The Best DNS Servers for Faster, More Secure Internet

Written by Deep Shrestha

Last Updated:

DNS stands for Domain Name System.

It’s essentially the phonebook of the internet.

Every device on the internet, from web servers to your smartphone, has an IP address – a numerical label that lets other devices find and communicate with it.

DNS servers translate human-friendly domain names (like google.com) into these machine-friendly IP addresses.

This is what allows you to load websites and use internet services.

So why does your choice of DNS server matter?

In a nutshell, it impacts your privacy, security, speed, and overall internet experience.

Your ISP’s DNS server is rarely the best option.

If you have no idea what I am rambling about, let’s start at the very beginning.

What’s DNS and Why Does It Matter?

Every website on the internet has its own address and is denoted by sets of numbers.

You, the users, need this address to access data from their server. For example, Google’s address is 142.250.193.78.

Can you imagine remembering the sequence of numbers you need to visit a certain site? Pretty exhausting, in my opinion.

Wouldn’t it be simpler if there was a way to come up with a method to remember these addresses more easily?

This is where a DNS, or Domain Name System comes in. It’s a middleman that translates a domain name into its respective address for your system.

Once your system has this address (number form), it can now find the server on the internet.

Now, you can easily access your favorite website.

how DNS works

To be more specific, it’s like a link between human-understandable names and server addresses.

As for why it matters, the DNS is a crucial part when it comes to the entire web structure. Imagine DNS like a phone book for the web.

Your system needs the IP address every time you type a domain name. Without a reliable DNS, there would be nothing to correlate this domain name with an IP address.

What’s Wrong With My ISP’s DNS?

Nothing, your ISP’s DNS is probably okay and you might not have faced any issues with it, YET.

But, it’s not perfect.

Furthermore, websites are becoming more complex by the day and require multiple DNS lookups. So, a faster-performing DNS with a lower Round Trip Time is a must for a smooth web browsing experience. 

Without a fast and snappy DNS, your browsing speed slows.

Remember this does not improve your internet speed.

Your ISP’s DNS server might not be perfect, and the server could go down, or it might face a power outage or may be under heavy load leaving you without internet access, or worse, with slow internet access.

But, these are just a few technical problems that you might face one day.

There are some concerning privacy issues regarding ISP’s DNS, here are some of them

First off, Your ISP Knows Everything

Every Domain Name that you type in the browser’s address bar goes through the DNS Server.

Yes, they have a complete record of every website you ever visited.

It might seem unsettling that a private company, your ISP, has all this information. But, it’s just the way it is.

But in a world where you hear data leak news every other day, privacy is a luxury. And using public DNS is the way to go.

It collects Data

Now, they may be able to leverage the collected data to show you targeted ads or may even sell this data to a third party.

A Way of Internet Censorship and Site Manipulation

content blocked from ISP

You probably have already heard about news where a country blocks an entire website. Recently the U.S. blocked websites linked to Iranian disinformation.

Here, the US entirely seized the website.

But, if your government wants it, the ISPs can also ban domain names. In that case, you can access the banned website by using another DNS resolver.

Possible DNS Hijacking

I’ve saved the best for last, and this is the worst that could happen.

Although very unlikely, a third party could hijack the ISP DNS server. This could mean that it could route a domain name to a different address. 

DNS hijacking meaning

To see why this is bad, here is an example:

Say your ISP DNS is hijacked and it routes facebook.com to a different website that looks exactly like facebook.com.

Now when you head over to facebook.com, you will be prompted with a normal-looking site that isn’t out of the ordinary. 

Now, when you log in to it, your credential gets saved on the hijacker’s server.

BTW, Public DNS is Way Better

Basically, there are two reasons why public DNS is better, #1 Speed and #2 Privacy

It’s not that your ISP’s DNS are always bad. In countries with better privacy laws, like Switzerland, ISPs may not be allowed to log your DNS queries.

And in some cases, your ISP’s DNS might even be faster and better performing.

