Quick Links
Cloudflare
Google Public DNS
OpenDNS Home
DNSWatch
Quad9
OpenNIC
Key Takeaways
- Cloudflare's DNS is fast, secure, and privacy-focused, offering additional services for malware and adult content blocking.
- Google Public DNS is known for speed and security features, but users should be wary of data collection practices.
- OpenDNS Home offers identity theft protection and parental controls, with customizable filtering and detailed usage stats.
Changing your DNS provider can dramatically improve your computer's defenses against online threats.
If you are ready to switch DNS providers, you might be wondering which DNS provider you should choose. There are many options, but which is the best, what features are available, and are there any drawbacks?
DNS Provider | IP Addresses | Key Features |
---|---|---|
Cloudflare | 1.1.1.1, 1.0.0.1 |
|
Google Public DNS | 8.8.8.8, 8.8.4.4 |
|
OpenDNS Home | 208.67.220.220, 208.67.222.222 |
|
DNSWatch | 84.200.69.80, 84.200.70.40 |
|
Quad9 | 9.9.9.9, 149.112.112.112 |
|
OpenNIC | 206.125.173.29, 45.32.230.225 |
|
1. Cloudflare
- IP Addresses: 1.1.1.1 and 1.0.0.1
Cloudflare is best known for its content delivery network and DDoS protection and mitigation tools. But did you know that Cloudflare's DNS service is typically among the fastest in the world (if not the fastest most of the time)? According to the well-respected DNS performance tracking site DNSPerf, Cloudflare remains the fastest DNS provider, which is a great boon among the numerous other providers.
But it's not just fast. Cloudflare doesn't log IP addresses used to make requests and wipes any meta-data within 24 hours. Furthermore, it supports DNS over HTTPS (DoH) and DNS over TLS (DoT), which prevent eavesdropping and manipulation of DNS data, and doesn't filter or block content (unless deemed malicious!), leaving you free to browse the web in peace.
If you want to go the extra mile in security and privacy, Cloudflare offers two additional services under its "1.1.1.1 for Families" program. For extra malware protection, you can use Cloudflare's 1.1.1.2 or 1.0.0.2 DNS, while to block both malware and adult content from your network, use 1.1.1.3 or 1.0.0.3.
2. Google Public DNS
- IP Addresses: 8.8.8.8 and 8.8.4.4
Google DNS's most significant advantage is its speed. DNS lookups often cause a bottleneck that can slow down your browsing. According to Google's research, the biggest DNS bottleneck cause is "cache misses." They occur when a DNS resolver has to communicate with several external name servers to load a page. It's just one of the many benefits of changing your DNS server.
Google tries to mitigate the problem by offering four key performance and security features:
- Global coverage: There are servers nearby regardless of where you are in the world.
- Denial-of-Service (DoS) attack prevention: Google provides DNSSEC security as standard.
- Load balancing: Shared caching improves the cache hit rate.
- Spoofing and Cache Poisoning: Google's DNS specifically aims to protect against DNS cache poisoning attacks.
Although Google offers DNSSEC and DNS-over-HTTPS as standard, data collection is one significant security drawback to using the service. Remember, Google is an advertising company, and user data is its biggest asset. Although the DNS data it collects is theoretically impersonal, it might scare away some privacy-conscious users.
3. OpenDNS Home
- IP Addresses: 208.67.220.220 and 208.67.222.222
Another popular third-party DNS provider is OpenDNS. Since November 2016, the service has been owned by Cisco.
Users can choose from four tiers of service: OpenDNS Family Shield, OpenDNS Home, OpenDNS VIP Home, and OpenDNS Umbrella Prosumer.
The first two services, OpenDNS Family Shield and OpenDNS Home, are free. The features are largely the same; they both have built-in identity theft protection and parental controls for every device in your home. The only significant difference is customizable filtering: the Family Shield is pre-configured for routers, computers, smart devices, and servers, while the Home package needs your input to adjust some of the 50 different filters.
The VIP Home package costs $19.95 per year. It introduces detailed internet usage stats for the previous 12 months (categorized across eight types of security threats and 60 types of web content) and the ability to restrict internet access to a whitelist of domains, thus giving users on your network a "locked down" experience. The company also offers business packages.
The final Prosumer package is $20/user and will protect three devices for a single cost.
Sadly, there is a trade-off for OpenDNS' security. The company stores both your DNS and IP address information and places web beacons on pages you visit using the servers so it can learn about "what content is effective."
You can draw your own conclusions about that quote.
4. DNSWatch
- IP Addresses: 84.200.69.80 and 84.200.70.40
DNSWatch is a security-conscious DNS provider that's entirely free for all users. DNSWatch can be broken down into four key areas:
- DNS Neutrality: The servers do not censor any DNS requests. This differs from some ISPs around the world who actively censor what you can and cannot access.
- Privacy Protection: The company does not log any DNS queries. It does not record any of your actions. To once again draw a comparison with a typical ISP DNS server, many log your history, and some don't even anonymize the data collected.
- Data for Sale: The company does not have any business deals in place with ad networks or other institutions that have an interest in learning about your online habits.
- No ISP DNS Hijacking: If you use your ISP's DNS servers, no doubt you'll have occasionally stumbled across a sponsored search page if the site you're trying to visit does not return a response. They're a nightmare for privacy; anything you enter on those pages is collected and collated by your ISP.
DNSWatch also includes some extra security options, such as DNS-Over-HTTPS, which makes it one of the best DNS for security-minded folks.
5. Quad9
- IP Addresses: 9.9.9.9 and 149.112.112.112
First launched in 2016, Quad9 has become one of the most popular third-party DNS providers. Quad9 has a strong focus on privacy and security, sourcing threat intelligence from its network of more than 20 cybersecurity companies to keep you secure. Furthermore, Quad9 never logs your IP address in its system, uses encryption to protect your DNS queries, and is based in Switzerland, which has a strong history of protecting personal privacy.
Quad9's network is distributed worldwide, with more than 200 server locations across 90 different countries. It focuses specifically on "Internet Exchange" points with high interconnection rates between global networks. This means Quad9 is also one of the fastest DNS providers.
6. OpenNIC
- IP Addresses: 206.125.173.29 and 45.32.230.225
The OpenNIC project is best known for its user-owned and controlled top-level Network Information Center, which offers an alternative to typical top-level domain (TLD) registries such as ICANN. However, it also provides some of the most secure free DNS servers.
Once again, you need to be aware of some key pillars of its security features. Like DNSWatch, it offers DNS neutrality and prevention of ISP DNS hijacking, but it also provides a couple of additional features.
First, you can choose how much data logging OpenNIC does. This gives you an unprecedented level of granular control.
Second, and perhaps more impressive, you also get to vote on how OpenNIC operates. You can have your say in everything from deciding new TLDs to project-wide policy changes. If something happens you don't like, you can make sure you let OpenNIC know about it!
- Security
- DNS
- Online Privacy
Your changes have been saved
Email is sent
Email has already been sent
Please verify your email address.
You’ve reached your account maximum for followed topics.
Manage Your List
Follow
Followed
Follow with Notifications
Follow
Unfollow
Readers like you help support MakeUseOf. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.