Some services can also block access to phishing or infected sites, and a few offer content filtering to keep your kids away from the worst of the web.
You need to choose your service with care – not all providers will necessarily be better than your ISP – but to help point you in the right direction, this article will highlight six of the best DNS servers around.
What is DNS?
The Domain Name System (DNS) is a phonebook for the internet, a framework which translates domain names, like facebook.com or twitter.com, into the IP addresses necessary for devices to load those internet resources (e.g. 220.127.116.11). In geek terms, that’s called Resolution.
The mechanics of DNS can be quite complicated, as information isn’t held in a single database, but rather distributed in a worldwide directory including a vast number of DNS servers.
Fortunately, the average internet user doesn’t normally have to get involved in any of the low-level technical details. Your ISP automatically provides you with access to a DNS server whenever you go online, and whenever you enter a URL into your browser, this will find the relevant IP address for you.
Best known for its top-rated CDN, Cloudflare has extended its range to include a new public DNS service, the catchily-named 18.104.22.168.
Cloudflare has focused much more on the fundamentals. These start with performance, and independent testing from sites like DNSPerf shows Cloudflare is the fastest public DNS service around.
Privacy is another major highlight. Cloudflare doesn’t just promise that it won’t use your browsing data to serve ads; it commits that it will never write the querying IP address (yours) to disk. Any logs that do exist will be deleted within 24 hours. And these claims aren’t just reassuring words on a website. Cloudflare has retained KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises.
The 22.214.171.124 website has some setup guidance, with simple tutorials covering Windows, Mac, Android, iOS, Linux, and routers. These are very generic – you get one set of instructions for all versions of Windows, for instance – but there are some pluses (IPv6 as well as IPv4 details) and you should be able to figure it out. Additionally, mobile users can use WARP which secures all of the phone’s internet traffic.
The product doesn’t offer ad-blocking or attempt to monitor what you can access, and what you can’t. The one caveat is that Cloudflare has introduced content filtering for malware and adult content blocking, with their 126.96.36.199/188.8.131.52 and 184.108.40.206/220.127.116.11 services respectively, but this is an option a user can choose rather than have forced on them.
If you have any problems, Cloudflare offers a community forum where you can ask questions or see what others are doing, a nice extra touch which we’d like to see followed by other providers.
Google Public DNS is a simple and effective replacement for your own ISP’s nameservers.
Privacy can’t quite match the ‘we don’t keep anything’ promises of Cloudflare, but it’s not bad. The service logs the full IP address information of the querying device for around 24 to 48 hours for troubleshooting and diagnostic purposes. ‘Permanent’ logs drop any personally identifiable information and reduce location details to the city level, and all but a small random sample of these are deleted after two weeks.
Google’s support site offers only very basic guidance targeted at experienced users, warning that “only users who are proficient with configuring operating system settings [should] make these changes.” If you’re unsure what you’re doing, check the tutorials from a provider such as OpenDNS, remembering to replace its nameservers with Google’s: 18.104.22.168 and 22.214.171.124.
Quad9 is a young DNS outfit which has been providing a fast and free DNS service since August 2016.
The company sells itself on its ability to block malicious domains by collecting intelligence from ‘a variety of public and private sources.’ It’s not clear what these sources are, but the website says Quad9 used 18+ ‘threat intelligence providers’ as of December 2018.
That’s a little too vague for us, and we’re not convinced that using a large number of threat intelligence providers will necessarily help – the quality of the intelligence is generally more important than the quantity.
There’s no arguing about Quad9’s performance, though. DNSPerf currently rates it seven out of ten for average worldwide query times, lagging behind Cloudflare and OpenDNS, but effortlessly outpacing contenders like Comodo.
Drilling down into the detail reveals some variations in speed – Quad9 is in eighth place for North American queries – but overall the service still delivers better performance than most.
Setup guidance is a little limited, with tutorials for the latest versions of Windows and macOS only. They’re well presented, though, and it’s not difficult to figure out what you need to do.