But, I’m talking about general consensus here. For most users in the world, public DNS is better.

They offer better performance, your browsing will feel a lot snappier and you don’t need to worry about DNS logging.

They Just Perform Better

In my personal case, switching to a public DNS (Quad9 to be precise) made my browsing experience a lot snappier.

Not that the default ISP’s DNS was slow by any means, but, the website’s load times were greatly reduced and YouTube Videos played as soon as the site loads.

Public DNS has a lower Round Trip Time. To dumb it down, lower RTT means domain names are quickly resolved and sent back to you.

This is why web pages load faster with public DNS.

Enhanced Security & Data Privacy

encryption in public DNS

Depending on the public DNS, they offer an extra layer of encryption over your DNS requests.

To be more exact, they use DNS over HTTP (DoH) and DNS over TLS (Transport Layer Security).

DoH encrypts DNS log information over an HTTPS connection while DoT is a security protocol that uses TLS encryption for DNS queries.

Now, I’m not gonna go into which one is better, they both offer good DNS encryption.

Both these encryption techniques are responsible for a secured DNS lookup process.

and both prevents the altering of the DNS traffic and potential eavesdropping.

Complete Transparent Privacy Policy

All major public DNS services have their own privacy statement. They have exact details about what DNS information it uses and what it doesn’t use. 

For example, if you check Google’s Public DNS privacy statement, you can check the list of DNS logs it records. 

Some are permanent, while others are temporary.

You can check this and see which public DNS offers better privacy for you.

I’m not saying your ISP’s DNS does not have a privacy statement. It probably does.

But, regarding DNS services and logging DNS information, public DNS services are way transparent.

Are Your using ISP DNS? Here’s How to Check

If you’ve not configured any router or system’s network setting, your device is likely using the default DNS provided by your ISP.

To check, you can try running a command. I promise it’s not that hard, bear with me.

  1. Open Command Prompt as admin by typing cmd in runand pressing Ctrl + Shift + S.
  2. In command, type ipconfig /all.
  3. Check Default Gateway and DNS servers. If its the same, the router is using the DNS server set to it. By default, its your ISPs DNS. If it says anything else, like 1.1.1.1, or 8.8.8.8, its using public DNS.
    default gateway and dns server
  4. If you want to know what DNS your router is set to, you need to access router settings and check the DNS configuration.

If you want to learn some techy stuff, you can try accessing the router’s setting and changing the DNS. Now any device your router connects to will connect to that particular DNS server.

Meaning, you don’t need to change DNS setting for your devices, changing it on the primary router will do the trick.

Some Popular Public DNS in the World

Google Public DNS, CloudFlare, and Quad9 are some of the best DNS that provide a private way to surf the internet.

They also have good encryption with low RTT. 

Let’s see what these three have to offer.

Google Public DNS (8.8.8.8 or 8.8.4.4)

googles public DNS

Google’s DNS is probably the safest option because of the familiarity of the company name. 

The IP addresses for Google’s DNS are 8.8.8.8 and 8.8.4.4. Pretty easy to remember.

They also provide additional security and privacy with DNS over HTTPS (DoH) and DNS over TLS (DoT).

According to the Google Public DNS website, it also does not block or filter any type of website, except for some domains in the rarest of cases.

Quad9 (9.9.9.9)

quad 9 website

Quad9 has pages of information regarding the Data and Privacy Policy.

To be brief it mentions, that it only collects data that enables it to perform better in service of its users.

It also does not bother to collect or hold IP addresses.

But what had me sold on Quad9 is that it is a Swiss-based DNS resolver. 

If you don’t know Switzerland has THE best internet privacy laws regarding data protection.

Furthermore, it also supports DoT, DoH, and DNSCrypt.

For privacy, Quad9 is the obvious choice. Its public DNS is 9.9.9.9.

CloudFlare (1.1.1.1)

For me, CloudFlare is the one that is the fastest. 

