Deals! 🛒
Domain name system (DNS) is the first thing you must use -- whether or not you're aware of that -- before you can get "online." It's so valuable that many companies want to provide you with this service for free.
So what's DNS, exactly? This post will answer that question and explains in simple terms the enthusiasm behind DNS hosting, how not all DNS services are created equal, and why you should pick the right one for your network. I'll also include a list of useful and free DNS servers.
When through, you'll know how to make the most out of these seemingly random numbers. In more ways than one, it's an example of how little things can make a huge difference.
As usual, paying attention is the key. While simplified, the information in this post is somewhat advanced and applicable only to those comfortable with the idea of IP addresses and who understand the home networking basics.
Domain Name System: What it is and the real-world role of a DNS server
When one network device connects to another, it needs to know the IP address. That's the case at the local area network (LAN) and wide area network (WAN), a.k.a the Internet.
You can manually enter the target's address, such as when you want to quickly access a local NAS server or build a computer's hosts file. But that's tedious and prone to mistakes.
Using a DNS server is generally the norm, especially when accessing the outside world. None of us want to remember the actual IP address of a website or a streaming service. It's hard even to remember their names. So, DNS servers are synonymous with the Internet's existence.
What are DNS servers?
In a nutshell, a DNS server is similar to a public directory. It points you to where you want to go among millions of online websites, applications, and services.
A DNS server is not to be confused with Dynamic DNS, which works somewhat the opposite way.
Here's a specific example of the role DNS plays:
Let's say you want to access this website directly and enter its domain name, DongKnowsTech.com, on your browser, such as Chrome, Firefox, or Edge. The following will happens:
- The browser queries a DNS server using the user-provided domain name.
- The DNS server looks up the domain to verify that it exists and is attached to a website. If so, it returns the website's unique IP address, a string of seemingly random numbers.
- The browser follows that IP address to load the page you're viewing.
This process is necessary because computers only understand numbers, while humans are bad at remembering them.
The domain name is the vanity moniker of a website's IP address so we humans can remember it. "DongKnowsTech" is much easier to remember than 73.124.79.110 or any other random IP address.
And you're reading this page on your screen because such a process has worked. A similar procedure occurs whenever you want to reach an online party using any application.
In many ways, a DNS server is similar to the once-commonplace telephone directory service, where you only need to remember a person's name, not their phone number.
The faster a DNS server is, the less time you need to wait to reach a domain, resulting in a "faster" Internet experience -- there's less wait time before a webpage starts to materialize on the screen.
While speed is the general premise many companies use to lure you into using their DNS servers, in reality, almost all DNS servers deliver the same speed.
The look-up time is generally so short that even the slowest DNS server won't produce a tangible delay considering the often more time-consuming subsequent processes, including the speed and quality of your Internet or Wi-Fi connection. Still, an even shorter look-up time never hurts.
And speedier Internet, if true, is the least noteworthy thing about DNS.
DNS equals privacy, security, and control
Since your first need to reach the DNS server before anywhere else on the Internet, the server's owner, among other things, has the first say on your online activities and, at the very least, a log of what websites/services you use.
As the online usher, the DNS server has the ultimate decision for your online experience. Specifically, it can take you to where it wants or block your access to certain sites or services and, conversely, keep certain content from your local network.
So you can use DNS as a way to have effective Parental Controls, adblocking, privacy, security, and more. But using a bad server can also take you to the wrong places or make you more vulnerable to malicious remote parties.
With all that power, being the DNS service is a well-saught-after privilege, so much so that many companies offer free servers.
Indeed, for ages, Google has been offering the popular DNS servers at the 8.8.8.8 and 8.8.4.4 addresses. In April 2018, Cloudflare joined the game with a new public server claiming to deliver faster speed and better security via an easy-to-remember address at 1.1.1.1. And since then, there have been even more free DNS providers.
And from the users' perspective, picking a trustworthy DNS provider is extremely important.
OK. What is my DNS server right now?
It's more a question of who.
Generally, the router is a home's DNS server of the local area network (LAN). It does the job of binding local IP addresses with friendly device names, such as "Server," "John-Desktop," "Van's iPad," etc.
As a result, in a home network, the default IP address of your router is also that of your local DNS server. But the router is also a gateway to the Internet, and on the WAN side, it only holds the IP address of the public DNS server.
By default, if you don't do anything, your WAN DNS servers are those of your Internet service provider (ISP). In this case, there's no need to worry about them, nor do you need to know their IP addresses.
An ISP's DNS servers are almost always generic that doesn't do anything more than provide the said directory service. Additionally, they work most of the time but are not necessarily the most reliable, nor are they the fastest.
