Domain name system (DNS) is the first thing you must use—whether or not you’re aware of that—before you can get “online.” It’s so valuable that many companies want to provide you with this service for free.
So what’s DNS, exactly? This post will answer that question and explain in simple terms the enthusiasm behind DNS hosting, how not all DNS services are created equal, and why you should pick the right one for your network. I’ll also include a list of useful and free DNS servers.
When through, you’ll know how to make the most out of these seemingly random numbers. In more ways than one, it’s an example of how little things can make a huge difference.
As usual, paying attention is the key. While simplified, the information in this post is somewhat advanced and applicable only to those comfortable with the idea of IP addresses and who understand the home networking basics.
Related stories on home networking
- Home network:The Basics|Setup and Maintenance
- Network protocol: What is an IP address? IPv4 vs. IPv6?
- Manual blocking: How to manage your security via the hosts file
- MAC address: Everything you need to know
- Advanced network features: DNS | Dynamic DNS/Port forwarding | Parental Controls | VPN | QoS | MTU and Jumbo Frame | double NAT
- Router management: Web user interface vs. mobile app
- Getting connected: Dual-WAN vs. Link Aggregation|Dual-band vs. tri-band vs. Quad-band|Fiber-optic vs. Cable|Getting your home wired|Multi-Gig explained|Cable modem activation
Domain Name System: What it is and the real-world role of a DNS server
When one network device connects to another, it needs to know the IP address. That’s the case at the local area network (LAN) and wide area network (WAN), a.k.a the Internet.
You can manually enter the target’s address, such as when you want to quickly access a local NAS server or build a computer’s hosts file. But that’s tedious and prone to mistakes.
Using a DNS server is generally the norm, especially when accessing the outside world. None of us want to remember the actual IP address of a website or a streaming service. It’s hard even to remember their names. So, DNS servers are synonymous with the Internet’s existence.
What are DNS servers?
In a nutshell, a DNS server is similar to a public directory. It points you to where you want to go among millions of online websites, applications, and services.
A DNS server is not to be confused with Dynamic DNS, which works somewhat the opposite way.
Here’s a specific example of the role DNS plays:
Let’s say you want to access this website directly and enter its domain name, DongKnowsTech.com, on your browser, such as Chrome, Firefox, or Edge. The following will happen:
- The browser queries the system’s designated DNS server about the user-provided domain name.
- The DNS server looks up the domain to verify that it exists and is attached to a website. If so, it returns the website’s unique IP address, which is a string of seemingly random numbers.
- The browser follows that IP address to load the page you’re viewing.
This process is necessary because computers only understand numbers, while humans are bad at remembering them. In a way, the domain name is the vanity moniker of a website’s IP address. “DongKnowsTech” is much easier to remember than 73.124.79.110 or any other random string of numbers.
And you’re reading this page on your screen because such a process has worked. A similar procedure occurs whenever you want to reach an online party using any application.
In many ways, a DNS server is similar to the once-commonplace telephone directory service, where you only need to remember a person’s name, not their phone number. It’s the first thing that must happen before a connection can be established.
The faster a DNS server is, the less time you need to wait to reach a domain. Technically, this results in a “faster” Internet experience — there’s less wait time before a webpage starts to materialize on the screen.
In reality, almost all DNS servers deliver the same speed. The look-up time is generally so short that even the slowest DNS server won’t produce a tangible delay considering the often more time-consuming subsequent processes, including the speed and quality of your Internet or Wi-Fi connection.
Still, an even shorter look-up time never hurts, and many companies use the perceived improved speed as a general premise to lure customers into using their DNS servers. That’s because, if true, speedier Internet access would be the least noteworthy thing about DNS.
DNS equals privacy, security, and control
Since you need to reach the DNS server before anywhere else on the Internet, the server’s owner, among other things, has the first say on your online activities and, at the very least, a log of what websites/services you use.
As the online usher, the DNS server makes the ultimate decisions regarding your online experience. Specifically, it can take you to where it wants, block your access to certain sites or services, or, conversely, keep certain content from your local network.
You can use DNS to effectively manage Parental Controls, adblocking, privacy, security, and more. However, using a bad server can also lead you to the wrong places or make you more vulnerable to malicious remote parties.
With all that power, being the DNS service is a well-saught-after privilege, so much so that many companies offer free servers.
