Service Provider’s default option. There are some good reasons to use a different DNS server than the one provided by your ISP. If you’ve already changed your DNS server, there may be some compelling reasons to use an alternative instead.
Learn more about what DNS is and how it works, as well as instructions for changing your DNS server on Windows, Mac, Android, and iPhone or iPad.
Change your DNS server for better privacy
When the Domain Name System was originally designed, it was implemented as an unencrypted protocol. This means that anyone who manages to intercept your DNS requests can see them unless you are using DNS over HTTPS (DoH) or DNS over TLS (DoT), both of which encrypt your requests.
The problem is that you need your ISP to support encryption in the first place, and not all of them do. Finding out if your ISP honors DoH/DoT requests isn’t always straightforward, and it’s arguably easier to choose a custom server that uses encryption instead.
In addition to this, you’ll need to make sure that your operating system or browser (preferably both) supports DNS encryption. DoH support is available on modern versions of macOS, Windows 11, iOS, and iPadOS, while DoT can be enabled on Android 9 and later. Most web browsers, including Chrome, Edge, Firefox, and Opera, support the setting, but you may need to enable it in your browser settings.
Making unencrypted DNS requests can not only leave you open to man-in-the-middle attacks where third parties can intercept the requests, but by using your ISP’s server you are leaving a trail of web addresses you have accessed with your provider. . Although the contents of your browsing sessions are not visible, your ISP may know where you have been on the web. They may also link this data directly to you, as it gives you access to the Internet.
Even if you are forced to use unencrypted DNS, using a third-party server that throttles logging is likely to provide better privacy than your ISP. For example, Cloudflare claims to purge all logs after 24 hours.
Third-party DNS servers are usually faster
How quickly the DNS server of your choice can resolve your request can have a big impact on your browsing speed. If you find that your browser seems to wait a while before loading any page content, your DNS server may be to blame. Faster servers mean less wait time.
The speed largely depends on how far away the DNS servers are. Third-party DNS providers use pools of servers located around the world for DNS purposes. Some providers, like Google, may have more servers available (and have higher capacity) than your local ISP.
You’ll need to experiment a bit to find the fastest DNS servers (that also meet your privacy and security requirements). Use tools like DNS Benchmark and websites like DNSPerf to find the best provider. Remember that there is more to this choice than simply choosing the fastest provider. Even if your ISP stands out, it’s still a good idea to use a third party.
Some DNS servers can protect you from harm
Known as DNS filtering, some DNS providers block specific IP addresses to prevent you from accessing them. This includes websites that can harm your computer or are known sources of malware or content that is inappropriate for users on your network. Depending on your preferences, you may need to pay for a premium service to get all these features.
For example, OpenDNS has several free options (Family Shield and Home) that block adult content and provide customizable web filtering to block specific websites. To get protection against domains associated with phishing and malware, or to set up an “allow list” of websites to block your network, you’ll need to pay (starting at $19.95/year).
Alternatively, quad9 is a free DNS service that automatically blocks malicious hostname lookups. The service uses “threat intelligence from more than a dozen of the industry’s top cybersecurity companies” to prevent them from being accessed by you, your devices, or your entire network. The service claims to block 220 million requests a day.
These services are not for everyone, as not everyone wants to outsource due diligence to a third party. If you’d rather take a chance or find such a service overzealous, then you can choose a third-party DNS service that doesn’t offer blocking.
Access blocked websites by changing DNS servers
Sometimes you may find that your ISP has blocked access to certain websites at the DNS level. This works much like ISP filtering above, where requests from certain websites are denied (and may even be routed to a “request denied” page explaining why). Occasionally, ISPs do this because the government requires them to. One example is blocking torrent trackers in an attempt to limit piracy.
These blocks are easy to bypass simply by changing your DNS server. Instead of relying on a locally hosted DNS server provided by your ISP, use an alternative that doesn’t filter requests to the websites you want to visit. Almost any alternative will do, just make sure you choose one that is fast, private, and secure.
Beware of unknown DNS servers
When you choose a DNS server, you need to make sure that the provider of that service is trustworthy. DNS is a powerful tool that connects the addresses you enter to servers identified only by numbers. This can be used by bad actors to trick you into trusting the wrong websites. The practice is known as DNS hijacking.
Most people implicitly trust a website every time they type its address into the URL bar. For example, if you want to visit your bank’s website, you may know that links in emails are quite high risk, so you typically enter your bank’s website in your browser’s URL bar or use a bookmark and log in that way instead.
Now imagine that the web address associated with your bank points to a server that is not associated with your bank at all. The website may look identical, as it is relatively easy to imitate a design. Instead of providing your login information to your bank, the information is sent to someone else who intends to use that information against you.
This is one of the reasons why you still need to be careful when using public Wi-Fi networks. It’s another reason why you should only allow people you trust to use your computer or smartphone, and a good reason to secure your router with a unique password instead of leaving it at the factory default.
Certain types of malware can attempt to change your DNS servers in an attempt to intercept web requests and manipulate DNS routing. Sometimes scammers who gain remote access to your computer will try to do this as well. If you’re not sure, make sure your router and devices are either using known DNS servers that you’ve chosen, or don’t have any custom servers listed (and are therefore using your ISP’s defaults).
Use these DNS servers instead
If you’re feeling a bit overwhelmed by which DNS server to choose, don’t. We’ve rounded up the most secure DNS services you can use. Some may be faster than others depending on where you live, but most offer better privacy and security than your ISP.
It’s unlikely that you’ll need to pay for a DNS server to meet your needs, but that’s not the case with a VPN. Free VPNs cannot be trusted, so we recommend paying for a VPN. Check out our roundup of the best VPN services.