How to Change Your DNS Server for Faster, Safer Browsing

Why Your Default DNS Server Is Holding You Back

Every time you type a domain name into a browser, your device fires off a DNS query before a single byte of the actual webpage loads. That query goes to a resolver — and by default, that resolver is operated by your Internet Service Provider. ISP resolvers are functional, but they are rarely optimal. They can be slower than third-party alternatives, they often log your queries, and in some countries ISPs are legally required to use DNS to block access to certain sites.

Switching your DNS resolver is one of the fastest, free improvements you can make to your browsing experience. It takes about two minutes per device, requires no special hardware, and the change is completely reversible. This guide covers everything from the mechanics of DNS resolution to step-by-step configuration instructions for every major operating system and platform.

How DNS Resolution Works

DNS (Domain Name System) is the internet's distributed phone book. When you navigate to a domain, your device follows this lookup chain:

1. Local cache check: Your OS checks whether it already has a valid cached answer for the domain.
2. Recursive resolver query: If no cache hit, the query goes to your configured DNS resolver (by default, your ISP's server).
3. Root nameserver: If the resolver doesn't have the answer cached either, it queries one of the 13 root nameserver clusters to find which nameservers are authoritative for the top-level domain (e.g., .com).
4. TLD nameserver: The root directs the resolver to the TLD nameserver, which knows which servers are authoritative for the specific domain.
5. Authoritative nameserver: The resolver queries the domain's own nameservers, which return the actual IP address record.
6. Response delivery: The resolver returns the IP to your device, which caches it for the TTL (Time to Live) period and initiates the connection.

The entire chain typically completes in 20–120 milliseconds. The variable portion is step 2: the time your device spends waiting for the recursive resolver. A fast, well-peered resolver with a large cache hit rate can skip steps 3–5 entirely for popular domains, shaving 50–100ms off the total lookup time.

The Best Public DNS Resolvers

Four resolvers dominate the public DNS market. Each has distinct performance characteristics and privacy postures:

For most home users, Cloudflare 1.1.1.1 offers the best combination of raw speed and privacy. For households that want automatic malware domain blocking without installing additional software, Quad9 is the better pick. Google's 8.8.8.8 has the widest global anycast coverage and is the most reliable fallback in remote regions.

How to Change DNS on Windows 10 and 11

1. Open Settings and go to Network & Internet.
2. Click your active connection type (Wi-Fi or Ethernet), then click Hardware properties (Windows 11) or Change adapter options > right-click your adapter > Properties (Windows 10).
3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
4. Choose Use the following DNS server addresses and enter your preferred servers.
5. Repeat for Internet Protocol Version 6 (TCP/IPv6) if you use IPv6 (Cloudflare IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001).
6. Click OK and close the dialogs.
7. Open a Command Prompt and run ipconfig /flushdns to clear any stale cache entries.

How to Change DNS on macOS

1. Open System Settings and click Network.
2. Select your active connection and click Details.
3. Click the DNS tab.
4. Click the + button to add each DNS server address. Remove the existing ISP entries using the − button.
5. Click OK, then Apply.
6. Flush the macOS DNS cache by running sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder in Terminal.

How to Change DNS on iPhone and iPad (iOS/iPadOS)

1. Open Settings > Wi-Fi.
2. Tap the information (i) icon next to your connected network.
3. Scroll down to Configure DNS and tap it.
4. Switch from Automatic to Manual.
5. Tap Add Server and enter your preferred DNS IPs. Remove the existing entries.

Note: This change applies only to the current Wi-Fi network. You must repeat it for each network you connect to, or configure DNS at the router level to cover all devices automatically.

How to Change DNS on Android

Android 9 and later supports a system-wide encrypted DNS feature called Private DNS:

1. Go to Settings > Network & Internet > Advanced > Private DNS.
2. Select Private DNS provider hostname.
3. Enter the DoT hostname of your preferred resolver: 1dot1dot1dot1.cloudflare-dns.com for Cloudflare, or dns.google for Google, or dns.quad9.net for Quad9.

This configures DNS over TLS for all network interfaces on the device, which is more thorough than per-network Wi-Fi settings.

