Key Takeaways
- Cloudflare’s DNS is quick, safe, and privacy-focused, providing further companies for malware and grownup content material blocking.
- Google Public DNS is thought for velocity and security measures, however customers ought to be cautious of knowledge assortment practices.
- OpenDNS House gives identification theft safety and parental controls, with customizable filtering and detailed utilization stats.
Altering your DNS supplier can dramatically enhance your pc’s defenses towards on-line threats.
In case you are prepared to modify DNS suppliers, you may be questioning which DNS supplier you need to select. There are various choices, however which is the perfect, what options can be found, and are there any drawbacks?
|
DNS Supplier |
IP Addresses |
Key Options |
|---|---|---|
|
Cloudflare |
1.1.1.1, 1.0.0.1 |
|
|
Google Public DNS |
8.8.8.8, 8.8.4.4 |
|
|
OpenDNS House |
208.67.220.220, 208.67.222.222 |
|
|
DNSWatch |
84.200.69.80, 84.200.70.40 |
|
|
Quad9 |
9.9.9.9, 149.112.112.112 |
|
|
OpenNIC |
206.125.173.29, 45.32.230.225 |
|
- IP Addresses: 1.1.1.1 and 1.0.0.1
Cloudflare is greatest identified for its content material supply community and DDoS safety and mitigation instruments. However do you know that Cloudflare’s DNS service is often among the many quickest on the earth (if not the quickest more often than not)? In keeping with the well-respected DNS efficiency monitoring web site DNSPerf, Cloudflare stays the quickest DNS supplier, which is a superb boon among the many quite a few different suppliers.
Nevertheless it’s not simply quick. Cloudflare does not log IP addresses used to make requests and wipes any meta-data inside 24 hours. Moreover, it helps DNS over HTTPS (DoH) and DNS over TLS (DoT), which stop eavesdropping and manipulation of DNS knowledge, and does not filter or block content material (until deemed malicious!), leaving you free to browse the net in peace.
If you wish to go the additional mile in safety and privateness, Cloudflare gives two further companies underneath its “1.1.1.1 for Households” program. For additional malware safety, you should use Cloudflare’s 1.1.1.2 or 1.0.0.2 DNS, whereas to dam each malware and grownup content material out of your community, use 1.1.1.3 or 1.0.0.3.
- IP Addresses: 8.8.8.8 and eight.8.4.4
Google DNS’s most vital benefit is its velocity. DNS lookups usually trigger a bottleneck that may decelerate your shopping. In keeping with Google’s analysis, the most important DNS bottleneck trigger is “cache misses.” They happen when a DNS resolver has to speak with a number of exterior title servers to load a web page. It is simply one of many many advantages of adjusting your DNS server.
Google tries to mitigate the issue by providing 4 key efficiency and security measures:
- World protection: There are servers close by no matter the place you might be on the earth.
- Denial-of-Service (DoS) assault prevention: Google offers DNSSEC safety as normal.
- Load balancing: Shared caching improves the cache hit charge.
- Spoofing and Cache Poisoning: Google’s DNS particularly goals to guard towards DNS cache poisoning assaults.
Though Google gives DNSSEC and DNS-over-HTTPS as normal, knowledge assortment is one vital safety disadvantage to utilizing the service. Keep in mind, Google is an promoting firm, and consumer knowledge is its greatest asset. Though the DNS knowledge it collects is theoretically impersonal, it’d scare away some privacy-conscious customers.
- IP Addresses: 208.67.220.220 and 208.67.222.222
One other widespread third-party DNS supplier is OpenDNS. Since November 2016, the service has been owned by Cisco.
Customers can select from 4 tiers of service: OpenDNS Household Protect, OpenDNS House, OpenDNS VIP House, and OpenDNS Umbrella Prosumer.
The primary two companies, OpenDNS Household Protect and OpenDNS House, are free. The options are largely the identical; they each have built-in identification theft safety and parental controls for each gadget in your house. The one vital distinction is customizable filtering: the Household Protect is pre-configured for routers, computer systems, sensible units, and servers, whereas the House bundle wants your enter to regulate among the 50 completely different filters.
The VIP House bundle prices $19.95 per yr. It introduces detailed web utilization stats for the earlier 12 months (categorized throughout eight kinds of safety threats and 60 kinds of internet content material) and the power to limit web entry to a whitelist of domains, thus giving customers in your community a “locked down” expertise. The corporate additionally gives enterprise packages.
The ultimate Prosumer bundle is $20/consumer and can shield three units for a single price.
Sadly, there’s a trade-off for OpenDNS’ safety. The corporate shops each your DNS and IP tackle info and locations internet beacons on pages you go to utilizing the servers so it may find out about “what content material is efficient.”
You possibly can draw your individual conclusions about that quote.
- IP Addresses: 84.200.69.80 and 84.200.70.40
DNSWatch is a security-conscious DNS supplier that is solely free for all customers. DNSWatch might be damaged down into 4 key areas:
- DNS Neutrality: The servers don’t censor any DNS requests. This differs from some ISPs around the globe who actively censor what you possibly can and can’t entry.
- Privateness Safety: The corporate doesn’t log any DNS queries. It doesn’t file any of your actions. To as soon as once more draw a comparability with a typical ISP DNS server, many log your historical past, and a few do not even anonymize the info collected.
- Information for Sale: The corporate doesn’t have any enterprise offers in place with advert networks or different establishments which have an curiosity in studying about your on-line habits.
- No ISP DNS Hijacking: When you use your ISP’s DNS servers, little doubt you will have often stumbled throughout a sponsored search web page if the location you are making an attempt to go to doesn’t return a response. They seem to be a nightmare for privateness; something you enter on these pages is collected and collated by your ISP.
DNSWatch additionally contains some additional safety choices, akin to DNS-Over-HTTPS, which makes it among the finest DNS for security-minded people.
- IP Addresses: 9.9.9.9 and 149.112.112.112
First launched in 2016, Quad9 has change into probably the most widespread third-party DNS suppliers. Quad9 has a robust deal with privateness and safety, sourcing risk intelligence from its community of greater than 20 cybersecurity corporations to maintain you safe. Moreover, Quad9 by no means logs your IP tackle in its system, makes use of encryption to guard your DNS queries, and relies in Switzerland, which has a robust historical past of defending private privateness.
Quad9’s community is distributed worldwide, with greater than 200 server areas throughout 90 completely different nations. It focuses particularly on “Web Alternate” factors with excessive interconnection charges between international networks. This implies Quad9 can also be one of many quickest DNS suppliers.
- IP Addresses: 206.125.173.29 and 45.32.230.225
The OpenNIC challenge is greatest identified for its user-owned and managed top-level Community Info Middle, which gives a substitute for typical top-level area (TLD) registries akin to ICANN. Nevertheless, it additionally offers among the most safe free DNS servers.
As soon as once more, you want to concentrate on some key pillars of its security measures. Like DNSWatch, it gives DNS neutrality and prevention of ISP DNS hijacking, but it surely additionally offers a few further options.
First, you possibly can select how a lot knowledge logging OpenNIC does. This provides you an unprecedented degree of granular management.
Second, and maybe extra spectacular, you additionally get to vote on how OpenNIC operates. You possibly can have your say in every little thing from deciding new TLDs to project-wide coverage modifications. If one thing occurs you do not like, you possibly can be sure to let OpenNIC find out about it!
