How (and Why) to Change Your DNS Server

You open your browser, type pcmag.com in the Address Bar, and get pages and pages of useful reviews and information. That’s how it works, right? Oh, you may understand that you get that information because your browser requests it from a web host server. But there’s another player involved in the flow of traffic between your browser and that server, and that’s the Domain Name System, or DNS. Understanding DNS can help you protect your online security and privacy, and even speed your web surfing.

The servers that route your internet requests don’t understand domain names like pcmag.com. They only understand numeric IP addresses like 104.17.101.99, or the longer numeric addresses from the modern IPv6 system. (By longer, I mean a lot longer. Here’s a sample IPv6 address: 2606:4700:0000:0000:0000:0000:6811:8e63. To be fair, that would typically be shortened to 2606:4700::6811:8e63, but still…)


What Do DNS Servers Do?

So, the machines only speak numbers, but the people want to use memorable domain names like girlgeniusonline.com or zombo.com. To resolve this impasse, the Domain Name System handles translating friendly domain names to numeric IP addresses.

Your home network typically relies on a DNS Server supplied by your ISP. After your browser sends the server a domain name, the server goes through a moderately complex interaction with other servers to return the corresponding IP address, thoroughly vetted and verified. If it’s a much-used domain, the DNS Server may have that information cached, for speedier access. Now that the interaction is down to numbers, the machines can handle getting the pages you want to see.


DNS Difficulties

As you can see, the Domain Name System is essential to all your internet activities. Any problems with the system can have cascading effects on your experience.

For starters, if the ISP-supplied DNS servers are slow, or not properly configured for caching, they can effectively slow your connection. This is especially true when you load a page that draws content from many different domains, such as advertisers and affiliates. Switching to DNS servers optimized for efficiency can speed up your surfing, whether in a home or business setting.

Speaking of a business setting, some companies offer DNS services with business-friendly add-ons. For example, they can filter out malicious websites at the DNS level, so the pages never reach an employee’s browser. They may also filter out porn and other work-inappropriate sites. In a similar fashion, DNS-based parental control systems help parents control children’s access to age-inappropriate content, on every device, though they admittedly lack the fine control of locally-installed parental control software.

I mentioned that your DNS server caches popular requests, so it can respond quickly, without having to query other components of the Domain Name System. Your PC or Mac also has a local DNS cache, and if the cache gets screwed up, you can have trouble visiting certain sites. This is a simple problem, one that doesn’t require switching DNS servers. All you need to do is flush your local DNS cache.

Unless you’re using a VPN (Virtual Private Network), your ISP’s DNS servers see every domain you request. You really can’t get away from that—if you want something from the internet, you can’t avoid telling someone just what you want. Your ISP knows where you go on the web, and probably doesn’t care.

However, some ISPs have found a way to monetize their DNS service. When you hit an erroneous domain, one that has no actual IP address, they divert your browser to a search and advertising page preloaded with a search phrase derived from the domain name. For example, the image below shows the results of trying to visit the non-existent funnycatpiktures.com.

Change Your DNS ISP Redirects to Search

This may seem like a nonissue. What does it matter if the ISP displays ads? But privacy-wise it’s significant. You started off with a private back-and-forth between your browser and the DNS server. The ISP broke that bubble of privacy by sending a version of your request to a search engine, where it winds up in your search history. Some people worry about the privacy of search, which is why no-history search sites like DuckDuckGo and StartPage exist.


DNS Under Attack

You’re probably familiar with the concept of phishing. Nefarious webmasters set up a fraudulent website that looks exactly like PayPal, or your bank, or even a gaming or dating site. They disseminate links to the fake site using spam, malicious adverts, or other techniques. Any hapless netizen who logs in without noticing the fakery has given valuable login credentials to the bad guys. And the fraudsters typically use those credentials to log you in to the real site, so you don’t realize anything has happened.

The one thing that gives these frauds away is the address bar. Keeping a sharp eye on the address bar is one way to avoid phishing scams. Some are egregious, like a page that purports to be, say, LinkedIn, but has a totally unrelated domain such as bestastroukusa.com. Others work harder to fool you, with slightly-off names like microsfot.com, or extremely lengthy URLs that conceal the actual domain. But no matter how they try, they can’t fool an eagle-eyed web surfer.

Change Your DNS Phishing Scam

That’s where cache poisoning comes in. In this kind of attack, malefactors infiltrate incorrect information into the Domain Name System, typically by manipulating the cache. The user types a valid domain name, the poisoned DNS system returns the IP address for a fraudulent site, and the Address Bar shows the valid name. Unless the miscreants did a poor job imitating the target site, there’s no visible clue to their chicanery.

A similar attack called DNS hijacking happens on your local computer. Malware running on the system reaches into the TCP/IP settings and simply switches you over to a DNS server controlled by hackers. Of course, this only works if the malware in question can get past your antivirus, but there are still a few folks who haven’t got the message about using antivirus on every computer.


What’s the Best DNS Server?

