Do you use an alternative DNS service?

[Billiam29]

By “alternative” I simply mean anything other than the DNS servers your ISP provides.

I thought this might be beneficial to post here as some folks may not be aware of the various options available for DNS beyond what their ISP provides.

Over the years, I've gone from my ISP, to Google's 8.8.8.8, to Cloudflare's 1.1.1.1.

For the past few months, I've been using the Quad9 service (encrypted) configured in Windows with my browsers configured to refer to the OS and not their own DNS settings. I have not yet tried to configure encrypted Quad9 on my Linux systems.

As for why you might want to use an alternative DNS service? That's up to you. If you've never considered it though, some of the common reasons are:

• you consider DNS important enough that you want to separate it from your fundamental connectivity for troubleshooting purposes
• your ISP's tech support isn't skilled enough to recognize or acknowledge when their own DNS is having problems
• you don't want your ISP collecting (and likely selling) the locations you visit on the Internet
• protection from at least some malware hosting sites

.

 

[CAcreeks]

Yes.

1.1.1.1 is a lot faster than my ISP service and I trust Cloudflare a bit more than Google.

Wow, looks like AT&T fiber uses an IPv6 address for their DNS server(s).

Thanks for the info about Quad9. However I don't understand how Quad9 prevents your ISP from logging visited websites, because they still have the bare IP address.

 

[Austinian]

I use Google's, since as a Google Fiber and Google Fi user, I figure they already know everything about me, so there's no additional privacy risk.

 

[Billiam29]

Thanks for the info about Quad9. However I don't understand how Quad9 prevents your ISP from logging visited websites, because they still have the bare IP address.

I'm no enterprise guy, but I believe in this day and age there can be a whole lot of things running behind a single IP address. It might still narrow our visits down to a single destination organization, but not necessarily the specific web site or service provided by that org.

I'm also guessing that with full-fledged cloud services, the bare IP addresses probably belong to the likes of AWS, Azure, etc... and not the customers who are hosting on them.

 

[Ruby Rod]

I use-

GitHub - Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist: The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware.

with good success.

 

[BobKnDP]

I use-

GitHub - Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist: The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware.

with good success.

Are you using a HOSTS file, or the suggested DNS? If it's the HOSTs file, I see that the one for Windows is about 37MB. Is there any performance penalty for using such a large file?

It bugs me slightly that the DNSes are in South Africa. It probably shouldn't.

 

[Ruby Rod]

No, they don't recommend the hosts file for Windows, so I use the DNS addresses. I also use a little utility to switch DNS services because there are a couple things that tend to get filtered out that I sometimes need to access. It's not ultra fast, but plenty fast enough so as not to be annoying. I have the best results using the v4 addresses and not the v6.

My wife uses something called Privacy Badger and also has good results at not getting tracking cookies and junk mail.

--
Ruby
(If you can't see my posts it's because I often say things that get them deleted!)

 

[kelpdiver]

1.1.1.1 is a lot faster than my ISP service and I trust Cloudflare a bit more than Google.

For any Xfinity or AT&T customer, performance alone is a reason to use one of the single digit DNS servers.

 

[New Wrycuda]

By “alternative” I simply mean anything other than the DNS servers your ISP provides.

I thought this might be beneficial to post here as some folks may not be aware of the various options available for DNS beyond what their ISP provides.

Useful post.

I've been using 1.1.1.1 on all my computers* for some time, but the modem/router provided by my ISP has the DNS settings locked down. They like to control all aspects of their country-wide network. Everything is working normally.

What are the consequences of having individual computers and router looking at different DNS providers? I assume that an internet request that has already been resolved will be ignored by the modem.

* I did note that prior to 1.1.1.1 being selected, an older iPad that was giving some Internet trouble, particularly with the latest "advertisement-enhanced" incarnation of DPR, had a strange DNS included in the list of available servers.

 

[Ho72]

What are the consequences of having individual computers and router looking at different DNS providers? I assume that an internet request that has already been resolved will be ignored by the modem.

If AI is to be believed:

When there is a conflict between DNS settings, the computer's DNS configuration takes priority over the router's settings. This means that if DNS is configured directly on a computer, the device will use those specified servers and bypass the router's DNS settings, communicating directly with the chosen DNS server. While the router acts as the traffic director for the network and typically assigns DNS servers via DHCP to all connected devices, individual devices can override this by setting their own DNS. The specific order in which a device attempts to use DNS servers listed by DHCP (primary and secondary) is determined by the device's operating system, not the router, and may involve a failover mechanism if the first server does not respond within a certain time frame.

 

[Billiam29]

What are the consequences of having individual computers and router looking at different DNS providers? I assume that an internet request that has already been resolved will be ignored by the modem.

Strictly speaking, it's always the OS of the computer you're using that is doing the DNS lookups for you, the user.

The “router” portion of your ISP's device will provide DHCP services to dynamically assign IP addresses (and the IP network gateway address) to computers on your network. DHCP has several optional bits of information it can provide along with the basic IP address stuff. The most common of these are the IP addresses of DNS servers.

So with everything left to the “fully automatic” configuration in Windows, the OS will be provided the addresses of DNS servers via DHCP from your ISP router/modem. When you manually enter DNS server addresses in Windows (and pretty much every other OS) networking config, those manually entered DNS servers override the DNS servers provided via DHCP. In this case, the router simply isn't involved with DNS services.

