The Domain name system (DNS) is one of the most important aspects of Internet connectivity, but it is something most people don’t think about or are even aware of.
All internet service providers and mobile phone networks will use their own DNS servers, therefore, regular people will likely have never thought about using a different DNS server.
Why bother when the Internet works perfectly well?
There are many good reasons to change your DNS server, many specialist DNS servers can help improve the overall performance of your Internet connection, or they can provide you with additional functionality to improve security, privacy or reduce adverts you see.
This article will hopefully shed light on the role of DNS servers, what features they can offer, and what are the best DNS servers. I will follow up this post with guides on changing your DNS settings on devices and routers.
Domain Name System – What is a DNS Server?
A DNS server, which stands for Domain Name System server, plays a crucial role in translating human-friendly website addresses, known as domain names (like mightygadget.com), into the numerical IP addresses that computers use to locate and access those websites on the Internet. Think of it as a digital phonebook that helps your devices connect to the right online destinations.
Imagine you want to visit a website. Instead of typing in a long string of numbers (IP address), you just type in the domain name, and your device sends a request to a DNS server. This server then looks up the corresponding IP address for that domain and returns it to your device, allowing you to access the website seamlessly. It’s like the bridge between the easy-to-remember names we use and the technical addresses computers understand.
Does a DNS server make a difference?
Not all DNS servers are created equal. When you connect to the Internet, your Internet Service Provider (ISP) usually assigns you a default DNS server. However, there are alternative DNS servers available, like Google’s (18.104.22.168) or Cloudflare’s (22.214.171.124), that can offer benefits like faster loading times, improved security, and enhanced content filtering.
When you use a faster DNS server, like those provided by companies focused on speed and reliability, your web pages tend to load more quickly. This can be particularly noticeable when browsing image-heavy or content-rich sites.
Now, let’s talk about security. Some DNS servers offer features like DNSSEC (Domain Name System Security Extensions), which helps prevent certain types of cyberattacks, like DNS spoofing or cache poisoning. This can be a valuable aspect for your readers who prioritise online safety.
Does a DNS server make a difference to Internet speed?
Yes, the quality of the server can have an impact on the performance of the Internet. Some servers are optimised for speed, while others may have additional features.
A DNS server’s impact on Internet speed is associated with its responsiveness in translating domain names into corresponding IP addresses. It won’t actually improve the overall throughput you are able to achieve, you won’t download movies faster, but the DNS server allows your browser or other apps to translate domain names into an IP quicker, making websites appear to load up faster.
Does a DNS server make a difference to privacy?
Yes, there can be some significant benefits to privacy with certain DNS servers and specific DNS technologies.
The relationship between DNS servers and privacy resides within the realms of data visibility, encryption, and control over user information.
At its core, a DNS server acts as a directory that translates user-friendly domain names into numerical IP addresses, facilitating the routing of data packets across the Internet. This translation process involves transmitting queries to DNS servers, potentially disclosing users’ browsing activities. Traditional DNS queries are sent in plaintext, rendering them susceptible to interception and surveillance.
However, a notable shift towards enhancing DNS privacy has emerged. DNS over HTTPS (DoH) and DNS over TLS (DoT) are protocols designed to encrypt DNS queries and responses, mitigating the risk of eavesdropping and tampering. By funnelling DNS traffic through encrypted channels, these protocols thwart malicious actors from extracting sensitive information from DNS transactions.
When selecting a DNS server, privacy-conscious users often opt for providers that offer DoH or DoT support. This choice mitigates the potential for ISPs or other intermediaries to monitor and analyse DNS traffic. Noteworthy DNS providers, like Cloudflare and Quad9, champion these protocols, aligning with a heightened emphasis on preserving user privacy.
Moreover, the selection of a DNS server can also influence users’ exposure to certain online risks. DNS servers that incorporate filtering mechanisms can block access to malicious domains, preventing users from inadvertently accessing harmful content or falling victim to phishing attacks.
While the privacy-enhancing capabilities of DNS servers are evident, it’s essential to underscore that the broader online privacy landscape extends beyond DNS considerations.
Does a DNS server make a difference to security?
Yes, in the same way, a DNS server can improve privacy. DNS servers integrate measures to combat cyber threats proactively. By filtering out access to known malicious domains, these servers can preemptively thwart attempts to connect to sources of malware, phishing, or other malicious content. Such filtering, often implemented in collaboration with threat intelligence providers, augments users’ defences against online hazards.