Founded in 2005 and now owned by Cisco, OpenDNS is one of the biggest names in public DNS.
The free service offers plenty of benefits: high speeds, 100% uptime, phishing sites blocked by default, optional parental controls-type web filtering to block websites by content type, along with free email support if anything goes wrong.
Commercial plans enable viewing the history of your internet activity for up to the last year, and can optionally lock down your system by allowing access to specific websites only. These aren’t going to be must-have features for the average user, but if you’re interested, they can be yours for a modest fee.
If you’re an old hand at swapping DNS, you can get started immediately by reconfiguring your device to use the OpenDNS nameservers.
If you’re a newbie, that’s okay too, as OpenDNS has setup instructions for PCs, Macs, mobile devices, routers, and much, much more.
Comodo Group is the power behind a host of excellent security products, so it’s no surprise that the company also offers its own public DNS service.
Just as you’d expect, Comodo Secure DNS has a strong focus on safety. It doesn’t just block phishing sites, but also warns if you try to visit sites with malware, spyware, even parked domains that might overload you with advertising (pop-ups, pop-unders and more). Furthermore, you can try out the Comodo Dome Shield service, which adds additional features to Comodo Secure DNS.
Comodo claims its service is smarter than average, too, detecting attempts to visit parked or ‘not in use’ domains and automatically forward you to where you really want to go.
Performance is key, of course, and the company suggests its worldwide network of servers and smart routing technology give it an advantage. Unfortunately, Comodo stats weren’t that impressive, and in our tests, we got an average query time of around 72ms.
That said, Comodo may still be interesting if you’re looking for an extra layer of web filtering, and the support website has some short but useful instructions on setting the service upon Windows PCs, Macs, routers, and Chromebooks.
Why might DNS matter to me?
How can I find the fastest DNS service?
DNS Jumper can be useful, in particular, because it’s checking how servers perform from your location, but it doesn’t run enough tests over a long enough period to give you a definitive answer.
DNSPerf tests multiple DNS services every minute from 200+ locations around the world and makes the results freely available on its own website. This gives a very good general idea of performance and also enables seeing how services compare on different continents, as well as assessing their uptime.
How can I switch DNS servers?
To make this happen you must log in to your router (the default password may be printed on its base) and look for the current DNS primary and secondary nameservers. Make a note of the current values in case of problems, then replace them with the nameservers you’d like to use.
If you run into problems, check out your DNS service website for any setup guidance. Keep in mind that you can also use the tutorials of other DNS providers, as long as you remember to replace their nameserver IPs with your preferred options. OpenDNS, for instance, has specific guidance for many different router types on its support site.
If router tweaks aren’t right for your situation, you may have to change the DNS configuration of each individual device. Cloudflare has short and simple guidance here, while the OpenDNS website goes into more depth.
How can I find my current DNS servers?
On Windows, you could get started by entering IPCONFIG /ALL in a command-line window. Look for your network adapter and you should see its DNS servers specified in the list.
If there’s a single DNS IP address that points at your router – 192.168.x.x – that suggests the router is handling all DNS queries. Enter that IP address into your browser, log in to the router if necessary and your DNS servers should be listed amongst the settings.
How can I test a DNS service?
Why paid DNS is better than free
Then press Enter (replace website.com with the address of whatever website you’re trying to reach).
Nslookup uses your default DNS server to look for the IP address of website.com. If it tells you it ‘can’t find website.com’, this means your DNS server doesn’t have a record for that domain.
Next, tell the tool to use another DNS service by entering a command like:
nslookup website.com 126.96.36.199
The 188.8.131.52 address uses Google DNS – replace that with any DNS service you like, such as 184.108.40.206 for Cloudflare.
If nslookup returns errors using multiple servers, this doesn’t look like a DNS issue. If one server returns an IP address and another doesn’t, you might want to try setting up your system to use the working DNS and see if it makes any difference.