NOTE: This is for a typical scenario with ISP-provided equipment. If you provided your own router and just use the ISP box as a modem (bridge mode), then there is the possibility of your user-provided router acting as a DNS server itself and providing its own IP address as the DNS server via DHCP. Even in this case, manually entered DNS servers in the Windows networking config would still override what your user-provided router is handing out.

So what are the consequences? Pretty much none that I can think of. Perhaps simply needing to remember which computers/devices are configured for which DNS.

 

[New Wrycuda]

What are the consequences of having individual computers and router looking at different DNS providers? I assume that an internet request that has already been resolved will be ignored by the modem.

Strictly speaking, it's always the OS of the computer you're using that is doing the DNS lookups for you, the user.

The “router” portion of your ISP's device will provide DHCP services to dynamically assign IP addresses (and the IP network gateway address) to computers on your network. DHCP has several optional bits of information it can provide along with the basic IP address stuff. The most common of these are the IP addresses of DNS servers.

So with everything left to the “fully automatic” configuration in Windows, the OS will be provided the addresses of DNS servers via DHCP from your ISP router/modem. When you manually enter DNS server addresses in Windows (and pretty much every other OS) networking config, those manually entered DNS servers override the DNS servers provided via DHCP. In this case, the router simply isn't involved with DNS services.

Manually changed...

• Windows 11
• Chromebook
• iPad
• Linux

No DNS option for mobile phones, so rely on modem/router.

NOTE: This is for a typical scenario with ISP-provided equipment. If you provided your own router and just use the ISP box as a modem (bridge mode), then there is the possibility of your user-provided router acting as a DNS server itself and providing its own IP address as the DNS server via DHCP. Even in this case, manually entered DNS servers in the Windows networking config would still override what your user-provided router is handing out.

So what are the consequences? Pretty much none that I can think of. Perhaps simply needing to remember which computers/devices are configured for which DNS.

Thanks for that (and to the other respondent).

 

[Eric Carlson]

I was using Google and OpenDNS for IPv4 in my router.
I just switched both IPv6 and IPv4 in both my router and PC to CloudFlare to give it a try again.

--
- Eric, http://www.invisiblerobot.com/

 

[Billiam29]

No DNS option for mobile phones, so rely on modem/router.

I can't speak for Android, but you can indeed change your DNS servers in iOS. Unfortunately, it's only available through the somewhat involved use of configuration profiles which are usually part of enterprise mobile device management environments.

Overall, it's sufficiently “out of the ordinary” to me that I haven't changed anything on any of my iOS devices even though it looks like it can be undone without much effort.

Here's Quad9's guide for doing it on iOS:
https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)/

 

[CAcreeks]

No DNS option for mobile phones, so rely on modem/router.

I can't speak for Android, but you can indeed change your DNS servers in iOS. Unfortunately, it's only available through the somewhat involved use of configuration profiles which are usually part of enterprise mobile device management environments.

Overall, it's sufficiently “out of the ordinary” to me that I haven't changed anything on any of my iOS devices even though it looks like it can be undone without much effort.

Here's Quad9's guide for doing it on iOS:
https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)/

Looks like it can be done on Android as well. I haven't done it because I mostly use apps and voice commands. (Where I discovered Google Lady does not like being called Siri!)

Android

Learn how to set up Cloudflare's 1.1.1.1 DNS resolver on Android devices. Encrypt DNS queries with DoT or DoH, and enable 1.1.1.1 for Families.

developers.cloudflare.com

 

[New Wrycuda]

No DNS option for mobile phones, so rely on modem/router.

I can't speak for Android, but you can indeed change your DNS servers in iOS. Unfortunately, it's only available through the somewhat involved use of configuration profiles which are usually part of enterprise mobile device management environments.

Overall, it's sufficiently “out of the ordinary” to me that I haven't changed anything on any of my iOS devices even though it looks like it can be undone without much effort.

No direct control over DNS on our Android mobiles (Samsung), but only occasional use of browsers. Speaking of browsers, we use a variety...

Edge on Windows11, Safari on iPad and Firefox on Android phones.

Google is the default interface for Chromebook (using Tabs), while it works fine with Linux (streaming) and some aspects of our VPN to the local university also work best with Chrome (even when using MS-Teams). Their help-desk seems to prefer Google.

I find that Chrome gives quite reasonable AI summaries and also obeys the -AI appendage to search terms when just the search results are required.

 

[kelpdiver]

if you do have to deal with some unfriendly devices, you generally still retain the ability to turn off dhcp on the router. You can run a dhcp server elsewhere - it will provide the 192.x.x.,x IPs and the routing/dns information. Then you don't have to alter the clients.

 

[RLight]

20% of all ISP outages are caused by DNS

Performance

Privacy (ISPs sell your DNS data)

Now regarding using quad 1s or 8s or 9s? I vote unbound. Even in forwarding mode to one of them is even better performance and privacy. Stick a pihole in front, and you also drop ads, which saves sanity, screen space, bandwidth, but also you’re stopping malicious payload vectors.

You can go full recursive, but it is admittedly slow. I don’t, yet.

 

[John EH]

I run a hardware firewall appliance at home with OPNSense. I use Cloudflare Encrypted DNS.

 

[silentstorm]

I chose Quad9. It's 9.9.9.9 or 9.9.9.112

I set it on my wifi router so all traffic from all devices at home can benefit from this DNS.

1) I don't trust google 8.8.8.8.

2) My country has propaganda that blocks sites that points out problems with their policies. Using Quad I can actually freely access those sites.

3) It has some anti malware protection

I agree google and cloudfare is a tad faster, but I prefer the compromise on speed for better privacy. Not that Quad is very super slow or unbearable.