Your computers, phones, and other devices normally use the Domain Name System (DNS) server with which the router is configured. Unfortunately, this is often the one provided by your Internet Service Provider (ISP). These lack privacy features and also might be slower than some alternatives.
DNS Is Not Private (Without DoH)
DNS was designed nearly 40 years ago, and it hasn’t evolved much since. It’s entirely unencrypted. This means it offers the same level of protection against nosy third parties as unsecured HTTP traffic, which is not much at all. Even if you use HTTPS, any third party in the middle of your traffic can see the websites to which you’re connecting (but not the contents of your visit). For example, on a public Wi-Fi network, the operator of that network could monitor which websites you visit.
The solution to this issue is DNS over HTTPS (DoH). This new protocol simply encrypts the contents of a DNS query so third parties can’t sniff it out. Major DNS providers, like Cloudflare, OpenDNS, and Google Public DNS, already support it. However, Chrome and Firefox are also in the process of rolling it out.
Aside from the privacy improvements, DoH prevents any tampering with DNS queries in transit. It’s just a more secure protocol, and everyone should use it.
However, even if you enable DoH in your browser, it’s up to the DNS provider to implement it. Most home network connections are configured by default to use the ISP’s DNS servers, which probably don’t support DoH. If you haven’t changed it manually, this is probably the case with your browser and operating system.
There are some exceptions, though. In the U.S., Mozilla Firefox is automatically enabling DNS over HTTPS and using Cloudflare’s DNS servers. Comcast’s DNS servers support DoH and work with Google Chrome and Microsoft Edge.
Generally, though, the only way to really get DoH is to use a different DNS service.
RELATED: How DNS Over HTTPS (DoH) Will Boost Privacy Online
Your ISP Can Log Your Browsing History
If you care at all about privacy online, using your ISP’s DNS server is a massive problem. Every request sent can be logged and tells your ISP which websites you browse, down to the hostnames and subdomains. Browsing history like this is the kind of valuable data off of which many companies make huge profits.
Many ISPs, including Comcast, claim they don’t log customer data. However, Comcast actively lobbied against DoH. Although U.S. ISPs claim they don’t collect data, (and even though it’s legal to do so), it would be very easy to implement since they control the DNS servers you use. The FTC was concerned enough to investigate whether ISPs are doing this. Laws and regulations in other countries vary, so it’s up to you whether you trust your ISP.
It’s worth noting that Comcast has adopted DoH, but this doesn’t protect your privacy when it comes to the company monitoring your DNS queries. DoH secures the connection between you and the DNS provider, but, in this case, Comcast is the DNS provider and, therefore, can still see the queries.
Of course, DNS isn’t the only way ISPs track you. They can also see the IP addresses you connect to, regardless of which DNS server you use. They can glean a lot of information about your browsing habits this way. Changing DNS servers won’t stop your ISP from tracking, but it will make it a little harder.
Using a virtual private network (VPN) for your daily browsing is the only real way to prevent your ISP from seeing what you’re connecting to online. You can check out our guide on VPNs to learn more about them.
RELATED: How to Choose the Best VPN Service for Your Needs
Third-Party DNS Servers Might Be Faster, Too
In addition to privacy concerns, DNS services provided by ISPs can be slower than Google or Cloudflare. This isn’t always the case, as your ISP will generally be closer to you than a third party, but many people get faster speeds with a third-party DNS server. It’s usually just a difference of milliseconds, though, which might not matter much to you.
RELATED: How to Choose the Best (and Fastest) Alternative DNS Server
Which Public DNS Server Should You Use?
If you want to switch to a public DNS server, you have a few options. The most common is Google’s Public DNS, which use the addresses 8.8.8.8 and 8.8.4.4.
If you trust Google less than your ISP, you can also use CloudFlare’s DNS, which claims to be the fastest and takes a privacy-first stance. The main address for it is 1.1.1.1, with an alternate of 1.0.0.1.
Lastly, you can also use OpenDNS, from Cisco. You can find the addresses for that here.
How to Change Your DNS Settings
The best way to change your DNS settings is at the router level. If you change your DNS server on your router, this change will apply to every device on your home network.
To get started, type either 192.168.1.1 or 10.0.0.1 to log in to your router.
The exact location of the DNS setting varies depending on which router you have. However, it should be somewhere in the network settings.
For example, on a Verizon router, it’s under My Network > Network Connections > Broadband > Edit. Once there, you can change the address manually and replace your ISP’s automatic servers.
If you have any trouble finding it, just do a Google search for your router model to find out where this setting is.
If you’re in a situation in which you can’t change the DNS settings on the router (like a college dorm or another location where you don’t control the Wi-Fi), you can still change the settings for your specific device. We’ll show you how to change these settings on a Mac and Windows machine (go here to find out how to change these on an Android phone or iPhone).
On a Windows machine, open “Control Panel” from the Start menu, and then navigate to the “Network and Sharing Center.” In the sidebar, click “Change Adapter Settings.”
You should see a list of your network devices on both Ethernet and Wi-Fi. If you want to change the settings for both, you’ll have to repeat the following instructions for each device.
Right-click the first device for which you want to change the DNS settings, and then click “Properties.”
Select “Internet Protocol Version 4” from the list.
In the dialog box that appears, select the radio button next to “Use the Following DNS Server Addresses,” type your preferred DNS server addresses, and then click “OK.”
On a Mac, you’ll find this option in “System Preferences” under “Network.” Click “Wi-Fi” or “Ethernet,” and then click “Advanced” at the bottom of the menu.
Under the “DNS” tab, you can modify the DNS settings for your device. Click the plus (+) or minus (-) signs at the bottom to add or remove servers.
RELATED: The Ultimate Guide to Changing Your DNS Server
How to Enable DNS Over HTTPS (DoH)
If you want to enable DoH on your browser, you can do so on Chrome, Firefox, and Microsoft Edge.
On Chrome, go to chrome://flags/#dns-over-https, and then select “Enabled” from the drop-down menu. Relaunch Chrome for the changes to take effect.
In Firefox, the option is a bit buried. Open the menu and go to Options > General. Scroll down and click “Settings” at the bottom. Select the checkbox next to the “Enable DNS over HTTPS” option. You can also select a DNS provider manually here if you prefer.
RELATED: How to Enable DNS Over HTTPS in Google Chrome