Why You Should Change Your DNS Server Today

A Google Fiber modem mounted to the wall
Jordan Gloor / How-To Geek

Change your DNS server for better privacy, faster browsing, protection from known malicious websites, and to circumvent DNS-level censorship.

Are you still using your internet service provider’s DNS server? Unsure of why your choice of DNS server is important? Here’s why you might want to change your DNS server right away.

Why Is DNS Server Choice Important?

DNS stands for Domain Name System and it’s vital to the way we use the web. When you type a website like “howtogeek.com” into your browser’s address bar, DNS converts the address into a numerical internet protocol (IP) address. Think of it like an address book for the internet, where websites are your contacts and their respective IP addresses are the phone numbers.

If you haven’t chosen to use a specific custom DNS server then you are automatically using your internet service provider’s default choice. There are some good reasons to use a different DNS server than the one provided by your ISP. If you have already changed your DNS server, there may be some compelling reasons to use an alternative instead.

Custom DNS servers in macOS 13 Ventura

Learn more about what DNS is and how it works, as well as instructions for changing your DNS server on Windows, Mac, Android, and iPhone or iPad.

Change Your DNS Server for Better Privacy

When the Domain Name System was originally designed, it was implemented as an unencrypted protocol. This means that anyone who manages to intercept your DNS requests can see them unless you’re using DNS over HTTPS (DoH) or DNS over TLS (DoT), both of which encrypt your requests.

The problem is that you need your ISP to support encryption in the first place, and not all do. Finding out whether your ISP honors DoH/DoT requests isn’t always straightforward, and it’s arguably easier to pick a custom server that uses encryption instead.

Windows DNS server settings

On top of this, you’ll need to make sure that your operating system or browser (preferably both) supports DNS encryption. Support for DoH is available in modern versions of macOS, Windows 11, iOS, and iPadOS, while DoT can be enabled in Android 9 and higher. Most web browsers including Chrome, Edge, Firefox, and Opera support the setting, but you may need to enable it under your browser settings.

Not only can making unencrypted DNS requests leave you open to man-in-the-middle attacks where requests can be intercepted by third parties, but by using your ISP’s server you’re leaving a trail of web addresses that you have accessed with your provider. Though the contents of your browsing sessions aren’t visible, your ISP can tell where you’ve been on the web. They can also link this data to you directly since they provide your internet access.

Even if you are forced to use unencrypted DNS, using a third-party server that limits logging is likely to provide better privacy than your ISP. For example, Cloudflare states that it purges all logs after 24 hours.

Third-Party DNS Servers Are Usually Faster

How fast your DNS server of choice can resolve your request can greatly impact your browsing speed. If you find your browser seems to wait around a while before loading any page content, you may find that your DNS server is to blame. Faster servers mean less time spent waiting around.

Speed greatly depends on how far away the DNS servers are located. Third-party DNS providers use clusters of servers located all over the world for DNS purposes. Some providers, like Google, may have more servers available (and have greater capacity) than your local ISP.

Cloudflare DNS performance as measured by DNSPerf.com

You’ll need to do some experimenting to find the fastest DNS servers (that also meet your privacy and security requirements). Use tools like DNS Benchmark and websites like DNSPerf to find the best provider. Remember that there’s more to this choice than simply picking the fastest provider. Even if your ISP comes out on top, it’s still a good idea to use a third party.

Some DNS Servers Can Protect You From Harm

Known as DNS filtering, some DNS providers block specific IP addresses to prevent you from accessing them. This includes websites that can harm your computer or are known sources of malware, or content that is inappropriate for users of your network. Depending on your preferences, you may need to pay for a premium service to get all of these features.

For example, OpenDNS has several free options (Family Shield and Home) that block adult content and provide customizable web filtering to block specific websites. To get protection from domains associated with phishing and malware, or to set up an “allow-list” of websites to lock down your network, you’ll need to pay (starting at $19.95/year).

OpenDNS plans

Alternatively, quad9 is a free DNS service that automatically blocks lookups of malicious host names. The service uses “threat intelligence from more than a dozen of the industry’s leading cybersecurity companies” to prevent you, your devices, or your entire network from accessing them. The service claims to block 220 million requests daily.

These services aren’t for everyone, since not everyone wants to outsource due diligence to a third party. If you’d rather take your chances or you find such a service to be a little overzealous, then you can pick a third-party DNS service that doesn’t offer blocking.

Access Blocked Websites by Switching DNS Servers

Sometimes, you might find that your ISP has blocked access to certain websites at the DNS level. This works a lot like ISP filtering above, where requests for certain websites are denied (and may even be routed to a “request denied” page explaining why). Occasionally, ISPs do this because they are required to by the government. One example is the blocking of torrent trackers in a bid to limit piracy.

These blocks are easy to circumvent simply by changing your DNS server. Instead of relying on a locally-hosted DNS server provided by your ISP, use an alternative that won’t filter requests to the websites that you want to visit. Almost any alternative will do, just make sure you pick one that’s fast, private, and secure.

Beware of Unknown DNS Servers

When you choose a DNS server, you have to be sure that the provider of that service is trustworthy. DNS is a powerful tool that connects the addresses you type to servers identified only by numbers. This can be used by bad actors to deceive you into trusting the wrong websites. The practice is known as DNS hijacking.

Most people implicitly trust a website whenever they type its address into the URL bar. For example, if you want to visit your bank’s website you might be aware that links in emails are fairly high risk so you routinely type your bank’s website into the URL bar of your browser or use a bookmark and log in that way instead.

Now imagine that the web address associated with your bank pointed to a server that isn’t associated with your bank at all. The website might look identical since it’s relatively easy to mimic a design. Instead of giving your login information to your bank, the information is instead sent to someone else who intends to use that information against you.

This is one of the reasons you should still be careful when using public Wi-Fi networks. It’s another reason you should only let people you trust use your computer or smartphone, and a good reason to secure your router with a unique password rather than leaving it at the factory default.

Certain types of malware may attempt to change your DNS servers in a bid to intercept web requests and manipulate DNS routing. Sometimes scammers who gain remote access to your computer will try to do this too. If you’re not sure, make sure your router and devices are either using known DNS servers that you have chosen or have no custom servers listed (and are thus using your ISP defaults).

Use These DNS Servers Instead

If you’re feeling a little overwhelmed by which DNS server to choose, don’t be. We have rounded up the most secure DNS services you can use. Some may be faster than others depending on where you live, but most offer better privacy and security than your ISP.

It’s unlikely that you’ll need to pay for a DNS server to satisfy your needs, but that’s not the case with a VPN. Free VPNs are not to be trusted, which is why we recommend paying for a VPN instead. Check out our roundup of the best VPN services.

Leave a Comment