It's Time to Use a Better DNS Service
There are a lot of free and simple things we can all do to reclaim some of our lost privacy. One of the most overlooked things is changing your DNS settings to use a private DNS service. Not everyone is aware of what a DNS server does, why they should use a different DNS server than the default service provided by their ISP, and how it can be changed. In this post, I aim to clarify all of those things and provide you several ways to change your DNS settings on all of your devices!
What is DNS?
DNS, or Domain Name System, is a hierarchical and decentralized naming system for computers, services, or other resources connected to the internet or a private network. It associates various information with domain names on the web. Mainly, it converts a domain name into an IP address so your computer knows how to connect to your desired URL.
An example of this is when you connect to this site, your browser’s URL bar will say it is at https://tinfoilmylife.com. That URL is for humans as it is easier to remember and type than an IP address. When you type that address, click on a link to it, or even select it from your bookmarks, your chosen DNS service takes that name and looks up the IP address that is used to connect you to this site. The IP address of the site might be something like 157.245.242.152. That series of octets is how computers know what to connect to, but you can see how it would be difficult for us mere mortals to remember a bunch of those addresses. Remembering the domain name is much simpler!
Why Change Your DNS Settings?
Not all DNS services are created equally! For starters, if you haven’t manually configured your DNS service then you are likely using your ISP’s, or Internet Service Provider’s, DNS service. If you know little about ISP’s and why you might not want to use their service, think about which company provides your internet service for a second. In America, you are likely getting your internet service from a company like AT&T, Charter, Verizon, Spectrum, etc. If you know anything at all about these companies, know that they are some of the most greedy, anti-consumer companies on the planet. When you are using their default DNS service, all of your requests are going to a server they control and are using to mine as much of your data as possible. These companies might use some of that data in the same way that Google or a social media site would so they can learn how to make more money off of you, but more times than not they are merely interested in selling this data. You can see how this is bad for privacy! Some of these companies are taking more of an interest in acting as censors that block content from certain sites. Using your ISP’s DNS service is a bad idea from multiple angles!
There are many DNS services out there that won’t sell your data or spy on your requests. Many of these also offer additional security and privacy features such as encryption through the DNSCrypt protocol or DNSSEC (DNS Security Extensions). Some even offer multiple DNS addresses you can use that do different things like filter out malicious sites. With so many of these superior DNS services being free, there is no reason to continue using your ISP’s DNS service anymore!
What to Look for in a DNS Service
Believe it or not, there are a lot of features a DNS service might have. DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt are some protocols that can obfuscate your DNS queries a bit from your ISP. Using any of these protocols will prevent DNS hijacking and make your DNS requests harder for third parties to eavesdrop on and tamper with. Using Anonymized DNSCrypt will make your requests completely anonymous to your ISP. These are all excellent features, and I can almost guarantee that your ISP’s DNS service provides NONE of them for you.
You also have to consider things like speed and uptime. A subpar DNS service can slow down your browsing experience, and none of us wants that! Also, a DNS service with a bad uptime history is not desirable either, as you wouldn’t want to be browsing when your DNS service goes down and none of the addresses you type can be resolved. Like any other service, you might consider, the track record and overall performance of your DNS service is something you have to consider. If you are interested in benchmarking your DNS service, you can find tools like this one to help you accomplish that: https://www.grc.com/dns/benchmark.htm.
Privacy, security, speed, and uptime are the big things you must consider, but that isn’t everything. For example, let’s consider [Quad9](Quad9 | A public and free DNS service for a better security and privacy) for a second. They provide a free DNS service, but there are 3 different configurations you can use. Their recommended configuration blocks malicious sites and uses DNSSEC Validation. They offer another configuration that added another layer of security with ECS. Finally, they offer a vanilla DNS configuration with no DNSSEC or malware blocking. [BlahDNS](Blahdns -- a hobby adblock DNS resolver support DoH, DoT, DoQ, DNSCrypt) offers different servers that can block ads and trackers. These various types of filtering are yet another thing you can consider when choosing your DNS service.
