Welcome to DNS’s help center to figure it out what’s DNS and how to choose the right solution for your DNS! We’re here to answer your questions. Can’t find what you’re looking for? Send our support team a note at info@alotso.com!
DNS Introduction
DNS (Domain Name System) is a system which translates the domain names you enter in a browser to the IP addresses required to access those sites, and the best DNS servers provide you with the best service possible.
Your ISP will assign you DNS servers whenever you connect to the internet, but these may not always be the best DNS server choice around. Slow DNS servers can cause a lag before websites start to load, and if your server sometimes goes down, you may not be able to access any sites at all.
Best Free DNS
The Domain Name System (DNS) is a phonebook for the internet, a framework which translates domain names, like facebook.com or twitter.com, into the IP addresses necessary for devices to load those internet resources.
Switching to a free public DNS server can make a real difference, with more responsive browsing and lengthy 100% uptime records meaning there’s much less chance of technical problems.
Some services can also block access to phishing or infected sites, and a few offer content filtering to keep your kids away from the worst of the web.
You need to choose your service with care – not all providers will necessarily be better than your ISP.
OpenDNS
Primary, secondary DNS servers: 208.67.222.222 and 208.67.220.220
Founded in 2005 and now owned by Cisco, OpenDNS is one of the biggest names in public DNS.
The free service offers plenty of benefits: high speeds, 100% uptime, phishing sites blocked by default, optional parental controls-type web filtering to block websites by content type, along with free email support if anything goes wrong.
Commercial plans enable viewing a history of your internet activity for up to the last year, and can optionally lock down your system by allowing access to specific websites only. These aren’t going to be must-have features for the average user, but if you’re interested, they can be yours for around $20 (£14.30) a year.
If you’re an old hand at swapping DNS, you can get started immediately by reconfiguring your device to use the OpenDNS nameservers.
If you’re a newbie, that’s okay too, as OpenDNS has setup instructions for PCs, Macs, mobile devices, routers and much, much more.
Pinging 208.67.222.222 with 32 bytes of data:
Reply from 208.67.222.222: bytes=32 time=78ms TTL=51
Reply from 208.67.222.222: bytes=32 time=76ms TTL=51
Reply from 208.67.222.222: bytes=32 time=74ms TTL=51
Reply from 208.67.222.222: bytes=32 time=72ms TTL=51
Ping statistics for 208.67.222.222:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 78ms, Average = 75ms
*Ping from China Mainland
Cloudflare
Primary, secondary DNS servers: 1.1.1.1 and 1.0.0.1
Malware Blocking Only Primary DNS: 1.1.1.2 Secondary DNS: 1.0.0.2
Malware and Adult Content Primary DNS: 1.1.1.3 Secondary DNS: 1.0.0.3
For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
Malware Blocking Only Primary DNS: 2606:4700:4700::1112 Secondary DNS: 2606:4700:4700::1002
Malware and Adult Content Primary DNS: 2606:4700:4700::1113 Secondary DNS: 2606:4700:4700::1003
Best known for its top-rated content delivery network, Cloudflare has extended its range to include a new public DNS service, the catchily-named 1.1.1.1.
Cloudflare has focused much more on the fundamentals. These start with performance, and independent testing from sites like DNSPerf shows Cloudflare is the fastest public DNS service around.
Privacy is another major highlight. Cloudflare doesn’t just promise that it won’t use your browsing data to serve ads; it commits that it will never write the querying IP address (yours) to disk. Any logs that do exist will be deleted within 24 hours. And these claims aren’t just reassuring words on a website. Cloudflare has retained KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises.
The 1.1.1.1 website has some setup guidance, with simple tutorials covering Windows, Mac, Android, iOS, Linux and routers. These are very generic – you get one set of instructions for all versions of Windows, for instance – but there are some pluses (IPv6 as well as IPv4 details) and you should be able to figure it out. Additionally, mobile users can use WARP which secures all of the phone’s internet traffic.