One aspect where improved security through DNS can be beneficial is with Internet of Things (IoT) devices. Vulnerabilities in IoT devices can expose larger networks to security breaches. Employing DNS servers that provide enhanced security measures can contribute to minimising the attack surface and fortifying the security posture of interconnected devices.
What is a Smart DNS?
A Smart DNS emerges as a sophisticated solution at the crossroads of DNS (Domain Name System) optimisation and geo-restriction circumvention. In essence, a Smart DNS serves as a mechanism to refine users’ internet experiences by facilitating seamless access to regionally restricted online content.
Unlike conventional DNS servers that primarily focus on translating domain names into IP addresses, a Smart DNS brings an additional layer of functionality to the table. It enables users to override geographical restrictions that are often imposed by content providers on a regional basis. This entails rerouting specific DNS queries related to geo-restricted services through alternative servers, thereby granting users access to content that might otherwise be inaccessible in their geographical location.
The efficacy of a Smart DNS hinges on its capacity to decipher which DNS queries are linked to geo-restricted content. Upon identifying such queries, the Smart DNS forwards them through designated servers located in regions where the content is accessible. Consequently, users’ devices are bestowed with the appearance of being situated in these regions, enabling them to bypass the content limitations based on their physical location.
It’s important to note that while a Smart DNS offers a streamlined method for circumventing geo-restrictions, it doesn’t inherently encrypt users’ internet traffic. Therefore, for users who prioritise both unimpeded content access and enhanced data security, employing a Virtual Private Network (VPN) might be a more comprehensive solution. VPNs encompass both DNS manipulation and data encryption, affording users an encompassing approach to both accessing restricted content and bolstering online security.
Advanced DNS Technologies
What is DNS-over-HTTPS?
DNS-over-HTTPS (DoH) is an innovative protocol designed to enhance the privacy and security of DNS (Domain Name System) transactions. In traditional DNS, queries and responses occur in plaintext, which can be vulnerable to eavesdropping and tampering. DoH addresses this concern by encrypting DNS queries within HTTPS, the secure communication protocol used for web traffic. By leveraging the same encryption used for secure web browsing, DoH ensures that DNS queries remain confidential and shielded from potential interception, adding an extra layer of protection to users’ online activities. This advancement in DNS technology aligns with your interest in privacy and security, and its implementation can significantly contribute to fortifying online experiences and data protection.
What is DNS-over-TLS?
In DNS-over-TLS, the encryption takes place over a secure Transport Layer Security (TLS) connection. This approach leverages the established security mechanisms of TLS to ensure that DNS queries remain confidential and protected from interception and manipulation. Similar to how HTTPS secures web traffic, DoT safeguards DNS communications, making it harder for unauthorised entities to access or tamper with the exchanged data.
While DoH uses the HTTPS infrastructure to encapsulate DNS queries, DNS-over-TLS focuses on utilising the secure TLS protocol directly. Both protocols offer robust privacy enhancements by encrypting DNS traffic, making it challenging for third parties to observe or modify users’ DNS activities.
What is DNS-over-QUIC?
DNS-over-QUIC (DoQ) is an emerging protocol that shares the overarching goal of enhancing the privacy and security of DNS transactions, much like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). However, it employs a distinct underlying technology known as QUIC (Quick UDP Internet Connections) to achieve this objective.
QUIC is a transport protocol developed by Google that prioritises performance and security. It combines the strengths of TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) to provide secure and efficient communication. DNS-over-QUIC utilises the QUIC protocol to encrypt and transmit DNS queries and responses, ensuring that the exchanged data remains confidential and resistant to interception.
Compared to DNS-over-HTTPS and DNS-over-TLS, DNS-over-QUIC seeks to address potential performance bottlenecks that could arise from using TCP-based encryption. By leveraging QUIC’s optimised communication mechanisms, DoQ aims to reduce latency and improve the efficiency of DNS transactions while maintaining the encryption benefits offered by HTTPS and TLS.
Best DNS Servers
The best DNS server is subjective, but I will do my best to cover popular options that are well-known to be best than the default DNS server that your ISP or mobile network will likely provide.
What is the best free DNS server?
Google Public DNS (126.96.36.199, 188.8.131.52)
Heralded for its responsiveness and reliability, Google’s Public DNS has garnered a reputation as a solid choice. Its global infrastructure promises faster query resolutions, enhancing browsing speed. However, while Google is transparent about its data usage policies, opting for Google’s DNS does involve sharing DNS query data for analytical purposes.
