Domain name system (DNS) is the first thing you must use—whether or not you’re aware of that—before you can get “online.” Its role is so important, essential, and valuable that many companies want to provide you with its service, called DNS servers, for free.
So what’s DNS, exactly? This post will answer that question and explain, in simple terms, the zeal around DNS hosting, why not all DNS services are created equal, and why it’s crucial to pick the right one for your network. I’ll also include a list of useful, free DNS servers you can use on your computer or across your entire home network.
As usual, paying attention is the key. While greatly simplified, the information in this post is somewhat advanced and applicable only to those comfortable with IP addresses and familiar with home networking basics.
Domain Name System: What it is and the real-world role of a DNS server
When one network device connects to another, either locally within a home network or via the Internet, it does so using the target’s IP address.
You can manually enter the target’s address, such as when you want to quickly access a local NAS server or manually build a computer’s hosts file. But that’s tedious and prone to mistakes.
In daily life, using a DNS server is generally the norm. Nobody wants or can remember the actual IP addresses of websites or any online services. It’s hard even to remember their names alone.
The point is that the use of DNS servers is synonymous with the Internet’s existence—they operate behind the scenes so that each time you click a link, it takes you to the intended destination.
What are DNS servers?
In a nutshell, a DNS server is similar to a public directory. It points you to where you want to go among millions of online websites, applications, and services.
Here’s a specific example of the role DNS plays:
Let’s say you want to access this website directly and enter its domain name— DongKnowsTech.com—in your browser, such as Chrome, Firefox, or Edge. The following will happen:
- The browser queries the system’s designated DNS server about the user-provided domain name.
- The DNS server looks up the domain name to verify that it exists and is associated with a website. If so, it returns the website’s unique IP address, which is a string of seemingly random numbers.
- The browser follows that IP address to load the page you’re viewing, while showing https://dongknowstech.com or another meaningful URL in the address bar.
This process occurs because computers only understand numbers, while humans are bad at remembering them. In a way, the domain name is the vanity moniker of a website’s IP address. “DongKnowsTech” is much easier to remember than, say, 73.124.79.110, or any other random string of numbers.
And you’re reading this page on your screen because such a process has worked. A similar procedure occurs whenever you want to reach an online party using any application.
In many ways, a DNS server is similar to the once-commonplace telephone directory service, where you only need to remember a person’s name, not their phone number. It’s the first thing that must happen before a typical network connection can be established.
The faster a DNS server is, the less time you need to wait to reach a domain. Technically, this results in a “faster” Internet experience—there’s less wait time before a webpage appears on the screen.
In reality, almost all DNS servers deliver the same speed. The lookup time is generally so short that even the slowest DNS server won’t produce a tangible delay, especially given the often more time-consuming subsequent processes, including the speed and quality of your Internet or Wi-Fi connection.
Still, an even shorter lookup time never hurts, and many companies use the perceived improvement in speed as a general premise to lure customers into using their DNS servers. That’s because if true, speedier Internet access would be the least noteworthy aspect of DNS.
DNS equals privacy, security, and control
Since you need to reach the DNS server before anywhere else on the Internet, the server’s owner, among other things, has the first say on your online activities and, at the very least, a log of what websites/services you use.
Somewhat like the usher in the online world, the DNS server makes the ultimate decisions regarding your online experience. Specifically, it can take you to where it wants, block your access to certain sites or services, or, conversely, keep certain content from your local network.
You can use DNS to effectively manage Parental Controls, adblocking, privacy, security, and more. However, using a poor-quality server can also lead you to the wrong places or make you more vulnerable to malicious actors.
With all that power, being the DNS service is a well-sought-after privilege, so much so that many companies offer free servers.
Indeed, since December 2009, Google has been offering its popular DNS servers at 8.8.8.8 and 8.8.4.4 addresses. In April 2018, Cloudflare joined the game with a new public server, claiming to deliver faster speeds and better security via an easy-to-remember address: 1.1.1.1.
And since then, there have been even more free DNS providers with various premium add-on security and privacy features. As a result, from the users’ perspective, picking a trustworthy DNS provider is extremely important.