The product doesn’t offer ad-blocking or attempt to monitor what you can access, and what you can’t. The one caveat is that Cloudflare has introduced content filtering for malware and adult content blocking, with their 1.1.1.2/1.0.0.2 and 1.1.1.3/1.0.0.3 services respectively, but this is an option a user can choose rather than have forced on them.
If you have any problems, Cloudflare offers a community forum where you can ask questions or see what others are doing, a nice extra touch which we’d like to see followed by other providers.
Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=291ms TTL=53
Reply from 1.1.1.1: bytes=32 time=284ms TTL=53
Reply from 1.1.1.1: bytes=32 time=301ms TTL=53
Reply from 1.1.1.1: bytes=32 time=295ms TTL=53
Ping statistics for 1.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 284ms, Maximum = 301ms, Average = 292ms
*Ping from China Mainland
Google Public DNS
Primary, secondary DNS servers: 8.8.8.8 and 8.8.4.4
The Google Public DNS IPv6 addresses are as follows:
2001:4860:4860::8888
2001:4860:4860::8844
Google has its fingers in most web-related pies, and DNS is no exception: it’s free Public DNS is a simple and effective replacement for your own ISP’s nameservers.
Privacy can’t quite match the ‘we don’t keep anything’ promises of Cloudflare, but it’s not bad. The service logs the full IP address information of the querying device for around 24 to 48 hours for troubleshooting and diagnostic purposes. ‘Permanent’ logs drop any personally identifiable information and reduce location details to the city level, and all but a small random sample of these are deleted after two weeks.
There’s a further benefit for experienced users in Google’s detailed description of the service. If you’d like to be able to assess the significance of Google’s privacy policy, for instance, you can read up on absolutely everything the service logs contain to find out for yourself.
Google’s support site offers only very basic guidance targeted at experienced users, warning that “only users who are proficient with configuring operating system settings [should] make these changes.” If you’re unsure what you’re doing, check the tutorials from a provider such as OpenDNS, remembering to replace its nameservers with Google’s: 8.8.8.8 and 8.8.4.4.
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=61ms TTL=115
Reply from 8.8.8.8: bytes=32 time=59ms TTL=115
Reply from 8.8.8.8: bytes=32 time=50ms TTL=115
Reply from 8.8.8.8: bytes=32 time=56ms TTL=115
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 61ms, Average = 56ms
*Ping from China Mainland
Comodo Secure DNS
Primary, secondary DNS servers: 8.26.56.26 and 8.20.247.20
Comodo Group is the power behind a host of excellent security products, so it’s no surprise that the company also offers its own public DNS service.
Just as you’d expect, Comodo Secure DNS has a strong focus on safety. It doesn’t just block phishing sites, but also warns if you try to visit sites with malware, spyware, even parked domains which might overload you with advertising (pop-ups, pop-unders and more). Furthermore, you can try out the Comodo Dome Shield service, which adds additional features to Comodo Secure DNS.
Comodo claims its service is smarter than average, too, detecting attempts to visit parked or ‘not in use’ domains and automatically forwarding you to where you really want to go.
Performance is key, of course, and the company suggests its worldwide network of servers and smart routing technology give it an advantage. DNSPerf’s Comodo stats are less impressive, unfortunately. As we write, DNSPerf reports its average query time as around 72ms.
That said, Comodo may still be interesting if you’re looking for an extra layer of web filtering, and the support website has some short but useful instructions on setting the service up on Windows PCs, Macs, routers and Chromebooks.
Pinging 8.26.56.26 with 32 bytes of data:
Reply from 8.26.56.26: bytes=32 time=184ms TTL=51
Reply from 8.26.56.26: bytes=32 time=183ms TTL=51
Reply from 8.26.56.26: bytes=32 time=186ms TTL=51
Reply from 8.26.56.26: bytes=32 time=184ms TTL=51
Ping statistics for 8.26.56.26:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 183ms, Maximum = 186ms, Average = 184ms
*Ping from China Mainland
Quad9
Primary, secondary DNS servers: 9.9.9.9 and 149.112.112.112
Quad9 is a young DNS outfit which has been providing a fast and free DNS service since August 2016.