Cloudflare DNS (184.108.40.206, 220.127.116.11)
Cloudflare DNS places a premium on privacy and performance. It offers DNS over HTTPS (DoH) and DNS over TLS (DoT) for encrypted communication, ensuring that queries are shielded from potential eavesdropping. With a focus on speed, Cloudflare’s DNS emphasises rapid query responses and enhanced security.
Quad9 is a non-profit DNS provider known for its emphasis on security. It employs threat intelligence from multiple sources to block access to known malicious domains, adding an additional layer of protection against cyber threats. Quad9 also supports DoH for encrypted communication.
OpenDNS (18.104.22.168, 22.214.171.124)
OpenDNS, now part of Cisco, offers both a free and a premium option. Its free service, known as “OpenDNS Home,” includes customisable content filtering, allowing users to block access to specific types of websites. This feature can be particularly valuable for families seeking to control internet access for children.
What is the best paid-for DNS server?
NextDNS is the service I personally use, and therefore placing it at the top of my recommendation. Like many premium DNS servers, there is a free tier, but this is limited to 300,000 queries/month (which is probably fine for most people). The premium tier is £17.90/year.
NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks.
It supports DNS-over-TLS/QUIC and DNS-over-HTTPS. They also have a wide range of setup guides, and they have apps for Android, iOS, Windows and macOS.
NextDNS provides the same sort of functionality that you get with popular ad-blocking solutions such as PiHole and AdGuard Home. You can add blocklists that have the ability to block adverts & trackers.
There are also parental control features and various security features, such as AI-Driven Threat Detection, which claims to block millions of threats detected by AI technology.
You can also view your analytics, where you can see what domains are being resolved or blocked, the IP address your use, and depending on your settings, you can view which devices use the service.
I personally use NextDNS instead of PiHole nowadays, as I can use it for all my devices. I have it set up on the router, so all devices within my home network use it, but also manually assigned to my Honor Magic5 Pro, Nighthawk M6 Pro mobile router, and my laptops. So, whenever I travel, I continue to have the security and ad-blocking benefits of the DNS server.
I like AdGuard, and I use the AdGuard app and browser extension on my work PC, and I have AdGuard Home set up, but I don’t really use it now.
AdGuard also has its own premium DNS service, which is much like the NextDNS service. I have not had a chance to use this service yet. They have a free tier with 300K monthly requests, just like NextDNS, but it is limited to 5 devices and 2 servers (you could use it on your router to protect all your devices). The personal plan is $19.99+VAT, so around the same price as NextDNS.
Cloudflare Warp+ (126.96.36.199 with Warp+)
Cloudflare offers a premium version of its free DNS service called Warp+. This service not only prioritises the privacy and performance elements of the free DNS but also includes the benefits of Cloudflare’s VPN service. With Warp+, users gain access to Cloudflare’s virtual private backbone, potentially leading to faster internet speeds and added security. This combination could be particularly appealing for users seeking an all-in-one solution.
OpenDNS, now under Cisco, provides a paid service called “Umbrella.” This service extends beyond DNS resolution, encompassing features like web filtering, threat intelligence, and content categorisation. It’s an attractive option for businesses and organisations aiming to fortify their security posture while also managing and controlling internet access for their network users.
Dyn Standard DNS
Dyn, now a part of Oracle, offers a Standard DNS service that emphasises reliability and scalability. This paid service is tailored for businesses and enterprises requiring a robust DNS infrastructure that can handle high query volumes without compromising performance. It’s an excellent fit for companies with mission-critical online operations.
Neustar’s UltraDNS is engineered to provide enterprise-level DNS services, catering to businesses that require an extensive suite of features. It offers advanced traffic management capabilities, DDoS protection, and comprehensive analytics. If your focus extends to exploring DNS solutions on an enterprise scale, Neustar’s UltraDNS could be a compelling option to explore.
What is the best self-hosted DNS server for devices like RPI 4?
For many tech-savvy enthusiasts, setting up a device on your network that manages your DNS has become a popular option. The main reason for this is to implement network-level advertisement and Internet tracker blocking.
These self-hosted applications are often run on the affordable Raspberry Pi, but they can also be installed on servers or NAS devices. Using docker to install these on a NAS or a server tends to be the popular option.
Not all of these are strictly DNS servers. They often use a DNS server themselves (such as Pi-Hole) but will apply filters based on block lists. For things like Pi-Hole, you can technically apply multiple layers of filtering by using a privacy focussed or adblocking DNS server on the Pi-Hole itself.
Pi-hole stands as a popular choice among Raspberry Pi enthusiasts. It combines DNS-based ad blocking with network-wide tracking protection. By configuring the RPI 4 as a Pi-hole server, users can enjoy a streamlined browsing experience devoid of unwanted ads and tracking elements. Pi-hole’s user-friendly interface and the ability to add custom blocklists make it an accessible and versatile choice.