DNS and DoH
As you might have heard, DoH is short for DNS over HTTPS—the “s” in HTTPS is for “secure”.
In short, DoH is a protocol for performing DNS resolution via a secure connection. It increases user privacy and security by preventing someone from intercepting, eavesdropping on, or even manipulating the DNS request.
Most Wi-Fi 6 and newer routers support DoH—it’s just a matter of firmware. You can expect most, if not all, modern consumer routers to support DoH.
OK! So, what is my DNS server right now?
It’s more a question of who.
Generally, in a home, the router serves as the DNS server for the local area network (LAN): it maps local IP addresses to friendly device names, such as “Server,” “John-Desktop,” “Van’s iPad,” etc. So, in a home network, the default IP address of your router is also your local DNS server’s address.
However, the router is also a gateway to the Internet, and on the WAN side, it also holds the IP address of the public DNS server—the one all computers within the home network, by default, will query before they can reach anything outside, such as a website.
If you don’t do anything—such as using a VPN server, tinkering with specific settings of an app, or have already done stuff this post is about to tell you—your WAN DNS servers are those of your Internet service provider (ISP). In this case, there’s no need to worry about them, nor do you need to know their IP addresses.
An ISP’s DNS servers are almost always generic and do nothing more than provide directory service: they work as intended, though not necessarily the most reliable or the fastest.
Changing these Internet DNS servers allows you more control over your Internet access and adds flavors to your broadband connection, including the privacy and security features mentioned above.
Popular and useful DNS servers
The table below includes some popular free DNS server addresses and their features. There are many others, but I’ve tried these for a long time and found them safe and reliable.
Again, a generic DNS server does nothing other than provide directory services. A server with web-filtering capability will prevent certain types of content from entering the party that uses it, be it a network, a particular device, or an app.
| DNS Provider | Server Addresses (primary/secondary) |
Notes |
| AdGuard | 94.140.14.14 94.140.14.15 |
Block online ads |
| AdGuard | 94.140.14.15 94.140.14.16 |
Block online ads and adult content |
| CleanBrowsing (family filter) |
185.228.168.168 185.228.169.168 |
These servers block access to all adult, pornographic, and explicit sites. They also block proxy and VPN domains that are used to bypass the filters. Mixed-content sites (like Reddit) are also blocked. Google, Bing, and YouTube are set to Safe Mode. Malicious and Phishing domains are blocked. |
| CleanBrowsing (adult filter) |
185.228.168.10 185.228.169.11 |
Collects no user information under Swiss privacy law. |
| CleanBrowsing (security filter) |
185.228.168.9 185.228.169.9 |
Blocks access to phishing, spam, malware, and malicious domains. |
| Cloudflare (no filter) |
1.1.1.1 1.0.0.1 |
Reliable generic DNS servers |
| Google (no filter) |
8.8.8.8 8.8.4.4 |
Reliable generic DNS servers |
| Quad9 (security filter) |
9.9.9.9 149.112.112.112 |
Blocks malicious content, including malware and phishing. |
| Quad9 (privacy filter) |
9.9.9.11 149.112.112.11 |
Collects no user information based on Swiss privacy law. |
A couple of things to note when using a DNS server with filtering options:
- Some websites or services might not work as intended because no blocking/filtering mechanism is perfect—there can be false positives or negatives.
- You cannot add a website or service to the allowed (exception) list unless you pay for a premium DNS service. In this case, #1 above remains. (Some Parental Control solutions are DNS-based.)
- When troubleshooting connection issues, using a generic DNS server with no filters (such as Google’s or Cloudflare’s) or the ISP’s DNS server is recommended.
DNS servers: IPv4 vs. IPv6
All DNS service providers use IPv4 addresses. Some also offer the optional IPv6 addresses. There’s no difference in terms of effect between these two. IPv6 is only for the distant future, when some devices might not support IPv4 or prefer IPv6 in their DNS server settings.
IPv4 vs. IPv6: What is an IP address?
And that brings us to how we can manage these servers.
How to change DNS settings to improve your Internet
There are two popular levels of DNS server settings that you can change: at the device and at the router. In both cases, we’re talking about the DNS used for Internet access.