The company sells itself on its ability to block malicious domains by collecting intelligence from ‘a variety of public and private sources.’ It’s not clear what these sources are, but the website says Quad9 used 18+ ‘threat intelligence providers’ as of December 2018.
That’s a little too vague for us, and we’re not convinced that using a large number of threat intelligence providers will necessarily help – the quality of the intelligence is generally more important than the quantity.
There’s no arguing about Quad9’s performance, though. DNSPerf currently rates it seven out of ten for average worldwide query times, lagging behind Cloudflare and OpenDNS, but effortlessly outpacing contenders like Comodo.
Drilling down into the detail reveals some variations in speed – Quad9 is in eighth place for North American queries – but overall the service still delivers better performance than most.
Setup guidance is a little limited, with tutorials for the latest versions of Windows and macOS only. They’re well presented, though, and it’s not difficult to figure out what you need to do.
Pinging 9.9.9.9 with 32 bytes of data:
Reply from 9.9.9.9: bytes=32 time=258ms TTL=51
Reply from 9.9.9.9: bytes=32 time=257ms TTL=51
Reply from 9.9.9.9: bytes=32 time=257ms TTL=51
Reply from 9.9.9.9: bytes=32 time=259ms TTL=51
Ping statistics for 9.9.9.9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 257ms, Maximum = 259ms, Average = 257ms
*Ping from China Mainland
Verisign DNS
Primary, secondary DNS servers: 64.6.64.6 and 64.6.65.6
Verisign was founded in 1995 and through the years offered various services, including several security services, like managed DNS.
Verisign DNS service is free to use and the company highlights the three features they deem the most important and those are stability, security, and privacy. The service definitely delivers on that account, especially for security and stability. As for privacy, while you can never be 100% sure when it comes to the company claims, there weren’t any issues and the company assures you that your public DNS data will not be sold to third parties.
Performance, however, wasn’t that great when compared to some other providers. Still, it’s decent and depending on your needs, you might not be bothered by this. At the moment, DNSPerf.com ranks the service at the eleventh place, worldwide.
On their website, you can find tutorials on how to set up their public DNS. Tutorials are available for Windows 7 and 10, Mac, Linux, and mobile devices. There is also a tutorial on how to configure DNS server settings on your router.
All in all, Verisign offers a good alternative to some other DNS providers, plus it’s free so it’s worth checking out.
Pinging 64.6.64.6 with 32 bytes of data:
Reply from 64.6.64.6: bytes=32 time=242ms TTL=51
Reply from 64.6.64.6: bytes=32 time=246ms TTL=51
Reply from 64.6.64.6: bytes=32 time=241ms TTL=51
Request timed out.
Ping statistics for 64.6.64.6:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 241ms, Maximum = 246ms, Average = 243ms
*Ping from China Mainland
Freenom World
Primary, secondary DNS servers: 80.80.80.80 and 80.80.81.81
The Domain Name System (DNS) is the phone book of the internet. Every time you visit a website or send an email, your computer performs a DNS lookup. Freenom World ensures these lookups are done faster, anonymous and more secure. Freenom World is free to use by everyone in the world. Millions of internet users are already using Freenom World.
Pinging 80.80.80.80 with 32 bytes of data:
Reply from 80.80.80.80: bytes=32 time=74ms TTL=49
Reply from 80.80.80.80: bytes=32 time=71ms TTL=49
Reply from 80.80.80.80: bytes=32 time=71ms TTL=49
Reply from 80.80.80.80: bytes=32 time=70ms TTL=49
Ping statistics for 80.80.80.80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 74ms, Average = 71ms
*Ping from China Mainland
How to Use Guide
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device – like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage.
