Aug 30, 2014 - You can hack your router and change the settings in the router, so that when you receive the DNS settings from your router, you will have.
Video: Net neutrality explained with beer
Suffering from a slow or sluggish home internet connection? Here are eight ways to help improve your network speeds.
Cloudflare is an old hand at speeding up corporate internet services with its content delivery network (CDN). The company is also a pro at blocking Distributed Denial of Service (DDoS) attacks. Now, with its new 1.1.1.1 public Domain Name System (DNS) resolver, it can speed up and secure your web browsing, as well.
Also: Cloudflare's new DNS attracting 'gigabits per second' of rubbish
What is DNS and how does it work?
DNS is the Internet's master phone book. It turns human-readable domain names, such as cbsinteractive.com, into Internet Protocol (IP) addresses such as 64.30.228.118. For all practical purposes, every time you go anywhere on the internet, you start by interacting with DNS.
Read also: Cloudflare's free network monitoring mobile SDK open to all developers
This takes time. A complex webpage can require multiple DNS lookups -- one for the text, another for an image, another for an ad on the page, and so on -- before your page loads. Each DNS lookup takes an average of 32 milliseconds (ms). That really slows down many websites. So, when you speed up your DNS lookups, you'll get faster internet performance.
There have been fast DNS services for years to help you. My favorites are Cisco OpenDNS and Google Public DNS. According to Olafur Gudmundsson, Cloudflare's director of engineering, Cloudflare's 1.1.1.1 will be faster than the others because 'we are already building data centers all over the globe to reduce the distance (i.e. latency) from users to content. Eventually we want everyone to be within 10 milliseconds of at least one of our locations.'
Read also: SpaceX's Starlink takes a big step forward in delivering internet from the sky
In addition, the Cloudflare public DNS resolver uses the open-source Knot Resolver. This has aggressive caching and 'negative caching' to improve performance. The first uses a distributed cache to improve the odds that, when you search for a popular site, Knot will already have the IP address ready to deliver to you. The second, based on RFC 8198, caches popular mistakes --wwww instead of www for example -- so minimal time is used in returning an error message.
NEXT PREV
While 1.1.1.1 is fast, it's biggest improvements comes with protecting your privacy. When the Federal Communications Commission gutted net neutrality, it also opened the door for ISPs to track all your internet searches. ISPs can, and are, selling your browsing data.
What can you do about it? One solution is to use a virtual private network (VPN). Another is to stop using your ISP's DNS service and switch to an independent DNS resolver.
What is 1.1.1.1 and how does it work?
What 1.1.1.1 brings to the table, that the others haven't, is a focus on user privacy.
Read also: Cloudflare emerges triumphant in Blackbird patent lawsuit
To do this, Cloudflare has committed itself to never using DNS browsing data to target ads, The company has also committed to never recording your IP address and wiping all DNS logs within 24 hours. You don't need to take its word for it. Cloudflare has contracted KPMG, the well-respected auditing firm, to annually audit its code and practices and publish a public report confirming it's keeping its word.
Technically, Cloudflare is also protecting your privacy by adding support for DNS-over-TLS and DNS-over-HTTPS. DNS-over-TLS takes the existing, insecure DNS protocol and adds transport layer encryption. DNS-over-HTTPS includes not only securit, it also supports forthcoming internet protocols such as Quick UDP Internet Connections (QUIC) and HTTP/2 Server Push.
So, do you want faster, more secure DNS? Here's how to make 1.1.1.1 work for you.
Router
If you're using a router for your office network DNS settings -- and you probably are -- log in and find your DNS server settings. Once there, note down your existing DNS records and replace them with the following:
- For IPv4: 1.1.1.1 and 1.0.0.1
- For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
That's it. The next time your computers look up a website, they'll use the 1.1.1.1 DNS services.
Windows
With Windows, click on the Start menu, then click on Control Panel, and do the following:
- Click on Network and Internet.
- Click on Change Adapter Settings.
- Right click on the Wi-Fi network you are connected to, then click Properties.
- Select Internet Protocol Version 4 (or Version 6 if desired).
- Click Properties.
- Write down any existing DNS server entries for future reference.
- Click Use The Following DNS Server Addresses.
- Replace those addresses with the 1.1.1.1 DNS addresses:
- For IPv4: 1.1.1.1 and 1.0.0.1
- For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
MacOS
For macOS, open System Preferences, and then do the following:
- Search for DNS Servers and select it from the dropdown.
- Click the + button to add a DNS Server and enter 1.1.1.1
- Click + again and enter 1.0.0.1
- Click Ok, then click Apply.