Indeed, for ages, Google has been offering the popular DNS servers at the 8.8.8.8 and 8.8.4.4 addresses. In April 2018, Cloudflare joined the game with a new public server claiming to deliver faster speed and better security via an easy-to-remember address at 1.1.1.1. And since then, there have been even more free DNS providers.
And from the users’ perspective, picking a trustworthy DNS provider is extremely important.
DNS and DoH
As you might have heard, DoH is short for DNS over HTTPS—the “s” in HTTPS is for “secure”.
In short, DoH is a protocol for performing DNS resolution via a secure connection. It increases user privacy and security by preventing the possibility that somebody can intercept, eavesdrop on, or even manipulate the DNS request.
Generally, most Wi-Fi 6 and newer routers support DoH, which is just a matter of firmware. You can expect most, if not all, modern consumer routers to support DoH.
OK. What is my DNS server right now?
It’s more a question of who.
Generally, the router is a home’s DNS server of the local area network (LAN). It does the job of binding local IP addresses with friendly device names, such as “Server,” “John-Desktop,” “Van’s iPad,” etc.
As a result, in a home network, the default IP address of your router is also that of your local DNS server. But the router is also a gateway to the Internet, and on the WAN side, it also holds the IP address of the public DNS server.
By default, if you don’t do anything — such as using a VPN server, tinkering with specific settings of an app, or have already done stuff this post is about to tell you — your WAN DNS servers are those of your Internet service provider (ISP). In this case, there’s no need to worry about them, nor do you need to know their IP addresses.
An ISP’s DNS servers are almost always generic and don’t do anything more than provide the directory service. Additionally, they work most of the time but are not necessarily the most reliable or the fastest.
You only need one DNS server, but to guarantee availability, there is always a secondary option in case the first server is unavailable. In some cases, you can specify more than two.
Changing these Internet DNS servers allows you more control over your Internet access and adds flavors to your broadband connection, including the privacy and security features mentioned above.
Popular and useful DNS servers
The table below includes some popular free DNS server addresses and their features. There are many others, but I’ve tried these for a long time and found them safe and reliable.
Again, a generic DNS server does nothing other than provide directory services. A server with web-filtering capability will prevent certain types of content from entering the party that uses it, be it a network, a particular device, or an app.
| DNS Provider | Server Addresses (primary/secondary) | Notes |
| CleanBrowsing (family filter) | 185.228.168.168 185.228.169.168 | These servers block access to all adult, p*rnographic, and explicit sites. They also block proxy and VPN domains that are used to bypass the filters. Mixed-content sites (like Reddit) are also blocked. Google, Bing, and YouTube are set to Safe Mode. Malicious and Phishing domains are blocked. |
| CleanBrowsing (adult filter) | 185.228.168.10 185.228.169.11 | These servers block access to all adult, p*rnographic, and explicit sites. It does not block proxy or VPNs, nor mixed-content sites. Sites like Reddit are allowed. Google and Bing are set to the Safe Mode. Malicious and Phishing domains are blocked. |
| CleanBrowsing (security filter) | 185.228.168.9 185.228.169.9 | Blocks access to phishing, spam, malware, and malicious domains. |
| Cloudflare (no filter) | 1.1.1.1 1.0.0.1 | Reliable generic DNS servers |
| Google (no filter) | 8.8.8.8 8.8.4.4 | Reliable generic DNS servers |
| Quad9 (security filter) | 9.9.9.9 149.112.112.112 | Blocks malicious content, including malware and phishing. |
| Quad9 (privacy filter) | 9.9.9.11 149.112.112.11 | Collects no information about users based on Swiss privacy law. |
A couple of things to note when using a DNS server with filtering options:
- Some websites or services might not work as intended since no blocking mechanism is perfect. There can be false positives or negatives.
- You cannot add a website or service to the allowed list unless you pay for a premium DNS service. In this case, #1 above remains. (Some Parental Control solutions are DNS-based.)
- When you need to troubleshoot connection issues, using a generic DNS server with no filter, or that of the ISP, is recommended.
DNS servers: IPv4 vs. IPv6
All DNS service providers use IPv4 addresses. Some also offer the optional IPv6 addresses. There’s no difference in terms of effect between these two. IPv6 is only for the distant future when some devices might not support IPv4 or prefer IPv6 in their DNS server settings.