They also claim their DNS delivers secure DNS service with the fastest response time of 11ms on average.

And who wouldn’t want a fast and reliable internet connection.

Choosing the Best Public DNS Using DNS Benchmark

Depending on your current location, some DNS might perform better than others. 

You can use a DNS Benchmark to find which DNS works best for you. In the benchmark, the app checks: 

  • Cached Lookups: Time it takes to return a domain name that is in the resolver’s name cache
  • Uncached lookups: Time to return subdomain that is not in the resolvers name cache
  • Dotcom lookups: time taken to consult the server’s chosen dotcom resolver for dotcom name
  • Reliability: list of queries lost during the benchmark.
  • Rebinding protection: checks whether or not a resolver blocks non-reputable and private IPs.

Here are the steps,

  1. Download GRC Domain Name Server Benchmark.
  2. Install and run the application.
  3. In the Name Servers tab, select Run Benchmark.
    dns benchmarking application
  4. Wait for the benchmark to complete.
  5. Check Sort Fastest First. For me, the fastest was 1.1.1.1, that’s CloudFlare, and the second fastest was, 9.9.9.9, that’s Quad9. You can view this in the Owner tab.

In some cases, the Local Network Nameserver might come at the top. This means that your ISP’s DNS is faster than the rest on the list.

If you are just looking for speed and are willing to trade privacy, the ISP’s DNS might even be the best option for you.

Switching to a Public DNS

Switching to a public DNS is pretty simple, you just set the DNS IP address in your system. 

And that’s it,

For Windows

  1. Press Windows + R, type ncpa.cpl and press Enter.
  2. Double-click on Ethernet or Wi-Fi, whichever you are connected to.
    ethernet in network settings
  3. Click on Properties.
    properties in network settings
  4. Double-click on Internet Protocol Version 4 (TCP/IPv4)
    ipv4 in network settings
  5. Check Use the following DNS server addresses.
  6. Set Preferred DNS server to the fastest DNS server that you found by benchmarking, and set Alternate DNS to the second fastest.
    using the prefered DNS address
  7. Click on OK.
  8. Again select OK.

For MacOS

  1. Click on the Apple icon and open System Preference.
  2. Select Network.
  3. Click on Wi-Fi or Ethernet, whichever you’re connected to, and select Advance.
  4. Head over to the DNS tab.
  5. Click on the + icon and add your preferred DNS.
  6. Select Apply, then OK.

For Android Devices

  1. Open Settings,
  2. Head over to Connections > More connection settings.
  3. Select Private DNS and set the DNS. 
    change dns on android
  4. Turn off your Wi-Fi and Turn it back on.

For Android devices, IP addresses like 1.1.1.1, or 9.9.9.9 will not work, you need to type the official Internet DNS name like dns9.quad9.net for 9.9.9.9 and one.one.one.one for 1.1.1.1.  You can check this from the DNS Benchmark

For iOS Devices

  1. Open Wi-Fi Settings.
  2. Select your connected Wi-Fi.
  3. Scroll down to Configure DNS.
  4. Set it to Manual, then Add Server.
    changing DNS in iphone
  5. Tap on Save.

Note: You can also change the DNS in your browsers setting.

Which Will You Choose?

With all that, I hope I made a good point on why you should ditch your ISP DNS and switch to a public DNS.

This not only improves your browsing experience, but it is also a lot saver.

And if you want to further improve your privacy, we have an article explaining 20 privacy mistakes you are probably making.

And if you found this article useful, make sure that you share this with your friends.

0 Comments

1600 characters left

ABOUT THE AUTHOR

Deep Shrestha • IT Engineer ( B.E. in IT )

Deep is an I.T. Engineer with over a decade of hands-on experience troubleshooting computer hardware and Windows. He also has gained the ability to explain complex and technical topics to a Layman while working at PCTips.com. With all this, he hopes to solve the reader's hardware and Windows problems around the globe.

Read more...