DNS Check
DNS Propagation Checker
whatsmydns.net lets you instantly perform a DNS lookup to check a domain name’s current IP address and DNS record information against multiple nameservers located in different parts of the world.
Global DNS Checker
The tool lets you quickly and easily perform a DNS lookup to check DNS propagation and see information of any domain from DNS servers located in many countries.
You can test changes made to new or existing domains have been updated correctly without the need to manually query remote servers. This gives you immediate insight into how users globally may be resolving DNS records for your website, email or other online service.
What is DNS and how does it work?
The Domain Name System (DNS) is a system used to convert a name (like www.google.com) into an IP address (like 192.168.2.1) which is used by computers to communicate on a network such as the Internet.
When visiting a website, your device asks your local DNS server for the address. If you have not recently visited the site, then it will need to forward the request on to the server responsible for managing it.
Once a result is returned, it is stored locally in a DNS cache to speed up future requests. The amount of time it is stored depends on the configured Time to Live (TTL).
What is DNS Propagation?
DNS propagation is the term commonly used to check the current state of results globally. This process can take only a few minutes or up to 48 hours or longer.
Technically DNS does not propagate, but this is the term that people have become familiar with. Requests are forwarded from the locally used resolver to the authoritative nameserver on demand then cached to speed up future DNS lookups.
For popular websites, results may be cached for people in different parts of the world. If you have recently made changes to your configuration, this may mean that some people will be receiving old results until the TTL expires.
Which DNS records can be checked?
You can perform checks for common record types including:
- A – The most common type, used to point to an IP address.
- CNAME – Canonical name or alias, they point to other records.
- MX – Mail Exchanger, these are used to set email servers and their priority.
- NS – Nameserver, these store the authoritative nameserver.
- TXT – Text, commonly used for configuration settings.
Additional types that can be checked which are usually used in more advanced configurations include: AAAA, CAA, PTR, SOA and SRV.
DNS Leak Test
When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
DNS or the domain name system is used to translate domain names such as www.privacyinternational.org into numerical IP addresses e.g. 123.123.123.123 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities.
Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.
You can test DNS leaks via www.dnsleaktest.com or dnsleak.com if you are using VPN services connected to internet and want to check DNS leaks for your privacy and security status. While if you are using IPv6, you can test via ipv6leak.com.
Frequently Asked Questions
Why paid DNS is better than free?
As with every service, you get what you pay for and it’s no different here. Free DNS can be good but it’s nothing compared to a Premium paid version. Granted, not everyone wants to pay and depending on their needs they might not need to, but paid DNS is always a better choice. Apart from the increased website performance and security, you also get additional features.
For instance, Dynamic DNS and Secondary DNS are a staple of the premium DNS service. The Dynamic DNS works with dynamic IP addresses and it allows users to access their home computer from anywhere in the world. The Secondary DNS works as a backup of sorts which is always a plus. This is just a small fraction of what a premium DNS can do and the exact number of features will depend on the service provider.
Why might DNS matter to me?
DNS servers can vary hugely in speed, particularly in areas which don’t always have the best internet coverage (Africa, South America, Oceania.) To take an example of a single day when we tested, DNSPerf.com reported Cloudflare achieved an average 4.43ms query time for Oceania, while Yandex was left trailing at 350.24ms. That’s potentially more than a third of a second in extra waiting time before your browser is able to access any new website.
This is an extreme example, to be fair. European or US lookups may see less than 30ms variation between most DNS services, and as your device or router will probably cache the address for reuse later, even this delay will only occur very occasionally. Still, a sluggish DNS server can noticeably slow down your browsing in some situations, and trying an alternative – especially as the best options are all free – is generally a good idea.
There’s a second possible benefit in terms of uptime. If your ISP DNS server fails, you might not be able to access some or all of your favorite sites. Big-name providers such as OpenDNS claim they’ve had 100% uptime going back years.
How can I find the fastest DNS service?
DNS speed depends on many factors, including your location, the distance to your nearest server, and that server having enough power and bandwidth to handle all the queries it receives.