Linux
With Linux, use Network Manager. There, click the IPv4 or IPv6 tab to view your DNS settings, and then do the following steps:
- Set the 'Automatic' toggle on the DNS entry to Off.
- Provide the 1.1.1.1 DNS addresses in the DNS entries field:
- 1.0.0.1
- For IPv6: 2606:4700:4700::1111,2606:4700:4700::1001
- Click Apply, then restart your browser.
iPhone
From your iPhone's home screen, open the Settings app.
- Tap Wi-Fi, then tap your preferred network in the list.
- Tap Configure DNS, then tap Manual.
- If there are any existing entries, tap the - button, and Delete next to each one.
- Tap the + Add Server button, then type 1.1.1.1
- Tap the + Add Server button again, then type 1.0.0.1. This is for redundancy.
- Tap the Save button on the top right.
Android
On Android, it's far harder to set up DNS than with other operating systems.
The easiest way, which works across most Android devices, is to install DNS Changer. This works by creating a local VPN work on your device. This VPN only exists within your device and your mobile or Wi-Fi connection. To use it, you place 1.1.1.1 and 1.0.0.1 in as your DNS entries.
Read also: How Cloudflare uses lava lamps to encrypt the Internet
Can your ISP still snoop on you? You bet. But, it'll have to go to some trouble instead of simply grabbing the low-hanging fruit of your DNS searches. Using 1.1.1.1 gives you more privacy protection, but it's not perfect.
Related stories
Related Topics:
Open Source Cloud Internet of Things Security Data CentersDNS servers translate the friendly domain name you enter into a browser (like lifewire.com) into the public IP address that's needed for your device to actually communicate with that site.
Your ISP automatically assigns DNS servers when your smartphone or router connects to the internet but you don't have to use those. There are lots of reasons you might want to try alternative ones (we get in to many of them in Why Use Different DNS Servers? a bit further down the page) but privacy and speed are two big wins you could see from switching.
The best free public DNS servers include Google, Quad9, OpenDNS, Cloudflare, CleanBrowsing, Verisign, Alternate DNS, and AdGuard DNS.
Here's a quick reference if you know what you're doing but we get into these services a lot more in the next section:
A list of additional free DNS servers can be found in the table near the bottom of the page.
Primary DNS servers are sometimes called preferred DNS servers and secondary DNS servers sometimes alternate DNS servers. Primary and secondary DNS servers can be 'mixed and matched' from different providers to protect you if the primary provider has problems.
Best Free & Public DNS Servers (Valid June 2019)
Below are more details on the best free DNS servers you can use instead of the ones assigned.
If you're not sure, use the IPv4 DNS servers listed for a provider. These are the IP addresses that include periods. IPv6 IP addresses use colons.
Google Public DNS promises three core benefits: a faster browsing experience, improved security, and accurate results without redirects.
- Primary DNS: 8.8.8.8
- Secondary DNS: 8.8.4.4
Google also offers IPv6 versions:
- Primary DNS: 2001:4860:4860::8888
- Secondary DNS: 2001:4860:4860::8844
Google can achieve fast speeds with their public DNS servers because they're hosted in data centers all around the world, meaning that when you attempt to access a web page using the IP addresses above, you're directed to a server that's nearest to you.
Quad9: 9.9.9.9 & 149.112.112.112
Quad9 has free public DNS servers that protect your computer and other devices from cyber threats by immediately and automatically blocking access to unsafe websites, without storing your personal data.
- Primary DNS: 9.9.9.9
- Secondary DNS: 149.112.112.112
There are also Quad 9 IPv6 DNS servers:
- Primary DNS: 2620:fe::fe
- Secondary DNS: 2620:fe::9
Quad9 does not filter content — only domains that are phishing or contain malware will be blocked. Quad9 also has an insecure IPv4 public DNS at 9.9.9.10 (2620:fe::10 for IPv6).
OpenDNS: 208.67.222.222 & 208.67.220.220
OpenDNS claims 100% reliability and up-time and is used by 90 million users around the world. The offer two sets of free public DNS servers, one of which is just for parental controls with dozens of filtering options.
- Primary DNS: 208.67.222.222
- Secondary DNS: 208.67.220.220
IPv6 addresses are also available:
- Primary DNS: 2620:119:35::35
- Secondary DNS: 2620:119:53::53
The servers above are for OpenDNS Home, which you can make a user account for to set up custom settings. The company also offers DNS servers that block adult content, called OpenDNS FamilyShield: 208.67.222.123 and 208.67.220.123 (shown here). A premium DNS offering is available, too, called OpenDNS Home VIP.