You only need one DNS server, but there is always a secondary option for Internet access in case the first server is unavailable.
Changing these Internet DNS servers allows you more control over your Internet access and adds flavors to your broadband connection, including the privacy and security feature mentioned above.
Popular and useful DNS servers
The table below includes some popular DNS server addresses and what they do. There are many others, but I've tried these for an extended time and found them safe and reliable.
Other than the no-filters options, the rest of the servers will change your online experience accordingly, as described in the notes.
| DNS Provider | Server Addresses (primary/secondary) | Notes |
| CleanBrowsing (family filter) | 185.228.168.168 185.228.169.168 | Blocks access to all adult, pornographic and explicit sites. It also blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing, and Youtube are set to Safe Mode. Malicious and Phishing domains are blocked. |
| CleanBrowsing (adult filter) | 185.228.168.10 185.228.169.11 | Blocks access to all adult, pornographic and explicit sites. It also blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing, and Youtube are set to Safe Mode. Malicious and Phishing domains are blocked. |
| CleanBrowsing (security filter) | 185.228.168.9 185.228.169.9 | Blocks access to phishing, spam, malware, and malicious domains. |
| Cloudflare (no filter) | 1.1.1.1 1.0.0.1 | Reliable generic DNS servers |
| Google (no filter) | 8.8.8.8 8.8.4.4 | Reliable generic DNS servers |
| Quad9 (security filter) | 9.9.9.9 149.112.112.112 | Blocks malicious content, including malware and phishing. |
| Quad9 (privacy filter) | 9.9.9.11 149.112.112.11 | Collects no information about users based on Swiss privacy law. |
It's important to note that if you choose a DNS server with filtering options, some websites or services might not work as intended since no blocking mechanism is perfect. There can be false positives or negatives.
Using a server with no filter is necessary when troubleshooting online issues.
How to change DNS settings to better your Internet
You can change the DNS server settings (for Internet access) at a device level (such as a computer) or the router level.
The former works well for mobile users since the DNS settings remain the same no matter where the user is -- it's a good option for a laptop. The latter is useful for the entire network hosted by the router -- all devices, by default, will automatically share the Internet DNS settings of the router.
You should only change the DNS at the device level when Internet access is all you care about, which is the case in most home devices.
If you have a special local network, such as one with a domain controller, you should leave the device's DNS setting at the default -- automatically managed by the network's DNS server or router.
In this case, modifying the device's DNS servers might cause certain local services -- such as file-sharing or network printing -- to stop working.
As mentioned, there are two server addresses. The secondary (alternate) server takes effect only when the primary (preferred) one is unavailable.
For the steps below, I'll use the 1.1.1.1 address (Cloudflare) as the primary and 8.8.8.8 (Google) as the secondary. But you can pick your own from the table above. It's OK to use two servers of two different providers, but you must enter the IP addresses correctly, or you won't able to go online.
Steps to change DNS settings in a Windows computer
- Click on the Start button (lower-left corner), type in ncpa.cpl in the search field, and press Enter. The Network Connections window will appear.
- Pick the network connection you're using -- if you're on a laptop, it's likely the Wi-Fi connection -- and right-click on it, then choose Properties.
- In the Properties window, double-click on Internet Protocol Version 4 (TCP/IPv4)
- In the next window, check the Use the following DNS server addresses box and enter the addresses for the Preferred DNS server (you can use 1.1.1.1 here) and Alternate DNS Server (you can use 8.8.8.8 here).
- Repeat step 3, but this time double click Internet Protocol Version 6 (TCP/IPv6) if you have that information (if not, you can skip this step). Then click on OK to close the windows and apply the changes.
The change should be in effect immediately, but restarting the computer to make sure is a good idea.
Steps to change DNS settings on a Mac
- Click on the Apple icon (top left corner), then on System Preferences, and then on the Network icon.
- Select the current network connection (it's likely the Wi-Fi connection if you're using a notebook), then click on Advanced...
- Click on the DNS tab.
- Use the plus (+) button under DNS Servers to enter the addresses of your liking. For example, you can use 1.1.1.1 for the first server and 8.8.8.8 for the second one.
Restart the computer, and the new server settings will be in effect.
Steps to change DNS on a router
Use the step below to change the DNS servers of the router's Internet connection, which are different from those used for the local network.
You should change the latter -- generally found in the LAN section of the interface -- when you want the router to dictate which DNS server all connected devices use. This is applicable only when you have a special network, such as one with a domain controller or a separate purpose-built local DNS server.
- Log in to the router's web interface.
- Navigate to the interface's WAN (or Internet) section; every router has this section.
- Choose to manually enter DNS server addresses (you want to change the default value, which lets the router automatically use the service provider's DNS servers).