How to Change DNS on Your Router (Covers All Devices at Once)

Changing DNS on the router is the most efficient approach: every device on your network benefits automatically without per-device configuration.

1. Log in to your router's admin interface (typically at 192.168.1.1 or 192.168.0.1).
2. Find the DNS settings — usually under WAN, Internet, or DHCP Server settings depending on your router firmware.
3. Replace the existing DNS entries with your preferred resolver IPs.
4. Save and reboot the router.

After the reboot, your router will push the new DNS IPs to all connected devices via DHCP. Clients may need to renew their DHCP lease (disconnect and reconnect) before the change takes effect.

Encrypted DNS: DoH and DoT Explained

Standard DNS queries travel over UDP port 53 in plaintext. Anyone on the network path — including your ISP and any network operator — can read or tamper with them. Two encrypted protocols address this:

• DNS over TLS (DoT): Wraps DNS in a TLS tunnel on TCP port 853. The domain names in your queries are hidden from network observers. Supported natively by Android 9+ and by most router firmware.
• DNS over HTTPS (DoH): Sends DNS queries inside HTTPS traffic on port 443, making them indistinguishable from regular web traffic. Supported by Firefox, Chrome, Edge, and Windows 11 natively. From the ISP's view, all your DNS traffic looks like normal HTTPS.

For maximum privacy on a desktop, enable DoH in your browser settings in addition to changing the system resolver. Firefox has this under Settings > Privacy & Security > DNS over HTTPS. Chrome has it under Settings > Privacy and security > Security > Use secure DNS.

Common Misconceptions

Changing DNS Makes You Anonymous Online

DNS is only one component of network traffic. Switching to a privacy-focused resolver means the DNS operator does not log your queries, but your ISP still sees the destination IP addresses you connect to, and websites still receive your IP. Encrypted DNS prevents DNS-level surveillance but does not replace a VPN for broader privacy needs.

A Faster DNS Server Will Speed Up Page Load Times Dramatically

For cached, popular domains the DNS lookup might complete in under 5ms on a fast resolver — but on a slow ISP resolver it might be 80ms. That difference is real but represents only a fraction of total page load time, which is dominated by TCP connection setup, TLS negotiation, and content download. DNS speed matters most on high-traffic sites visited repeatedly throughout a day, where the improvement compounds.

You Need Only One DNS Server

Always configure both a primary and a secondary DNS server. If your primary resolver experiences an outage or is unreachable due to routing issues, your OS will fall back to the secondary automatically. Using two resolvers from different operators (for example, Cloudflare as primary and Quad9 as secondary) provides better redundancy than using two IPs from the same provider.

Changing DNS Bypasses a VPN's DNS Settings

When a VPN is connected, it typically overrides the system DNS settings and routes queries through the VPN provider's own resolver. Manually configured DNS servers may be ignored while the VPN tunnel is active. Check your VPN client's DNS leak settings to confirm which resolver is actually being used.

Pro Tips

• Test latency before and after. Use nslookup or dig to time a query against different resolvers: nslookup example.com 1.1.1.1. The response time printed is the actual resolver latency from your location, and it varies more than marketing claims suggest.
• Use Cloudflare's family-safe variant for children's devices. Cloudflare operates 1.1.1.3 and 1.0.0.3 as a free resolver that blocks malware and adult content — useful for restricting content on a child's device without router-level filtering.
• Check for DNS leaks when using a VPN. Visit a DNS leak test site with your VPN connected. If you see your ISP's resolver in the results rather than your VPN provider's, your encrypted tunnel has a gap and your queries are still visible to your ISP.
• Consider NextDNS for granular control. NextDNS provides a DoH/DoT resolver with per-device query logging, block lists, and parental controls. The free tier allows 300,000 queries per month, which is adequate for a small household.
• Flush the DNS cache after every change. Without flushing, your OS may continue using cached results from the old resolver for several minutes, making it difficult to confirm the change worked correctly.
• Document your router's original DNS settings. Before changing anything on the router, note the existing DNS IPs your ISP pushed. If a custom resolver causes problems with ISP-specific services or captive portals, you will need to revert quickly.

Ready to see how your current DNS resolver is identified and where your queries are going? Check your DNS and IP details right now.