Cloudflare: 1.1.1.1 & 1.0.0.1
Cloudflare built 1.1.1.1 to be the 'fastest DNS service in the world' and will never log your IP address, never sell your data, and never use your data to target ads.
- Primary DNS: 1.1.1.1
- Secondary DNS: 1.0.0.1
They also have IPv6 public DNS servers:
- Primary DNS: 2606:4700:4700::1111
- Secondary DNS: 2606:4700:4700::1001
There's a 1.1.1.1 app for Android and iOS for quick setup on mobile devices.
CleanBrowsing: 185.228.168.9 & 185.228.169.9
CleanBrowsing has three free public DNS server options: a security filter, adult filter, and family filter. These are the DNS servers for the security filter, the most basic of the three that updates hourly to block malware and phishing sites:
- Primary DNS: 185.228.168.9
- Secondary DNS: 185.228.169.9
IPv6 is also supported:
- Primary DNS: 2a0d:2a00:1::2
- Secondary DNS: 2a0d:2a00:2::2
The CleanBrowsing adult filter (185.228.168.10) prevents access to adult domains, and the family filter (185.228.168.168) blocks proxies, VPNs, and mixed adult content. More features can be had at a price: CleanBrowsing Plans.
Verisign: 64.6.64.6 & 64.6.65.6
Verisign's public DNS services are centered around stability and security with 100% up-time, as well as privacy, citing that they 'will not sell your public DNS data to third parties nor redirect your queries to serve you any ads.'
- Primary DNS: 64.6.64.6
- Secondary DNS: 64.6.65.6
Verisign offers IPv6 public DNS servers as well:
- Primary DNS: 2620:74:1b::1:1
- Secondary DNS: 2620:74:1c::2:2.
There's a Check DNS Cache page on Verisign's website that you can use to check the current status of the public DNS, as well as an option to flush the public DNS cache.
Alternate DNS: 198.101.242.72 & 23.253.163.53
Alternate DNS is a free public DNS service that blocks ads before they reach your network.
- Primary DNS: 198.101.242.72
- Secondary DNS: 23.253.163.53
There's also a Family Premium DNS option for $2 /month that blocks adult content.
AdGuard DNS: 176.103.130.130 & 176.103.130.131
AdGuard DNS has two sets of DNS servers, both of which block ads in games, videos, apps, and web pages. The basic set of DNS servers are called the 'Default' servers, and block not only ads but also malware and phishing websites:
- Primary DNS: 176.103.130.130
- Secondary DNS: 176.103.130.131
IPv6 is supported, too:
- Primary DNS: 2a00:5a60::ad1:0ff
- Secondary DNS: 2a00:5a60::ad2:0ff
There are also 'Family protection' servers (176.103.130.132 & 176.103.130.134) that block adult content plus everything included in the 'Default' servers.
Why Use Different DNS Servers?
One reason you might want to change the DNS servers assigned by your ISP is if you suspect there's a problem with the ones you're using now. An easy way to test for a DNS server issue is by typing a website's IP address into the browser. If you can reach the website with the IP address, but not the name, then the DNS server is likely having issues.
Another reason to change DNS servers is if you're looking for a better performing service. Many people complain that their ISP-maintained DNS servers are sluggish and contribute to a slower overall browsing experience.
Yet another common reason to use DNS servers from a third party is to prevent logging of your web activity and to circumvent the blocking of certain websites.
Know, however, that not all DNS servers avoid traffic logging. If that's what you're interested in, make sure you read through the FAQs on the DNS provider's site to make sure it's going to do (or not do) what you're after.
If, on the other hand, you want to use the DNS servers that your specific ISP, like Verizon, AT&T, Comcast/XFINITY, etc., has determined is best, then don't manually set DNS server addresses at all — just let them auto assign.
Finally, in case there was any confusion, free DNS servers do not give you free internet access! You still need an ISP to connect to for access — DNS servers just translate between IP addresses and domain names so that you can access websites with a human-readable name instead of a difficult-to-remember IP address.
Additional DNS Servers
Here are several more public DNS servers. Let us know if we're missing any major providers:
DNS servers are referred to as all sorts of names, like DNS server addresses, internet DNS servers, internet servers, DNS IP addresses, etc.
Verizon DNS Servers & Other ISP Specific DNS Servers
Verizon DNS servers are often listed elsewhere as 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, and/or 4.2.2.5, but those are actually alternatives to the CenturyLink/Level 3 DNS server addresses shown in the table above.
Verizon, like most ISPs, prefers to balance their DNS server traffic via local, automatic assignments. For example, the primary Verizon DNS server in Atlanta, GA, is 68.238.120.12 and in Chicago, is 68.238.0.12.