DNS attacks and problems occur when DNS isn’t a priority for your ISP. Getting away from these problems can be as simple as switching to a service that makes DNS security and privacy a priority.

Google Public DNS has been available since 2009, with the easy-to-remember IP addresses of 8.8.8.8 and 8.8.4.4. Google promises a secure DNS connection, hardened against attacks, as well as speed benefits.

Founded in 2005, OpenDNS has been offering secure DNS even longer. It doesn’t have memorable IP addresses like Google’s, but does offer a variety of services. In addition to DNS servers focusing on privacy and security, it offers what it calls FamilyShield servers, which filter out inappropriate content. The company also offers a premium parental control system that gives parents more granular control over filtering. Its parent company Cisco supplies enterprises with Cisco Umbrella, which includes a security and DNS services for businesses.

Cloudflare may be the biggest internet company you’ve never heard of. With a sprawling, worldwide collection of servers, it offers websites internet security and protection against Distributed Denial of Service attacks, among other services. Starting in 2018 Cloudflare made secure DNS available, at the very memorable IP addresses of 1.1.1.1 and 1.0.0.1. The company also offers a free desktop and mobile app, cleverly named 1.1.1.1, which automates using secure DNS and provides related privacy protection features.

There are other free, public, security-centric DNS services, but you won’t go wrong with these three big ones.


How Do I Change My Router’s DNS Server?

As far as switching your router to a fast, secure DNS server, I have good news and bad news. The good news is that if you make the change in your router settings, it affects every connected device. Not just computers and smartphones, mind you, but video doorbells, smart baby monitors, even internet-aware lightbulbs. The bad news is that the precise technique for changing your router’s DNS settings is different for every router.

To get started, search the web by appending “change DNS” to the make and model of your router. If you’re lucky, you’ll find a clear set of instructions. Navigate to the desired setting and enter the primary and alternate DNS addresses for the service you chose. You may need to restart the router for the change to take effect.

If your router is an all-in-one handling internet and TV signals, and possibly phone as well, you may not be able to make this change. These high-end multi-function devices don’t make it easy to directly access settings, and even when they do, they may not allow you to switch to another DNS server. A true network expert could install a standard router upstream from the all-in-one and thereby take greater control over the network, but most of us aren’t true network experts.


How Do I Change My Device’s DNS Server?

Now all the devices on your home network are using fast, secure DNS, but you’ve probably got some devices that don’t stay on the home network. When your laptop or smartphone connects to the free Wi-Fi at that sleazy internet café, you’re also using whatever DNS server the owner chose as the default. Who needs cache poisoning when you have total DNS control?

Change Your DNS Windows 10

That’s why you should change the local DNS settings on your laptops and mobile devices. Just how you do that varies by platform. On Windows 10:

  1. Press Windows+I to open Settings,
  2. Click Network & Internet,
  3. Click Change adapter options,
  4. Right-click your internet connection and choose Properties,
  5. Select Internet Protocol Version 4 and click the Properties button,
  6. Click the item labeled Use the following DNS server addresses,
  7. Enter the two addresses,
  8. Click OK, and
  9. Repeat the process for Internet Protocol Version 6.

Yes, that’s quite a few steps, but you can do it!

Change Your DNS macOS

If you’re using a macOS laptop:

  1. Select System Preferences from the Apple menu,
  2. Select Network,
  3. Highlight the Wi-Fi connection and click the Advanced button,
  4. Click the DNS tab,
  5. Use the plus-sign button to add both IPv4 and IPv6 DNS addresses, and
  6. Use the minus-sign button to remove any existing addresses.

Change Your DNS Android

Where old versions of Android made setting your own choice of DNS servers quite difficult, it’s easy in modern versions. Well, almost.

  1. Tap Settings,
  2. Choose Network & Internet,
  3. Tap Advanced,
  4. Tap Private DNS,
  5. Tap Private DNS provider hostname, and
  6. Tap Save.

That next-to-last step is the reason I said it’s almost easy. Android doesn’t let you enter an easy IP address like 1.1.1.1 or 8.8.8.8. Instead, you must enter the corresponding hostname. For Google Public DNS, that’s not too bad—it’s dns.google. But for CloudFlare, you’ll have to type 1dot1dot1dot1.cloudflare-dns.com.

Apple’s iOS protects you from all kinds of security problems by locking down settings that other operating systems leave open. This added security can get in the way, though. You can change DNS settings on an iOS device, but you must do it again every time you connect to a new Wi-Fi network. As for your cellular connection, there’s no way to change its DNS settings. Those using iOS need a third-party app to get global DNS control. A VPN would do the job, as would Cloudflare’s 1.1.1.1 app.


Upgrade the DNS Server, Save the World

You never see them in action, but without DNS servers the internet just wouldn’t work. They translate human-friendly domain names into machine-friendly IP addresses. Right now, chances are good you’re using a DNS server supplied by your ISP, a server whose quality is unknown, owned by an entity that likely doesn’t value your privacy. Switching to a third-party DNS service can both speed your internet activity and protect against tricky DNS-based attacks. Give it a try!

Menu