Back to Blog

Private DNS: The Complete Guide to Secure Browsing

Computers talk with each other in numbers and humans in words. That's a simplification, of course, but it gives us a good idea of what DNS servers do — translate words of domain names (cometvpn.com) into numbers of IP addresses (172.67.201.66). A DNS server can be a privacy hazard as it has to be informed about every website you visit. A private DNS solves this problem by allowing you to use a DNS provider of your choice, possibly with encryption. We explain what private DNS is and how to set it up below.

7 min read

In This Article
  1. What is Private DNS and Why Does It Matter?
  2. Why Should You Use Private DNS?
  3. How Does Private DNS Work?
  4. Benefits of Using Private DNS
  5. How to Set Up Private DNS on Android Devices?
  6. Setting Up Private DNS on Other Devices
  7. Private DNS on Windows 11
  8. Private DNS on Mac
  9. Private DNS iOS
  10. How to Choose the Best Private DNS Provider?
  11. Cloudflare
  12. Google DNS
  13. Quad9
  14. Private DNS vs VPN
  15. Conclusion

What is Private DNS and Why Does It Matter?

Domain Name System (DNS) is known as the phone book of the internet. Your devices use it to find IP addresses for domain names you enter into a browser. It's a crucial piece of internet infrastructure without which we would all enter numbers to surf the web. Nobody wants that.

So, by default, you use a DNS server set by your Internet Service Provider (ISP). The problem is that it gives ISPs or government DNS servers way more power than you would like to. We can counter that by changing your DNS settings to enable private DNS mode.

A private DNS is a service that allows you to route your DNS queries in a custom way while using servers other than the default one. Additionally, a private DNS service can use encryption to make your connection more secure and private.

The naming and functioning might be a bit confusing. Sometimes, it's called a private DNS resolver since that's the actual part of translating (resolving) domain names into IP addresses. Smartphone and PC settings often call private DNS a collection of settings to enable private DNS mode.

Larger networks, such as big companies, host private DNS servers themselves, implementing encryption and using a custom list of domain names (DNS namespace) more effectively. In some contexts, only such Domain Name System setups are called private DNS.

Why Should You Use Private DNS?

You don't need to invest in self-hosting a DNS server to better your browsing experience. A private DNS provider can be as effective for most major cases of using a private DNS.

  • DNS resolution speed – lookup speeds differ in milliseconds between servers, but some countries and ISPs are notoriously slow.
  • Bypassing or implementing DNS blocking – ISPs, governments, or network administrators can limit your access to certain websites. It can be a positive security measure when only known malicious domains are blocked by a private DNS server.
  • Avoiding DNS snooping – malicious actors may infiltrate unencrypted DNS servers and monitor your online activity
  • Avoiding DNS tampering – hackers can perform unauthorized modifications to public DNS queries, resulting in users visiting malicious websites unintentionally.
  • Avoiding DNS leaks – your ISP can view your DNS queries even when you are using a VPN, negating much of its usefulness.

How Does Private DNS Work?

A private DNS works by sending the domain names you enter to a private server instead of the default one imposed by your ISP. The server there can have different matches of IP addresses and domain names (DNS zone files), allowing you to bypass restrictions or access the web faster than with default DNS.

However, once you enable private DNS, it can do much more than resolve and filter your queries. The other main function is implementing encryption to prevent DNS snooping, tampering, and leaks. There are two main DNS encryption methods.

  • DNS-over-TLS (DoT) uses the same Transport Layer Security (TLS) encryption that most websites (with HTTPS protocol) use, but the requests are still sent via specific ports (853).
  • DNS-over-HTTPS (DoH) also encrypts DNS queries but uses a port that opens for all HTTPS traffic (443), which makes it harder to differentiate DNS requests from other network traffic.

Benefits of Using Private DNS

  • Enhanced security. No matter which encryption method your DNS provider uses, it will be much more difficult for someone to mess with your DNS requests. Encryption ensures that your DNS requests and responses haven't been tampered with.
  • Enhanced privacy. Keeping your DNS requests in a private network or within a private DNS provider limits the effectiveness of attempts by cybercriminals and ISPs to monitor your activity. It enhances the effects of other privacy measures, such as VPNs.
  • Improved network speed. In most cases, a Private DNS resolver is faster than a public one, which can increase your network speeds. Depending on the task and past DNS provider, the increase can be quite noticeable.

How to Set Up Private DNS on Android Devices?

Starting with Android 9 (Pie) and later, devices using this operating system support DNS over TLS to secure and encrypt requests. Unlike previous Android versions, this private DNS mode allows the DNS resolving to be configured for each Wi-Fi and mobile connection the device joins.

  1. Open Settings.
  2. Depending on your device, find Connections or Connectivity Options.
  3. Tap on Private DNS (Alternatively, you can simply search for Private DNS in the search field).
  4. Select Private DNS provider hostname.
  5. Type "dns.google" or the name of a private DNS provider of your choice.
  6. Save changes.

Setting Up Private DNS on Other Devices

Most other devices can also use a private DNS mode, but the setup slightly differs. Besides navigation, you might also need to enter the private DNS server's IP address instead of its name.

