Changing your DNS provider can improve website loading time and increase network security.
Estimated reading time: 22 minutes
You are probably really good at remembering domain names for the sites you frequent, such as amazon.com, google.com, or facebook.com. However, that’s not how computers locate devices and services on the internet. Amazon.com? To a computer, that’s 126.96.36.199, or an IP address. Since humans aren’t as adept at remembering IP addresses as they are words, brilliant minds established a system to translate the words we remember so easily into the numbers computers need, called the Domain Name System (DNS). This worldwide, distributed computer system is critical to the operation of the internet and has been around for decades.
More than likely your home network relies on DNS servers run by your Internet Service Provider (ISP), such as Comcast or Cox. In some cases that might be fine, but in other cases you might realize a performance boost by switching your DNS to another provider, such as Google or Cloudfare. Some of these offer significant security advantages, too, which I’ll discuss in a moment. And in most cases, switching is no-cost proposition, so you have absolutely nothing to lose!
Who is your current DNS provider?
While you can specify a DNS provider at the device level, more than likely DNS is handled by your router. On most home networks, the router has an IP address and gateway that is assigned dynamically by your ISP. That means your gateway IP address—the address that is presented to the internet—can change from time to time, through a process called leasing. On your home network, your router is doing the same thing: dynamically assigning IP addresses to all the devices on your network, including smartphones, laptops, streaming devices, game consoles, smart TVs, and smart speakers. This is a function of a network management technology called Dynamic Host Configuration Protocol, or DHCP.
In addition to assigning your devices an IP address, DHCP also assigns your devices a gateway address and DNS server addresses, the latter performing that critical translation function described in the previous section. This automation vastly eases the pain of setting up a network, as all the network configuration happens automatically with each device you add. It’s also important from a security standpoint, as the other function your router is performing is called Network Address Translation (NAT). In essence, when you request a web page, your router, as the only device on your network that has an IP address that is routable on the public internet, acts as a proxy. It keeps track of which device on the network makes the request, forwards the request to the web server, and then provides the response to the original device. This is one of the ways your router acts as a gateway firewall for your network.
To see if your computer is forwarding DNS requests to your router, you can use the command prompt. In Windows 10, click the search icon next to the Windows Start button and type command. Open the Command Prompt. At the prompt, type
ipconfig /all, as shown below.
In the command prompt box, you can see on my network my router has assigned my computer an IP address, a gateway address, and a DNS server. Since my computer is forwarding DNS requests to my router, that’s where I will need to update my DNS information. While you can certainly set your DNS manually on each device, updating it on your router is a best practice, as then the change will be effected for every device on your network.
Alas, all routers are not the same. Each manufacturer does things a little bit differently, so while changing the DNS on your router is not difficult, you will likely need some guidance in order to find the settings. Lifewire has a handy guide that shows where to update DNS settings on the most popular brands.
Now the ten million dollar question: which DNS provider should you use? I’m only going to offer free and public DNS providers, although there are providers offering additional services for pay, such as filtering unwanted content from browsing. There are at least eleven public DNS providers; however, I’m going to focus on the few I have experience with and that seem to be the most popular.
Quad9 is a joint venture between IBM, PCH and GCA and came online in November of 2017. It touts itself as a DNS security solution that blocks tens of millions of malicious events every day. Its key goals are achieving “a measurable impact in reducing internet security risks, while simultaneously keeping user privacy as our top priority.”1 While I have no way of verifying Quad9’s security claims, I have found the service to be both fast and reliable. In fact, in my testing I found Quad9 to be just as fast as Google DNS, so it has become my DNS provider of choice.
To utilize Quad9, update your router’s DNS to use the following addresses:
Primary DNS: 188.8.131.52
Alternate DNS: 184.108.40.206
After updating your router, all your internet requests will run through Quad9’s filters. If your request is to a site not known to be malignant, it will be returned to your browser as normal. Otherwise, you will get a notice that your request was blocked due to the URL being on Quad9’s threat list.
Google Public DNS was launched in December 2009. Today, Google Public DNS is the world’s largest public DNS resolver, serving over a trillion queries per day.2 Google also touts security benefits when using its DNS services, but the main reason it exists is to speed up web requests. One if the main benefits to using this service over others is Google has data centers all over the world, so your request will be served by the one with the greatest geographic proximity to you, reducing latency.
To utilize Google Public DNS, update your router’s DNS to use the following addresses:
Primary DNS: 220.127.116.11
Alternate DNS: 18.104.22.168
Google claims it protects the privacy of requests made to its DNS servers by not correlating it with other information it collects, including from its other services. However, while personally identifiable information is said to be stripped from what is kept, it’s important to be aware that Google appears to collect and retain more information about DNS queries than Quad9.
Cloudfare DNS for Families
Cloudfare DNS for Families was launched in April 2018. It takes advantage of Cloudfare’s massive infrastructure (Cloudfare operates a content delivery network that enhances website performance, security, and privacy) to provide DNS services that it claims makes it the fastest public DNS resolver on Earth.3 Cloudfare’s offering goes a step beyond the others in terms of features, adding the option of adult content filtering. When configuring your router for this server, you have two options: DNS with malware protection only or DNS with malware protection and adult content filtering.
To utilize Cloudfare DNS for Families with malware protection only, update your router’s DNS to use the following addresses:
Primary DNS: 22.214.171.124
Alternate DNS: 126.96.36.199
To utilize Cloudfare DNS for Families with malware protection and adult content filtering, update your router’s DNS to use the following addresses:
Primary DNS: 188.8.131.52
Alternate DNS: 184.108.40.206
Cloudflare will return 0.0.0.0 in your web browser if your request is made to a server Cloudfare has determined to be malicious. Cloudfare’s offering is obviously compelling for situations where you want to protect your family from illicit or inappropriate sites. The filtering they’re offering is typically a for-fee service from other providers, although the ability to customize the filtering is understandably limited.
OpenDNS is probably the oldest of the public DNS providers, opening for business back in 2006. In 2015 it was purchased by Cisco, which promised to continue offering its services. OpenDNS offers three free services: basic name resolution, Family Shield, and OpenDNS Home.
For just a basic resolving service, configure your router to use:
Primary DNS: 220.127.116.11
Alternate DNS: 18.104.22.168
To use the Family Shield, which blocks adult content, configure your router to use:
Primary DNS: 22.214.171.124
Alternate DNS: 126.96.36.199
To use the OpenDNS Home service, which offers configurable web filtering and phishing protection, configure your router to use:
Primary DNS: 188.8.131.52
Alternate DNS: 184.108.40.206
Note that while OpenDNS Home is free, it does require enrollment in order to customize the filtering. Protection and services beyond these listed require payment.
While all these services increase your security while browsing and using services on the web, it’s important to understand they are not a replacement for security software installed on your computers and smartphones. In other words, they are a nice addition to your security portfolio, complementing the software and services you already employ. After all, the best approach to cybersecurity is to layer your defenses, so if you are moving from your ISP’s DNS servers, you just added an additional layer to your security stack. Depending on the DNS service you select, they can also provide considerable relief from exposure to illicit or inappropriate content.
If accelerating your browsing experience is your main goal, Google Public DNS or Cloudfare Family DNS probably offer the greatest benefit. For those looking for a blend of speed and security, with nothing to change but the DNS settings on your router, Quad9 is likely the best choice. OpenDNS offers the most flexibility in terms of configuring filtering content, but it is not as fast as the others on this list at name resolution. Your choice of DNS provider should ultimately be determined by the features that matter most to you.