To help make the decision a little easier, here are some of the best DNS services I recommend for privacy, speed, and uptime:
[Quad9](Quad9 | A public and free DNS service for a better security and privacy)
[BlahDNS](Blahdns -- a hobby adblock DNS resolver support DoH, DoT, DoQ, DNSCrypt)
[NextDNS](NextDNS - The new firewall for the modern Internet)
As more secure DNS services are created, or I simply catch wind of other good DNS services, I will update the list of recommendations I have on my Lists page if you want to check back periodically.
How to Change DNS Settings on Your Router
Now that you know a little about DNS services and have some basic information about why you should consider using one different from the default service your ISP provides, it is time to look at how to use these services.
The best approach to using a different DNS service at home is to change the DNS settings on your router’s configuration page. Once you do this, any device you have connected to your home network, via Wi-Fi or ethernet cable, will all use your new DNS service for every query. This means you can set your DNS service address in one place and it will be used by all of your computers, smart devices, and even your phone when connected to your Wi-Fi.
This process is going to vary substantially from router to router. The different manufacturers install their own interfaces and have different features so no 2 routers are going to accomplish this exactly the same way. That said, changing the DNS should be relatively similar. Here are the basics:
Open a browser and type in the IP address of your router. For most folks, this will likely be something like 192.168.0.1 or 192.168.1.1. Once you navigate to your router’s address, authenticate with your credentials and continue. Conversely, your router may have a companion app you can use to change the settings as well. If you, you can use that app to change the DNS settings.
Look for a section like “DHCP Server” or “LAN”. Just click through the sections until you find where you can enter your primary and secondary DNS settings. I attached a screenshot and you can see that mine is in “Advanced -> DHCP Server”.
Once you have located where the DNS settings can be changed, enter the DNS addresses from your chosen DNS service. For example, if you choose the recommended settings from Quad9, you would enter 9.9.9.9 into the primary DNS field and 149.112.112.112 into the secondary DNS field. Having 2 entries allows you to have a fallback if your primary server goes down for a bit. You also might notice that both of mine are set to the same local address. This is because I use a Pihole as my DNS server and have it set up to use Quad9 there.
At this point, you only need to save your settings. More than likely your router will reboot which will take a couple of minutes or so. After it finishes rebooting every device connected to your Wi-Fi will not be using your new, private DNS service!
How to Change DNS Settings in Windows
I never recommend Windows to anyone unless they are building a gaming PC. If you use Windows on your machine, I highly recommend doing some research into Linux. If you are content with Windows, or you have it installed on a gaming PC or work computer, have no fear! I’m a gamer so I obviously have a Windows machine lying around which means I can have more screenshots and better instructions for this section! If you are using Windows, keep checking back as I am planning a post that goes over how to disable a lot of the telemetry and tighten the privacy settings.
The change your DNS settings, you first need to get to the Control Panel. If you have the search bar on the left side of the taskbar, the easiest thing to do is type “control” and look for it in the results that are presented. Otherwise, you can press and hold the Windows button, then press “r”. This should open the run dialog where you can then type “control panel” and hit “enter”.
Once you are in the Control Panel, you should see some categories, each with some additional actions below them. Click on “Network and Internet” to open the network options. From there, you want to click on “Network and Sharing Center”.
Once in the Network and Sharing Center, you will see some information about your current connection and some additional options. In the left pane, you will see an option that says “Change adapter settings”. Click that.
At this point, you should see a little section for each piece of networking hardware in your machine. There should be a red “X” icon on each device that isn’t currently connected. You’re looking for the device that you are currently connecting with so for Wi-Fi, you want to find the Wi-Fi device that has the green bars icon and says the name of the SSID you are to which you are connected. For an ethernet connection, you want to find the device that shows it is currently connected. If you commonly switch between Wi-Fi and being plugged in, consider changing the DNS setting for both devices so you are using a private, secure DNS regardless. Here, simply double-click the connected device to open another dialog.