- Enter the DNS addresses of your liking, such as 1.1.1.1 for the primary server and 8.8.8.8 for the secondary (backup) server.
- Apply the changes.
Some routers will restart themselves when you apply the change, or you can do a manual restart. After that, the new settings will be in effect.
Domain Name System: The takeaway
Considering your DNS's significant role, again, it's imperative that you pick one you can trust when changing the values manually. When in doubt, leave the setting as Auto, and the system will use the default, generally that of your Internet provider.
Changing the DNS setting is also a popular way to "hack" a system. In this case, the bad guys capture your DNS requests to send you to phony destinations or services. Ensure you know your DNS settings, especially at the router's level.
Dong's note: I first published this post on April 1, 2018, and updated it on April 24, 2023, with additional relevant information.
Hi Mr. Mgo,
Your information has been helpful to me. As I have just recently been introduced to all this technology and have been more interested as I use it. recently I have wonder about wifi and Internet in the sense of how rare it is for me. Is there any way to receive or gain use of it for free? As some people like I get free tv service via antenna? Or is that a bad thing for me to continue to be curious about? I’m sorry I bother you as for I live in a rural area and I am basically a 32yr old caveman. I’m talking seriously on the primitive knowledge I have. and what is the best advice for private, safe, no restrictions on Internet use? lastly when it comes to finding something do I type in exact words or is there a trick to find anything more accurately and quickly? I’m just trying to figure out lots of things from rebuilding my identity from last years mess to legal aspect with foreclosure and probate, sueing water co… etc I’m hoping this new tech can help a lot. thank you for your time. any info will be huge deal of assistance
You can call me Dong, Shawn.
To answer your questions, no, nothing is free. You have to pay for stuff one way or another. Often the things you (want to) get for “free” is what that will cost you dearly down the line. Having the tendency and discipline to contribute, work hard, and take responsibility is generally the biggest assistance one’d need.
Good luck!
Hello Dong.
I currently use OPENDNS for my Router ipV4 {…}.
My LAN Aimesh is (3) GT-AXE16000 UNITS (all setup up with your great info and using 10G Ethernet backhaul) and, for lack of any better method, I set my Router ipV6 using the same service selected for ipV4.
What do you use for selecting ipV6?
I found that trying to mix two services, one primary & secondary for ipV4 ( both OpenDNS) and another service primary and secondary (say both from Google) didn’t work and I didn’t get any ipV6 address assigned to my clients. Thus I used the same DNS service for both IPV4 and ipV6.
You don’t need to use IPv6, you can always disable it for the local network and there’s just no point in using it for DNS. More on IP addreses here.
Hi Dong,
Thank you for all the information you publish, it’s been very helpful. My DNS situation is a little different. Foreigner based in Shanghai. I use China Telecom their ISP DNS sucks, probably optimized for local use and google type DNS servers are blocked. Most of my browsing would be on foreign sites and only 10% local. Other than using a VPN. How would I be able to determine the fastest DNS servers for my particular case even in combination with a veep?
China is a difficult place to know, Celso. I’d try the addresses mentioned here to see if any works. If they do, you might no longer need a VPN. But that depends.
Happy Sunday Dong,
Perhaps I am dense, but didn’t see a solid recommendation on which DNS to use. I see you hint at 1.1.1.1 as primary and 8.8.8.8 as secondary.
Speed is not my primary concern as they all seem to be pretty fast, at least for me, but, safety is.
So tell me, 1.1.1.1 and 8.8.8.8 is it, right?
Best,
Luis
I’d go with 1.1.1.1 and 8.8.8.8 one as the primary and the other as secondary, no particular order, Luis. Other DNS server options tend to be less reliable, with bad intentions, or require a payment. But that’s just me.
Hi Dong-
Thanks for the great info. I hope I didn’t miss this specific situation covered elsewhere… If so, my apologies. I have a question regarding DNS setup. My current stack is this:
400MBps Xfinity Cable Broadband
Netgear CM700 main connection
AIMesh with 2x RT-AX3000 w/ wired backhaul
I’d like to test some other DNS configurations and was wondering whether I could update my primary wireless router config or if I needed to access the cable modem and perform the changes there.
You can follow the steps mentioned in this post, Fara. If you’re thinking of Dynamic DNS, check out this post instead.
Hi Dong,
What is your input in using Unbound DNS with RMerlin firmware? Its available to use thru AMTM.
Also, would you recommend Unbound DNS overall over ISP DNS? any pros and cons you can provide?
Any input is greatly appreciated!
It’s similar to Google’s or Cloudflare but supposedly more transparent, Joe. Just another generic option.