The former works well for mobile users, since the DNS settings remain the same no matter where the user is—it’s a good option for a laptop as well. The latter is useful for the entire network hosted by the router—by default, all devices on the network automatically inherit the router’s DNS settings.
Tip
You should only change the DNS at the device level when Internet access is all you care about, which is the case for home users.
Suppose you have a special local network, such as one with a domain controller. In that case, you should leave the device’s DNS settings at the default so it automatically uses the network’s DNS server (the router, in most cases).
Using device-specific DNS settings, which supersede those of the router, might cause certain local services—such as file-sharing or network printing—to stop working.
There’s a third, less commonly used, level of DNS settings: some software applications also allow users to choose specific DNS servers. In this case, the app DNS settings superseded those of the device or the router.
In any case, as mentioned, there are two DNS server IP addresses. The secondary (alternate) server takes effect only when the primary (preferred) one is unavailable. In some situations, you can even add a third or fourth server address.
For the steps below, I’ll use the 1.1.1.1 address (Cloudflare) as the primary and 8.8.8.8 (Google) as the secondary. But you can pick your own from the table above. It’s OK to use two servers of two different providers, but you must enter the IP addresses correctly, or you won’t be able to go online.
Steps to change DNS settings in a Windows computer
On a Windows computer, open the Network Connections in the Control Panel. The fastest way is to click the Start button, type ncpa.cpl in the search field, and press Enter.
- Pick the network connection you’re using—if you’re on a laptop, it’s likely the Wi-Fi connection—and double-click on the icon to open the Status window. Then click on Properties. (Alternatively, you can right-click on the icon and then choose Properties.)
- In the Properties window, double-click on Internet Protocol Version 4 (TCP/IPv4)
- In the next window, check the Use the following DNS server addresses box and enter the addresses for the Preferred DNS server (you can use 1.1.1.1 here) and Alternate DNS Server (you can use 8.8.8.8 here).
Optional: Repeat step 3, but this time double-click Internet Protocol Version 6 (TCP/IPv6) if you have that information (if not, you can skip this step). Then click on OK to close the windows and apply the changes.
The change should take effect immediately, but restarting the computer to confirm is a good idea.
Steps to change DNS settings on a Mac computer
- Click on the Apple icon (top left corner), then on System Settings (or System Preferences in older Macs), and then look for Network.
- Select the current network connection (it’s likely the Wi-Fi connection if you’re using a notebook), then click on Details… (or on Advanced… in older Macs).
- Click on the DNS tab.
- Use the plus (+) and minus (-) buttons under DNS Servers to add/remove the addresses you like. For example, you can use 1.1.1.1 for the first server and 8.8.8.8 for the second one.
Restart the computer, and the new server settings will be in effect.
Steps to change DNS on a router
Use the steps below to change the DNS servers for the router’s Internet connection, which differ from those used for the local network.
- Log in to the router’s web interface.
- Navigate to the interface’s WAN (or Internet) section; every router has this section.
- Choose to manually enter DNS server addresses (you want to change the default value, which lets the router automatically use the service provider’s DNS servers).
- Enter the DNS addresses of your liking, such as 1.1.1.1 for the primary server and 8.8.8.8 for the secondary (backup) server. Some routers, such as those from ASUS, offer a list of DNS servers and their features for you to choose from, in addition to the manual option.
- Apply the changes.
Some routers will restart automatically when you apply the change. In any case, it’s best to give the router a manual restart to be sure. After that, the new settings will take effect.
Domain Name System: The takeaway
Again, considering your DNS’s significant role, it’s imperative that you pick one you can trust when changing the values manually. When in doubt, leave the setting as Auto, and the system will use the default, generally that of your Internet provider.
Unknown DNS settings can be signs that your system has been hacked: the bad guys intercept your DNS requests and redirect you to phony destinations or services. That said, it’s imperative that you know whether your DNS settings are intact (default) or intentionally changed, especially at the router level.
Dong’s note: I first published this post on April 1, 2018, and updated it on May 26, 2026, with the latest relevant information.