In the dialog, look for the “Properties” button and click that. It opens yet another dialog that will have a list of properties under the heading “This connection uses the following items”. Scroll down through this list until you see “Internet Protocol Version 4 (TCP/IPv4)”. Click this option to highlight it then click the “Properties” button below the list to FINALLY open the screen in which we can change the DNS settings.
This screen is divided into 2 sections; each with radio buttons and input fields. The bottom section is the one we want, and you probably already have the top radio selected by default which says “Obtain DNS server address automatically”. By leaving this option selected, you would be using the DNS addresses provided by your network and, unless you have a Pihole or have changed the DNS settings in your router, you would be using your ISP’s DNS servers which are logging your activity and tracking everything you do. Here, you need to click the second radio button which says “Use the following DNS server addresses:”. This will enable the “Preferred DNS server” and “Alternate DNS server” fields. These fields are a little strange in that pressing “Tab” will not go to the next field but the right-arrow key will. In these 2 fields, you need to enter the primary and secondary DNS server settings from the DNS service you have chosen. In my screenshot, I have entered the Quad9 addresses so if you chose Quad9, just make your dialog look like mine.
After you have entered the addresses, click “Ok” to close this dialog and any that are still open. At this point, you should be using your new DNS settings. Congrats! Microsoft made changing your DNS settings needlessly convoluted, but if you made it through the process, then you are good to go!
How to Change DNS Settings in MacOS
Changing the settings in MacOS is fairly straightforward. I detest Apple and would never buy one of their devices, but I’m also a software engineer for a big tech company and it is common practice for these companies to issue their engineers a Macbook Pro. That said, I can actually take screenshots and speak from experience here!
Open the "Settings" app and you should the "Network" icon somewhere near the middle of the options. Click that.
From here, you are presented with a screen that has a list of networks on the left with their options on the right. If you want to change your DNS settings for all of your connections, you will need to repeat the following steps for each network. Make sure the network you are currently using is highlighted on the left, then click the "Advanced" button on the bottom right.
At this point, you should see a few tabs at the top, and the third tab should say "DNS". Click that tab to open the DNS settings. The presentation here is simple. You can highlight a DNS entry and click the "-" button on the bottom, left to remove it. You can also click the "+" button and enter your DNS settings. Just know that they are meant to be in order here, so make sure the primary and secondary DNS addresses from the service you have chosen to use are the top 2 entries. Once you have entered your DNS address, simply click the "OK" button and you are done!
How to Change DNS Settings in Linux
Linux is another area where the process for changing your DNS settings will vary. There are different flavors of Linux referred to as “distros” and they all have their own levels of customization, different desktop environments, etc. That said, the process should be similar enough that you can use this section to figure out the process for your distro.
I use Pop!OS on my personal laptop which runs the Gnome desktop environment. In the attached screenshot, you can see where I would change the DNS setting (but I didn’t because I have it changed on my router instead which routes all traffic through my Pihole first). If you are using a Linux distro with the Gnome desktop environment, the process for you should be almost exactly the same.
For starters, open the “Settings” app. If you are connected to Wi-FI then you might need to change the DNS settings in the “WiFi” section if you have one. Otherwise, it will be in the “Network” settings. Once you find the correct section, look for a connection profile and open the configuration for it. For me, this was just a matter of clicking the gear icon to the right of my Wi-Fi profile for my house. Clicking this opens the profile settings which presents me with a tabbed screen displaying tabs like “Details”, “IPV4”, IPV6”, “security”, etc.
Select the “IPV4” option if you have it or whichever option contains a field to enter DNS settings if you don’t. Look for the DNS field and enter your DNS service addresses. You might also have a toggle button for “Automatic”. If so, you’ll need to toggle that off as well. DNS entries are separated by a comma.
Now you should have your Linux machine using a private DNS service. For any Linux distros in which you can change the settings per profile, go ahead and change the DNS entries for each profile you use regularly. For example, when I visit family, a profile gets created for their Wi-Fi name and I change to Quad9 after I connect. This then gets stored and, as long as they haven’t gotten a new router or you haven’t installed a different Linux distro, that profile is saved and used every time you connect to that Wi-Fi again.
