Few computer users have ever heard of DNS, even though they use it every time they open their web browser. In this post, we will look at DNS and how it works, with an eye toward switching from the DNS server that your computer is using now to a better one.
Introduction to DNS, the Domain Name System
Here’s your quick introduction to DNS. By the time you are done with this section, you will be ready to at least consider changing your DNS server from the one your ISP gave you to one that better fits your needs.
What is DNS and What Does it Do?
DNS stands for Domain Name System. It is one of the most crucial features of the Internet, yet few people know what it is, and even fewer understand how it works. If you fall into either of those categories, this section is for you.
Every website on the Internet has an address. But those addresses aren’t the nice, human recognizable domain names we are used to. They are Internet Protocol Addresses, commonly known as IP Addresses, and they look like this when written out:
The four numbers in the address range from 0 to 255. This system gives a total number of possible IP Addresses of over 4 billion, with something like 3.7 billion addresses available for public use (over 590 million addresses are reserved for non-public uses).
These addresses identify individual connections to the Internet. These can include specific physical devices (your smartphone), entire networks (all the computers at your office are likely on a single network with a single IP Address), or a specific website. The IP Address above is for this website, blokt.com.
Technically, the format of the IP Address above is IPv4 (Internet Protocol version 4). With all the things that are connected to the Internet today, that pool of over 3.7 billion IPv4 addresses is running out. To prevent a shortage, the Internet has a newer system, called IPv6. IPv4 and IPv6 will likely coexist for a long time, but more and more Internet addresses will be based on the newer system.
In IPv6, an IP Address looks something like this when written out:
According to wikipedia, there are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible Ipv6 addresses, although as with IPv4 addresses, some are reserved for specialized uses. The transition to IPv6 will give us enough addresses to last for a very long time.
At the time of writing this article, most of the Internet still used IPv4 addresses, but it will only be a matter of time before IPv6 dominates. Can you imagine trying to use the Internet by typing in addresses like these?
What DNS Does
DNS is the system that translates between IP Addresses and the standard domain names we know, like blokt.com. Conceptually, DNS is a big table that shows the IP Address corresponding to any domain name, and vice versa. When you enter a domain name into your browser’s search box, the browser looks up the corresponding IP Address in DNS to find the correct IP Address to connect to.
At this point, you might be wondering where there is room in a system like this for improving browsing speed and privacy. The key is that there are lots of servers your computer can connect to when it needs DNS information.
Some are faster than others. Some protect your privacy better than others. Some will filter out dangerous or family-unfriendly IP Addresses for you. Some are just there; not particularly fast or private. So the server your computer uses for DNS lookups can make a big difference.
These servers are called DNS Servers.
What is a DNS Server and What Does it Do?
As we just discussed, a DNS Server is a server that handles requests for DNS information from web browsers and Internet-connected devices. But the DNS Servers aren’t the final authority on DNS information.
Instead of containing all the DNS information for the entire Internet, DNS Servers communicate with one or more authoritative Nameservers that do contain the information. Thanks to this approach, your computer doesn’t need to do the work of keeping track of the addresses of authoritative Nameservers and querying them to find the DNS information it needs.
All your computer needs to do is know the IP Address of one DNS Server. This is crucial because, if you know how, you can tell your computer to use a different DNS server than the one it is using now.
Why Does the DNS Server I Use Matter?
While all DNS Servers can give your computer the DNS information it needs, the resolvers are owned and managed by many different organizations. Your ISP probably has its own DNS Servers. While your ISP’s servers may only work with customers of the ISP, other DNS Servers are publicly available.
Several Internet companies offer free or paid DNS Servers for use by the public. To attract users to their servers, these companies compete on features. For example, Google offers DNS Servers that are free and really fast.
Faster is Better
Why is a fast DNS Server important? Every time you go to a new page in your web browser, it must perform at least one DNS lookup. Many pages require several lookups. Your browser may end up doing dozens, even hundreds of DNS lookups a day. This can really add up.
Using numbers from a site called DNSPerf, I found that a really fast DNS Server like Cloudflare had an average lookup speed of 12ms. Meanwhile, slow DNS Servers were turning in times of over 120ms per lookup.
These delays may not sound like much, but delays of more than 100ms are noticeable. If a page needs to do several DNS lookups using a slow DNS Server, you will definitely notice it.
DNS Privacy is Important
Because your web browser uses DNS every time you do almost anything, a log of your DNS lookups is a record of everywhere you go online. And that information is very valuable. That’s why ISPs don’t like you to use alternate DNS services. Unfortunately, many public DNS services also log this data. If privacy is important to you, you will want to choose a DNS server that doesn’t log your activities.
What DNS Server am I Using Now?
The first step in deciding if you should change your DNS Server is, of course, to find out which one you are using right now. The steps to find this information vary depending on the type of computer or mobile device you are using. You can look online for instructions specific to your operating system with a search like this (replacing “Windows 10” with the operating system you use of course):
- what DNS server am I using windows 10
That should turn up step-by-step instructions for you.
An alternative is to visit a website like What’s My DNS Server?, which will watch your computer as it connects to DNS to see what DNS server you are connected to.
How to Change Your DNS Server
Unfortunately, the steps to change your DNS Server depend on which operating system you are using. Your best option is to do another Internet search. You’ll be able to find instructions specific to your operating system with a search like this (replacing “macOS X” with the operating system you use of course):
- how to change DNS server on macOS X
There are step-by-step instructions for pretty much any recent version of any operating system you might be running.
