6 best DNS servers to improve online safety

Changing your DNS provider can significantly improve your computer's defense against online threats.

 1. Cloudflare

1. IP address: 1.1.1.1 and 1.0.0.1

Cloudflare is famous for its content delivery network, DDoS protection and mitigation tools. But did you know that Cloudflare's DNS service is often among the fastest in the world (if not the fastest most of the time)? According to reputable DNS performance tracking site DNSPerf, Cloudflare is still the fastest DNS provider, which is a big benefit compared to many other providers.

But it's not just fast. Cloudflare does not log the IP addresses used to make requests and deletes any metadata within 24 hours. Furthermore, it supports DNS over HTTPS (DoH) and DNS over TLS (DoT), prevents eavesdropping and manipulation of DNS data, and does not filter or block content (unless deemed malicious!) , allowing you to comfortably browse the web in peace.

If you want to take your security and privacy even further, Cloudflare offers two additional services under its "1.1.1.1 for Families" program. For additional malware protection, you can use Cloudflare's DNS 1.1.1.2 or 1.0.0.2, and to block both malware and adult content from your network, use 1.1. 1.3 or 1.0.0.3.

2. Google Public DNS

1. IP address: 8.8.8.8 and 8.8.4.4

The biggest advantage of Google DNS is its speed. DNS lookups often cause bottlenecks that can slow down your web browsing. According to Google research, the biggest cause of DNS congestion is "cache errors". They occur when the DNS resolver has to contact several external name servers to load a page. That's just one of the many benefits of changing your DNS servers.

Google tries to mitigate the problem by providing four key security and performance features:

1. Global coverage: There are servers nearby no matter where you are in the world.
2. Prevent denial of service (DoS) attacks: Google provides DNSSEC security as standard.
3. Load balancing: Shared cache improves cache hit speed.
4. Cache poisoning and spoofing: Google's DNS is specifically aimed at protecting against DNS cache poisoning attacks.

Although Google offers DNSSEC and DNS-over-HTTPS as standards, data collection is a significant security drawback when using the service. Remember, Google is an advertising company and user data is its greatest asset. While the DNS data it collects is theoretically non-personal, it could scare off some privacy-conscious users.

3. OpenDNS Home

1. IP address: 208.67.220.220 and 208.67.222.222

Another popular third-party DNS provider is OpenDNS. Since November 2016, this service has been owned by Cisco.

Users can choose from four service levels: OpenDNS Family Shield, OpenDNS Home, OpenDNS VIP Home and OpenDNS Umbrella Prosumer.

The first two services, OpenDNS Family Shield and OpenDNS Home, are both free. The features are largely the same; both come with built-in identity theft protection and parental controls for every device in your home. The only significant difference is customizable filtering: Family Shield comes pre-configured for routers, computers, smart devices, and servers, while the Home plan needs your input for tuning. some of the 50 different filters.

VIP Home package costs $19.95/year. It introduces detailed Internet usage statistics for the previous 12 months (categorized into 8 types of security threats and 60 types of web content) and the ability to restrict Internet access to a whitelist of domains . The company also offers corporate business packages. The Ultimate Prosumer plan costs $20/user and will protect 3 devices for a single price.

Sadly, there is a trade-off for OpenDNS's security. The company stores both your DNS and IP address information and places web beacons on pages you visit using the server so the company can learn about "what works."

4. DNSWatch

1. IP address: 84.200.69.80 and 84.200.70.40

DNSWatch is a security-focused DNS provider that is completely free for all users. DNSWatch can be divided into 4 main areas:

1. DNS Neutrality: Servers do not censor any DNS requests. This is different from some ISPs around the world that actively censor what you can and cannot access.
2. Privacy protection: The company does not log any DNS queries. It does not record any of your actions. To again compare with a typical ISP, many servers record your history and some do not even anonymize the data collected.
3. Selling data: The company does not have any business dealings with advertising networks or other organizations interested in learning about your online habits.
4. Don't hijack your ISP's DNS: If you use your ISP's DNS servers, you'll inevitably occasionally stumble across a sponsored search page if the website you're trying to access isn't responding. They are a privacy nightmare; Anything you enter on those pages is collected and collated by your ISP.

DNSWatch also includes some additional security options, such as DNS-Over-HTTPS, making it one of the best DNS for those concerned about security.

5. Quad9

1. IP address: 9.9.9.9 and 149.112.112.112

First launched in 2016, Quad9 has become one of the most popular third-party DNS providers. Quad9 has a strong focus on privacy and security, sourcing threat intelligence from a network of more than 20 cybersecurity companies to keep you safe. Furthermore, Quad9 never logs your IP address on its systems, uses encryption to protect your DNS queries, and is headquartered in Switzerland, which has a long history of protecting your rights. personal privacy.

Quad9's network is distributed worldwide, with over 200 server locations across 90 different countries. It focuses specifically on "Internet Exchange" points with high connection speeds between global networks. This means Quad9 is also one of the fastest DNS providers.

6. OpenNIC

1. IP address: 206.125.173.29 and 45.32.230.225

The OpenNIC project is best known for its user-owned and controlled top-level Network Information Center, which provides an alternative to typical top-level domain (TLD) registries such as ICANN. However, it also offers some of the most secure free DNS servers.

Again, you need to be aware of some of the key pillars of its security features. Like DNSWatch, it provides DNS neutrality and prevents ISP DNS hijacking, but it also offers some additional features.

First, you can choose the level of data logging that OpenNIC performs. This gives you an unprecedented level of granular control.

Second, and perhaps more impressive, you can also vote on how OpenNIC operates. You can have your say in everything from deciding on new TLDs to project-wide policy changes. If something happens that you don't like, you can make sure you let OpenNIC know about it!

David Pac

Update 09 March 2024