IPv4 vs. IPv6: What is an IP address?
And that brings us to how we can manage these servers.
How to change DNS settings to better your Internet
There are two popular levels of DNS server settings that you can change: at the device and at the router. In both cases, we’re talking about the DNS used for Internet access.
The former works well for mobile users since the DNS settings remain the same no matter where the user is—it’s a good option for a laptop. The latter is useful for the entire network hosted by the router—by default, all devices within a network will automatically replicate the router’s DNS settings.
You should only change the DNS at the device level when Internet access is all you care about, which is the case for home users.
If you have a special local network, such as one with a domain controller, you should leave the device’s DNS setting at the default so that it automatically uses the settings of the network’s DNS server (the router, in most cases).
Using device-specific DNS settings, which supersede that of the router, might cause certain local services — such as file-sharing or network printing — to stop working.
There’s a third, not usually used, level of DNS settings: some software applications also allow users to pick particular DNS servers for themselves. In this case, the app DNS settings superseded that of the device or the router.
In any case, as mentioned, there are two DNS server IP addresses. The secondary (alternate) server takes effect only when the primary (preferred) one is unavailable. In some situations, you can even add a third or fourth server address.
For the steps below, I’ll use the 1.1.1.1 address (Cloudflare) as the primary and 8.8.8.8 (Google) as the secondary. But you can pick your own from the table above. It’s OK to use two servers of two different providers, but you must enter the IP addresses correctly, or you won’t able to go online.
Steps to change DNS settings in a Windows computer
On a Windows computer, open then the Network Connection in the Control Panel. The fastest way is: Click on the Start button, type in ncpa.cpl in the search field, and press Enter.
- Pick the network connection you’re using—if you’re on a laptop, it’s likely the Wi-Fi connection—and double-click on the icon to open the Status window. Then click on Properties. (Alternatively, you can right-click on the icon and then choose Properties.)
- In the Properties window, double-click on Internet Protocol Version 4 (TCP/IPv4)
- In the next window, check the Use the following DNS server addresses box and enter the addresses for the Preferred DNS server (you can use 1.1.1.1 here) and Alternate DNS Server (you can use 8.8.8.8 here).
Optional: Repeat step 3, but this time double click Internet Protocol Version 6 (TCP/IPv6) if you have that information (if not, you can skip this step). Then click on OK to close the windows and apply the changes.
The change should be in effect immediately, but restarting the computer to make sure is a good idea.
Steps to change DNS settings on a Mac
- Click on the Apple icon (top left corner), then on System Preferences, and then on the Network icon.
- Select the current network connection (it’s likely the Wi-Fi connection if you’re using a notebook), then click on Advanced…
- Click on the DNS tab.
- Use the plus (+) button under DNS Servers to enter the addresses of your liking. For example, you can use 1.1.1.1 for the first server and 8.8.8.8 for the second one.
Restart the computer, and the new server settings will be in effect.
Steps to change DNS on a router
Use the step below to change the DNS servers of the router’s Internet connection, which are different from those used for the local network.
You should change the latter — generally found in the LAN section of the interface — when you want the router to dictate which DNS server all connected devices use. This is applicable only when you have a special network, such as one with a domain controller or a separate purpose-built local DNS server.
- Log in to the router’s web interface.
- Navigate to the interface’s WAN (or Internet) section; every router has this section.
- Choose to manually enter DNS server addresses (you want to change the default value, which lets the router automatically use the service provider’s DNS servers).
- Enter the DNS addresses of your liking, such as 1.1.1.1 for the primary server and 8.8.8.8 for the secondary (backup) server. Some routers, such as those from Asus, have a list of DNS servers and their features for you to choose from besides the manual option.
- Apply the changes.
Some routers will restart themselves when you apply the change, or you can do a manual restart. After that, the new settings will be in effect.
Domain Name System: The takeaway
Considering your DNS’s significant role, again, it’s imperative that you pick one you can trust when changing the values manually. When in doubt, leave the setting as Auto, and the system will use the default, generally that of your Internet provider.
Changing the DNS setting is also a popular way to “hack” a system. In this case, the bad guys capture your DNS requests to send you to phony destinations or services. Ensure you know your DNS settings, especially at the router’s level.
Dong’s note: I first published this post on April 1, 2018, and updated it on March 9, 2024, with additional relevant information.