Some things to be aware of include:
You Can Change Your Whole Network through Your Router
While you can control the DNS settings for each device individually, changing DNS settings on your router lets you manage everything at once. When computers and other devices connect to a router, they normally rely on that router for DNS and other settings. They do this by using the router’s DHCP (Dynamic Host Configuration Protocol). The router is normally configured by your ISP’s technicians to use the DNS Server the ISP controls.
But many routers are user-configurable, meaning that you could set the DHCP to use whichever DNS Server you like. This can be a bit technical and isn’t a project for computer novices. If you mess it up, you can knock your whole network offline until you (or a technician from your ISP) restores the correct settings. But if you have the technical skills and want to give it a go, it can take care of all your devices at the same time.
Your DNS Might be Controlled by Your ISP
Some ISPs secretly redirect DNS lookups to their own DNS Servers. Information about which sites their user’s visit can be useful for troubleshooting or marketing purposes. In some places (like the United States) the ISP can even sell this information to third parties!
In this case, changing DNS settings on your computer or router will have no effect on which DNS Server you actually connect to. That’s because your ISP is using a technology called a Transparent DNS Proxy to redirect your DNS lookups to their servers.
As far as we can tell, the only way to defeat this sneaky trick is to use a VPN service like ExpressVPN or NordVPN. That’s because they have their own encrypted DNS Servers. When the VPN is active, DNS lookups get encrypted by the VPN and are invisible to the ISP’s dirty tricks.
Some Recommended DNS Servers
Once you know which DNS server you are using, check it against our list of recommended DNS Servers. We’ve included several of the best, and point out which are best for speed, for privacy, and for content filtering.
Here are our suggestions:
- Google Public DNS
- Cloudflare DNS
Google Public DNS
This is probably the best known public DNS service, and it is easy to see why. Not only is it run by Google, one of the best-known companies in the world, but it is totally free and very fast. Google’s system has servers located all around the world and automatically connects you to the best location at any given moment.
A downside of Google Public DNS is that its privacy protections aren’t quite as good as some of the other services. It stores two sets of logs of user information. Its permanent logs don’t include any personally identifiable information or IP information. For the first two weeks, it keeps data with the location details limited to the city level. After two weeks it makes a permanent record of a small random sample of this data and deletes the rest.
That seems pretty safe, but the temporary logs are a little more worrisome. According to the Your Privacy page for the service:
The data in the temporary logs is deleted after 24 to 48 hours. This isn’t ideal, but far better than the way your ISP is probably logging everything it can about your DNS lookups and keeping it forever.
- Primary IPv4 DNS Address: 22.214.171.124
- Secondary IPv4 DNS Address: 126.96.36.199
- Primary IPv6 DNS Address: 2001:4860:4860::8888
- Secondary IPv6 DNS Address: 2001:4860:4860::8844
OpenDNS is one of the longest-running DNS services, first going online in 2005. The service is fast and includes automatic blocking of phishing sites along with optional filtering of adult content. It offers both free and paid plans.
As with Google Public DNS, its privacy protections are weakened by the fact that it logs your DNS lookups and the IP Addresses of the devices you use.
- Primary IPv4 DNS Address: 188.8.131.52
- Secondary IPv4 DNS Address: 184.108.40.206
Cloudflare DNS is one of the newest DNS services, but it has quickly become one of the most popular. The emphasis here is on the most important basics: speed and privacy. It doesn’t protect you from phishing sites or anything like that. You’ll need to provide your own anti-malware software for this stuff.
So with the emphasis on speed and privacy, how good is Cloudflare DNS in these categories. In a word, EXCELLENT. Independent testing regularly ranks this as the fastest public DNS service. Period.
And on the privacy front, it is among the best as well. Cloudflare doesn’t record your DNS information for use in ads or anything else. It promises that it will never record the IP Address you use for your lookups. And that all logs of any type are deleted within 24 hours. Only the next DNS service in our list offers better privacy than this.
- Primary IPv4 DNS Address: 220.127.116.11
- Secondary IPv4 DNS Address: 18.104.22.168
- Primary IPv6 DNS Address: 2606:4700:4700::1111
- Secondary IPv4 DNS Address: 2606:4700:4700::1001
DNS.Watch is a smaller DNS provider, with a focus on privacy protection. Unlike most DNS providers, these guys don’t keep records of your DNS lookups. That means that the log of your activities are not used for marketing purposes, sold to other companies, or passed along to some spy agency. DNS.Watch does, however, record some anonymized data that is not associated with particular users. It uses this data for “statistics and security research.”
In addition, DNS.Watch supports DNSSEC. This system is used by many sites to ensure that the data you receive is legitimately from the real site and not from a hijacked domain or other trickery. DNSSEC doesn’t keep your DNS lookups private but may prevent you from giving private information to bogus websites.
Beyond its emphasis on privacy, DNS.Watch is fast and believes in DNS neutrality. That is, it doesn’t slow down your Internet activities, and it will not censor your DNS lookups to block sites it doesn’t like.
- Primary IPv4 DNS Address: 22.214.171.124
- Secondary IPv4 DNS Address: 126.96.36.199
- Primary IPv6 DNS Address: 2001:1608:10:25::1c04:b12f
- Secondary IPv4 DNS Address: 2001:1608:10:25::9249:d69b
While changing the DNS Server your computer connects to isn’t as easy as say, switching your search engine from Google to DuckDuckGo, it is definitely a project within reach of most people reading this post.
As you’ve seen, there can be real benefits to making the switch, from speeding up your browsing experience to enhancing your privacy, to protecting yourself and your family from unsavory websites. We urge you to follow the instructions here and at least investigate making the switch for yourself.