AdGuard Home isn’t quite as popular as the oft-recommended Pi-hole, but many people think it is superior.
By running AdGuard Home on a server, such as a Raspberry Pi or a computer, users can gain control over their network’s DNS resolution process.
AdGuard Home’s primary purpose is to block online ads, trackers, and other unwanted content at the DNS level. When devices in your network make DNS requests to access websites, AdGuard Home intercepts those requests and filters out any domain names associated with advertisements or tracking services. This results in a cleaner and faster browsing experience across all devices connected to your network.
In addition to ad-blocking, AdGuard Home provides users with the ability to customise filters and blocklists, allowing for tailored content filtering based on their preferences. It can also help protect against phishing and malware domains by preventing access to known malicious sites.
Unbound is a security-focused, recursive DNS server that excels at delivering optimal performance while prioritising privacy. It can be configured to run as a local DNS resolver on the RPI 4. With its emphasis on DNSSEC validation and support for DNS over TLS, Unbound enhances both security and user privacy.
BIND (Berkeley Internet Name Domain)
BIND is a mature and robust DNS server software that offers extensive configuration options. While it might be more suitable for users with a solid understanding of DNS and network administration, it provides the flexibility to create a customised DNS environment on the RPI 4.
Knot DNS is a modern, high-performance DNS server designed with a focus on security and extensibility. It offers features like DNSSEC support, and its lightweight nature makes it suitable for running on resource-constrained devices like the RPI 4.
PowerDNS provides authoritative and recursive DNS server software options. Its modular architecture allows users to select the components that best suit their needs. The Authoritative Server and Recursor modules can both be configured to run on an RPI 4, enabling users to tailor their DNS server setup according to their requirements.
What is the best paid-for DNS server for ad blocking?
Much of the above covers ad blocking using a DNS server, and I have recommended several popular options already. But, if you are here specifically for a premium DNS server specialising in ad blocking, then you should consider these:
I have already mentioned NextDNS in the early premium DNS recommendation. I am again listing it first purely because this is what I use, and I don’t have any experience of the other options yet.
NextDNS Premium takes ad blocking to the next level with customisable and advanced filtering options. It offers extensive control over blocking categories, allowing users to fine-tune their ad-blocking preferences. NextDNS also provides analytics and insights into network activity, enhancing visibility into the effectiveness of ad blocking.
AdGuard DNS Premium
AdGuard DNS Premium offers an all-inclusive solution for ad blocking at the DNS level. With a subscription, users gain access to advanced ad blocking, filtering, and protection against phishing and malicious websites. AdGuard’s DNS servers are known for their efficiency and extensive blocklists, making them a powerful choice for users seeking a comprehensive ad-blocking solution.
CleanBrowsing provides family-oriented DNS filtering solutions, including ad-blocking. Their paid plans include advanced ad and malware blocking, ensuring a safer and cleaner browsing experience for all devices on the network. CleanBrowsing offers customisation options for different age groups, making it suitable for families with varying internet usage requirements.
AdBlock DNS is a specialised service that focuses solely on ad blocking through DNS. It provides dedicated DNS servers optimised for blocking ads and tracking domains. AdBlock DNS is designed to seamlessly integrate with devices and routers, ensuring consistent ad blocking across the network.
AdAway Pro is a premium version of the popular AdAway app, extending its capabilities to DNS-based ad blocking. With AdAway Pro, users can experience ad-free browsing across their devices. It’s an attractive option for those who value the convenience of an app-based solution.
I am James, a UK-based tech enthusiast and the creative mind behind Mighty Gadget, which I’ve proudly run since 2007. Passionate about all things technology, my expertise spans from computers and networking, to mobile, wearables, and smart home devices.
As a fitness fanatic who loves running and cycling, I also have a keen interest in fitness-related technology, and I take every opportunity to cover this niche on my blog. My diverse interests allow me to bring a unique perspective to tech blogging, merging lifestyle, fitness, and the latest tech trends.
In my academic pursuits, I earned a BSc in Information Systems Design from UCLAN, before advancing my learning with a Master’s Degree in Computing. This advanced study also included Cisco CCNA accreditation, further demonstrating my commitment to understanding and staying ahead of the technology curve.
I’m proud to share that Vuelio has consistently ranked Mighty Gadget as one of the top technology blogs in the UK. With my dedication to technology and drive to share my insights, I aim to continue providing my readers with engaging and informative content.