DNS Jumper is a portable freeware tool which tests multiple public DNS services to find out which delivers the best performance for you.
The program has a lot of options, but isn’t difficult to use. Launch it, click Fastest DNS > Start DNS Test, and within a few seconds you’ll be looking at a list of DNS services sorted by speed.
DNS Jumper can be useful, in particular because it’s checking how servers perform from your location, but it doesn’t run enough tests over a long enough period to give you a definitive answer.
DNSPerf tests multiple DNS services every minute from 200+ locations around the world and makes the results freely available on its own website. This gives a very good general idea of performance, and also enables seeing how services compare on different continents, as well as assessing their uptime.
How can I switch DNS servers?
The steps involved in changing your DNS service vary according to your hardware and possibly your operating system version.
Generally, you must start by finding the primary and secondary nameservers for the DNS service you’d like to use. These IP addresses are normally displayed very clearly on the service website, so, for example, Cloudflare DNS uses 1.1.1.1 and 1.0.0.1.
The simplest approach for home users is to update their router to use the new addresses. Most other devices will then pick up the new DNS settings automatically, with no further work required.
To make this happen you must log in to your router (the default password may be printed on its base) and look for the current DNS primary and secondary nameservers. Make a note of the current values in case of problems, then replace them with the nameservers you’d like to use.
If you run into problems, check out your DNS service website for any setup guidance. Keep in mind that you can also use the tutorials of other DNS providers, as long as you remember to replace their nameserver IPs with your preferred options. OpenDNS, for instance, has specific guidance for many different router types on its support site.
If router tweaks aren’t right for your situation, you may have to change the DNS configuration of each individual device. Cloudflare has short and simple guidance here, while the OpenDNS website goes into more depth.
How can I find my current DNS servers?
If you’re troubleshooting your internet connection, or maybe thinking of switching DNS servers, it might be useful to check which DNS servers you’re using at the moment.
The simplest way to do this is to visit DNSLeakTest.com and tap the Standard Test button. Within a few seconds the website will usually display your DNS server IP addresses, host names, and sometimes (if appropriate) the name of your ISP.
After that, life gets more complicated as there are several potential options. Your device could be set up to use specific DNS servers; it might ask your router to give it the best DNS servers every time it boots; or it might not know anything about DNS servers, and leave your router to handle everything.
On Windows, you could get started by entering IPCONFIG /ALL in a command line window. Look for your network adapter and you should see its DNS servers specified in the list.
If there’s a single DNS IP address which points at your router – 192.168.x.x – that suggests the router is handling all DNS queries. Enter that IP address into your browser, log in to the router if necessary and your DNS servers should be listed amongst the settings.
How can I test a DNS service?
If your browser is telling you a website’s ‘server IP address could not be found’, even though you’re sure it’s up and available, then this could be due to a problem with your DNS. But you might not want to go to the trouble of changing your DNS service to find out.
Windows users can use the command line tool nslookup.exe to look at the results of any DNS server without touching their system settings.
Run cmd.exe to open a command line window, then type:
nslookup website.com
Then press Enter (replace website.com with the address of whatever website you’re trying to reach).
Nslookup uses your default DNS server to look for the IP address of website.com. If it tells you it ‘can’t find website.com‘, this means your DNS server doesn’t have a record for that domain.
Next, tell the tool to use another DNS service by entering a command like:
nslookup website.com 8.8.8.8
The 8.8.8.8 address uses Google DNS – replace that with any DNS service you like, such as 1.1.1.1 for Cloudflare.
If nslookup returns errors using multiple servers, this doesn’t look like a DNS issue. If one server returns an IP address and another doesn’t, you might want to try setting up your system to use the working DNS and see if it makes any difference.
DNS Wikipedia Page
The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System has been an essential component of the functionality of the Internet since 1985.
Learn More
Good post. I learn something totally new and challenging
on websites I stumbleupon every day. It will always be helpful to read
through articles from other authors and practice a little something from other sites.