Your computers, phones, and other devices typically use the domain name system (DNS) server with which the router is configured.
Unfortunately, this is often not the case with any Internet Service Provider (ISP). These have no privacy features and may also be slower than some alternatives.
DNS is not private (without DoH)
DNS was designed almost 40 years ago and has not evolved much since. It is completely unencrypted.
This means that it offers the same level of protection against prying eyes as unsafe HTTP traffic, which is not secure at all.
Even if you use HTTPS, any third party in the middle of your traffic can see the sites you link to (but not the content of your visit). For example, on a public Wi-Fi network, the operator of this network could track the sites you visit.
The solution to this problem is DNS via HTTPS (DoH). This new protocol simply encrypts the contents of a DNS query so that third parties cannot "smell" it. Major DNS providers such as Cloudflare, OpenDNS and Google Public DNS already support it. However, the Chrome and Firefox are also in the process of being released.
In addition to privacy enhancements, DoH prevents DNS queries from being violated during shipping. It's just a safer protocol and everyone should use it.
However, even if you enable DoH in your browser, it is up to the DNS provider to implement it.
Most home network connections are set by default to use ISP DNS servers, which may not support DoH. If you have not changed it manually, this is probably the case with your browser and operating system.
However, there are some exceptions. In the US, Mozilla Firefox automatically enables DNS over HTTPS and uses Cloudflare DNS servers. Comcast DNS servers support DoH and work with Google Chrome and Microsoft Edge.
Generally, though, the only way to really get DoH is to use a different DNS service.
Your ISP can record your browsing history
If you are not interested in Internet privacy at all, using your ISP DNS server will be a huge problem. Each request sent can record and inform your ISP which sites you are browsing, down to hostnames and subdomains. Browsing history like this is the kind of valuable data from which many companies make huge profits.
Many ISPs, including Comcast, claim that they do not record their customer data. However, Comcast was actively pressuring DoH, even though US ISPs claim they are not collecting data. Laws and regulations in other countries vary, so it is up to you to trust your ISP.
It is worth noting that Comcast has now adopted DoH, but this does not protect your privacy if the company queries your DNS queries. DoH secures the connection between you and the DNS provider, but in this case, Comcast is the DNS provider, so it can still see the queries.
Of course, DNS is not the only way ISPs can monitor you. They can also see the IP addresses you connect to, regardless of the DNS server you are using. They can gather a lot of information about your browsing habits this way. Changing DNS servers will not prevent your ISP from monitoring it, but it will make it a little more difficult.
Using a virtual private network (VPN) for your daily browsing is the only real way to prevent your ISP from seeing where you are connecting to the internet.
Third-party DNS servers may be faster
In addition to privacy concerns, ISPs provided by ISPs may be slower than Google or Cloudflare. This is not always the case, as your ISP will generally be closer to you than a third party, but many people get faster speeds with a third party DNS server. Usually, it is only a millisecond difference, something you may not be very interested in.
Which public DNS server should you use?
If you want to switch to a public DNS server, you have a few options. The most common is Google Public DNS, which uses the addresses 220.127.116.11 and 18.104.22.168.
If you trust Google less than your ISP. You can also use CloudFlare DNS, which claims to be faster. The main address is 22.214.171.124, with alternative 126.96.36.199.
How to change DNS settings
The best way to change DNS settings is at the router level. If you change the DNS server on your router, this change will apply to every device on your home network.
To get started, type 192.168.1.1 or 10.0.0.1 to connect to your router.
The exact location of the DNS setting varies depending on the router you have. However, it must be somewhere in the network settings.
For example, in the following router, it is located in My Network> Network Connections> Broadband> Edit. Once there, you can manually change the address and replace the ISP automated servers.
If you have trouble finding it, just do a Google search for your router model to find out where this internal setting is.
If you are unable to change the DNS settings on the router (you are somewhere out of control of Wi-Fi), you can change the settings for your specific device. We'll show you how to change these settings on your Mac and Windows PC
On a Windows machine, open Control Panel from the Start menu, and then go to Network and Sharing Center. In the sidebar, click "Change adapter settings".
You should see a list of your network devices on both Ethernet and Wi-Fi. If you want to change the settings for both, you will need to repeat the following instructions for each device.
Right-click the first device for which you want to change the DNS settings, and then click Properties.
Select "Internet Protocol Version 4" from the list.
In the dialog that appears, select the radio button next to "Use the following DNS server addresses," type the preferred DNS server addresses, and then click "OK."
On a Mac, you'll find this option in "System Preferences" in the "Network" section. Click "Wi-Fi" or "Ethernet" and then click "Advanced" at the bottom of the menu.
In the "DNS" tab, you can modify the DNS settings for your device. Click the plus (+) or minus (-) symbols at the bottom to add or remove servers.
How to enable DNS via HTTPS (DoH)
If you want to enable DoH in your browser, you can do so in Chrome, Firefox, and Microsoft Edge.
In Chrome, go to the internal chrome address: // flags / # dns-over-https, then select "On" from the drop-down menu. Restart Chrome for the changes to take effect.
In Firefox, the option is a bit hidden. Open the menu and go to Options> General. Scroll down and click on "Settings" at the bottom. Select the check box next to "Enable DNS via HTTPS". You can also select a DNS provider manually here if you prefer.