Private DNS on Windows 11

  1. Open Settings
  2. Find Network & Internet
  3. Press on Wi-Fi or Ethernet, depending on which one you are using.
  4. If you use Wi-Fi, select your Wi-Fi properties.
  5. Scroll a bit down and edit the IP assignment.
  6. Select manual from the dropdown menu.
  7. Turn on IPv4.
  8. Enter The IP addresses of your preferred private DNS server. For example, 1.1.1.1 and alternate DNS 1.0.0.1 for Cloudflare DNS.
  9. Additionally, turn on DNS over HTTPS to configure private DNS encryption.

Private DNS on Mac

  1. Click on the Apple Logo in the upper left corner.
  2. Select System preferences.
  3. Click on Network.
  4. Press on the name of the Wi-Fi or Ethernet connection you are using.
  5. Cilck on the Advanced window.
  6. Enter the DNS tab.
  7. Click on the + sign.
  8. Enter the IP address of your private DNS server provider.Apply the changes. You might need to restart the device for the changes to take effect.

Private DNS iOS

  1. Go to Settings.
  2. Open Wi-Fi tab
  3. Select the Wi-Fi you are currently using.
  4. Scroll down to find Configure DNS.
  5. Click on the manual.
  6. Tap on Add Server.
  7. Write the IP address of your preferred private DNS server.

How to Choose the Best Private DNS Provider?

No matter what your device is, private DNS mode will require you to enter the credentials of a DNS provider. There are many Private DNS server providers to choose from that differ in speed, security features, and privacy policies.

If this is your first time changing DNS manually, it's best to stick with some major and reliable providers. Here are a few ones that we recommend.

Cloudflare

Cloudflare is a major provider of cloud services, web hosting, and other network services. Millions of websites are based on their solutions, so routing your DNS queries through their servers is most likely to be fast.

It's also known for ensuring privacy, encrypting your DNS requests, and not limiting what you can access. They also can provide content filtering for blocking malware and adult content if you have special DNS IP addresses - 1.1.1.2 and 1.1.1.3, respectively.

Google DNS

  • DNS provider hostname: dns.google
  • IPv4 IP addresses: 8.8.8.8 and 8.8.4.4

Google is the most visited website on the internet, and YouTube, owned by the same company, is second. If anyone is able to maintain fast servers, including DNS, it's Google. Besides, it's likely that a lot of your traffic will interact with Google services anyway.

The promises of not keeping any tabs on your activity aren't that compelling when compared to Cloudflare. Still, millions of people already trust the encryption of Google Public DNS, and it's likely to open up more blocked websites more securely than your ISP would.

Quad9

  • DNS provider hostname: dns.quad9.net
  • IPv4 IP addresses: 9.9.9.9 and 149.112.112.112

Quad9 is a specialized DNS service provider that aims to give users the best speed and malicious content filtering. It operates as a Swiss-based foundation supported by such organizations as IBM and Global Cyber Alliance.

While it may be a bit slower than Cloudflare and Google, you can be sure of other benefits while using Quad9. Their DNS servers use the best encryption, don't collect any data, and have an in-built malware filter.

Private DNS vs VPN

A private DNS server, even an encrypted one, is no substitute for a VPN service. It will protect how your queries to convert domain names to IP addresses are resolved.

That way, your ISP or some malicious actors won't be able to tinker with what addresses your devices look for before visiting them. However, the data you send and receive from these websites is still up for grabs.

The whole traffic can only be encrypted with a secure tunnel provided by a Virtual Private Server (VPN). A trusted VPN will route your data through a server somewhere else, changing your IP address along the way.

These functions cannot be achieved using only a private DNS or even by what's marketed as a smart DNS service. Still, a public DNS can sabotage your VPN, so it's recommended to use a private one with your VPN.

Conclusion

Switching to a private DNS is one of the easiest things you can do to improve your privacy, security, access possibilities, and, in some cases, even network speeds. This article covered enough to get you started, but be sure to understand everything fully before making any changes.

Share article

Related articles

4 min read

Best Residential VPN Providers in 2024

A Virtual Private Network (VPN) encrypts your traffic and hides your IP address. The way these functions are accomplished affects various aspects of your online privacy and security. Here, we'll consider using residential IP addresses instead of those originating from a data center. A residential VPN has advantages compared to traditional ones, but there are some caveats. It all boils down to residential VPN providers. The worst ones may even create more risks than benefits. We'll end this article with a list of the best residential VPN providers on the market.

3 min read

Ethernet vs Wi-Fi: Which One is Better?

Ethernet and Wi-Fi are the two main ways to connect your computer to the internet. While Wi-Fi has received significantly more attention in recent years, especially among consumers, due to its simplicity and flexibility, ethernet is still widely used in various other applications. Even if Wi-Fi is significantly more popular, it isn’t strictly better. Both methods have their benefits and drawbacks. Wi-Fi’s popularity comes from its ease-of-use and flexibility, but an ethernet connection can be much more useful in certain scenarios.

4 min read

How to Change Chrome Proxy Settings: The Ultimate Guide

A proxy server is an easy alternative to a VPN that can perform most of the functions of the latter. It’s a server that stands between your device and the destination server, taking your connection requests and forwarding them in your name. Destination servers in almost all cases see the proxy server as the originator of the request. As such, proxies are widely used in various, mostly business-related applications whenever privacy, security, location changing, and several other factors are at play.