How to Change DNS Settings on Android
Changing your DNS settings on Android is a bit more difficult to tell you how to do. The problem is, with various manufacturers using custom skins and stopping OS updates at different points in a device’s life, there’s no universal way to change the DNS settings on an Android device. I’ll go over some options though.
If You Have Android 9 Pie or Higher on Your Device
Starting with Android 9 (Pie), there is a simple way for devices to change their DNS settings.
- Settings -> Network & Internet -> Advanced -> Private DNS
- enter the hostname of your chosen DNS service. For example, if you want to use Quad9 you would enter “dns.quad9.net” as per the instructions here: [Enable Private DNS using Quad9 on Android 9 | Quad9](Enable Private DNS using Quad9 on Android 9 | Quad9)
- tap “Save” and you’re finished!
- If you aren’t running Android 9 or higher or you don’t have that option, have no fear as there are still things you can do. There is still a native way to change your DNS settings on older versions of Android, but it is a little more confusing and needs to be changed every time you connect to a different Wi-Fi network. Unfortunately, I don’t have a device running an older version, but I’ll do my best to try to give you the gist of it.
- Get to your Wi-Fi settings
- long-press the network for which you wish to change the DNS settings
- when the menu options pop up, select “Modify Network”
- In the new menu, tap on “IP Settings” which is probably set to “DHCP” right now
- Change this to “Static” and enter your 2 DNS IP Addresses
- For more info about this approach, you can check out this article: [How to make Android use the DNS server of your choice](How to make Android use the DNS server of your choice)
You can also use an app to change your DNS settings as well. I would recommend using DNS66 from the F-Droid app to do this, but there are other ways as well. Using DNS66:
- download the app: https://f-droid.org/en/packages/org.jak_linux.dns66/
- open the app and tap on the “DNS” tab on the right.
- tap the “+” button at the bottom
- enter a name to remember your DNS server and enter the IP address. Make sure it is enabled.
- tap the checkmark button to finish adding the new server
- tap on the “Start” tab on the left and make sure the toggle switch to “Resume on system startup” is on
How to Change DNS Settings in iOS
I’ve never had an iPhone and never will. That said, I’m not in any way familiar enough with iOS to be of much help here. I did a quick search and it looks like the process is something like this:
- On your iOS device, open “Settings”.
- Tap Wi-Fi.
- Tap the “i” icon next to the Wi-Fi network you want to change DNS servers for.
- Tap “DNS”.
- Now remove the existing DNS servers and key in DNS server addresses of your choice.
- If this doesn’t work for you, know that the DNS settings will obviously be in the settings somewhere so you can look around for them. If you run into problems, you could search for a solution based on your version of iOS. Again, I have ZERO experience with iPhones, iPads, iPods, etc so I can’t speak from personal experience here.
How to Change DNS Settings in Pihole
Changing your DNS settings on a Pihole is a must! If you are routing all of your local network traffic through your Pihole then you can make sure that every device on the network uses a private DNS service, much like changing this on your router.
The process for changing this on the Pihole is relatively simple.
- Open a browser and navigate to your Pihole admin page.
- Type in your password so you can get the full list of options and make changes.
- Look for “Settings” in the sidebar on the left and click it. This should open a tabbed view on the right with several options.
- Select the “DNS” tab. From here you will be presented with a list of pre-selected options you can just check or some more advanced options on the right. The Pihole pre-selected DNS options include all 3 of Quad9’s configurations and OpenDNS so if you chose one of these services, you can simply click the boxes that correspond with your choice. If you chose a service not listed here, simply enter the 2 addresses on the right side.
- Now scroll to the bottom and click the “Save” button.
- Now your Pihole should route any traffic it doesn’t block to your new DNS service!
Profit!
If you made it this far, congrats! You should now be using a DNS service that is not only more performant but will also help prevent your ISP from gathering all of your web traffic data so they can sell it to whoever wants to pay for it. This is one of the biggest changes you can make to reclaim some of your privacy and increase your security, and often it will make a slight improvement in your browsing speed by reducing the lookup time. Enjoy, and spread the word!