Pinterest Stumbleupon Whatsapp
Advertisement

Changing your DNS provider can dramatically improve your computer’s defenses 4 Reasons Why Using Third-Party DNS Servers Is More Secure 4 Reasons Why Using Third-Party DNS Servers Is More Secure Why is changing your DNS a good idea? What security benefits does it bring? Can it really make your online activities more secure? Read More against online threats. It’s just one of the many benefits of changing your DNS server 5 Nifty Ways to Use DNS to Your Advantage 5 Nifty Ways to Use DNS to Your Advantage One of the most underappreciated parts of the internet is the Domain Name System. DNS is often referred to as the phonebook of the internet, but it is far more than just a lookup service. Read More .

If I’ve convinced you to switch providers, you might be wondering which company you should turn to. There are a lot of options out there 5 Best Dynamic DNS Providers You Can Lookup for Free Today 5 Best Dynamic DNS Providers You Can Lookup for Free Today DynDNS was always a top mention when free dynamic DNSes were brought up. But now that it's gone, are there any good alternatives? There sure are. Read More — but which is the best, what features are available, and are there any drawbacks?

In this article, I’m going to introduce you to the five best third-party DNS providers for your security.

1. Google Public DNS

IP Addresses: 8.8.8.8 and 8.8.4.4

I’m going to start my list with two of the most well-known third-party servers. First up, Google Public DNS.

Google’s DNS most significant advantage is its speed. DNS lookups often cause a bottleneck that can slow down your browsing. According to Google’s research, the biggest cause of the bottlenecks are “cache misses.” They occur when a DNS resolver has to communicate with several external name servers to load a page.

google dns

Google tries to mitigate the problem by offering three key performance features:

  • Global coverage — There are servers nearby regardless of where you are in the world.
  • Denial-of-Service (DoS) attack prevention — Google provides DNSSEC security as standard.
  • Load balancing — Shared caching improves the cache hit rate.

Although Google offers DNSSEC and DNS-over-HTTPS as standard, there is one significant security drawback to using the service: data collection 6 Surprising Ways Your Data Is Being Collected 6 Surprising Ways Your Data Is Being Collected You know that your data is being collected, mainly by your ISP and the surveillance apparatus of the NSA and GCHQ. But who else is mining cash out of your privacy? Read More . Remember, Google is an advertising company, and user data is its biggest asset. Although the DNS data it collects is theoretically impersonal, it might scare away some privacy-conscious users.

2. OpenDNS

IP Addresses: 208.67.220.220 and 208.67.222.222

The other most commonly-cited third-party DNS provider is OpenDNS. Since November 2016, the service has been owned by Cisco.

Users can choose from three tiers of service: OpenDNS Family Shield, OpenDNS Home, and OpenDNS VIP Home.

The first two services — OpenDNS Family Shield and OpenDNS Home — are both free. The features are largely the same; they both have built-in identity theft protection and parental controls for every device in your home. The only significant difference is customizable filtering: the Family Shield is pre-configured, the Home package needs your input.

opendns family shield

The VIP Home package costs $19.95 per year. It introduces detailed internet usage stats for the previous 12 months (categorized across eight types of security threats 5 Online Security Threats That You Need to Tell Your Friends About 5 Online Security Threats That You Need to Tell Your Friends About You'd be surprised to discover where all malware is lingering today. It's no longer just average computers, but more likely anything with some sort of connected device, including toys. Read More and 60 types of web content) and the ability to restrict internet access to a whitelist of domains, thus giving users on your network a “locked down” experience. The company also offers business packages.

Sadly, there is a trade-off for some of these services. The company stores both your DNS and IP address information, and places web beacons on pages you visit using the servers so it can learn about “what content is effective.”

You can draw your own conclusions about that quote.

3. DNS Watch

IP Addresses: 84.200.69.80 and 84.200.70.40

DNS Watch is a hugely security conscious DNS provider. It’s entirely free for all users and doesn’t offer tiered packages like OpenDNS.

dns watch

Its security offering can be broken down into four key areas:

DNS Neutrality — The servers do not censor any DNS requests. This differs to some ISPs around the world who actively censor what you can and cannot access.

Privacy Protection — The company does not log any DNS queries. It is not recording any of your actions. To once again draw a comparison with a typical ISP DNS server, many log your history, and some don’t even anonymize the data collected.

Data for Sale — The company does not have any business deals in place with ad networks or other institutions that have an interest in learning about your online habits.

No ISP DNS Hijacking — If you use your ISP’s DNS servers, no doubt you’ll have occasionally stumbled across a sponsored search page if the site you’re trying to visit does not return a response. They’re a nightmare for privacy; anything you enter on those pages is collected and collated by your ISP. DNS Watch doesn’t do this. You’ll just see your standard browser page if your request is unsuccessful.

4. OpenNIC

IP Addresses: 206.125.173.29 and 45.32.230.225

The OpenNIC project is most well-known for its user owned and controlled top-level Network Information Center. It offers an alternative to typical top-level domain (TLD) registries such as ICANN How the Internet Works How the Internet Works We can now access the Internet from our home computers, office, laptops and our phones. But many people still aren't entirely sure what the Internet is and how it really works. Read More .

However, the firm also provides free DNS servers. There are four servers to choose from. I’ve given you the two with the best uptime above (100 percent and 99.95 percent, respectively).

opennic

Once again, there are some key pillars of its security features you need to be aware of. Like DNS Watch, it offers DNS neutrality and prevention of ISP DNS hijacking, but it also provides a couple of additional features.

First, you get to choose how much data logging is done by OpenNIC. It gives you an unprecedented level of granular control.

Secondl, and perhaps more impressive, you also get to vote in how OpenNIC operates. You can have your say in everything from deciding new TLDs to project-wide policy changes. If something happens you don’t like, you can make sure you let OpenNIC know about it!

5. UncensoredDNS

IP Addresses: 91.239.100.100 and 89.233.43.71

UncensoredDNS is perhaps the least recognizable name on this list.

The service operated by a Danish man called Thomas Steen Rasmussen. Here’s how he describes his background and the service in his own words:

uncensored dns

“I am a system administrator with a Danish internet provider, I was born in 1979. I run this service as a private individual, with my own money. The DNS service which consists of two uncensored DNS servers. The servers are available for use by anyone, free of charge.”

The best part of UncensoredDNS is the two servers are entirely free of logging. The servers store no information about you as a user, nor do they keep information about how you use the service.

Both servers are physically located in Denmark.

Which DNS Servers Do You Use for Security and Privacy?

In this article, I’ve introduced you to five of the best DNS servers for protecting your security and privacy.

Which is the best? It’s hard to say. Mch depends on your personal priorities. If parental controls are your primary concern, turn to OpenDNS. If you want to improve your speed at the expense of some non-personal data logging, use Google. And if you want to be as discreet as possible but potentially sacrifice some speed and uptime, consider one of the latter three options.

Which DNS servers do you use? I’d love to know. As always, you can leave all your thoughts, opinions, and input in the comments section below.

Image Credit: MOHD BAHIRI BIN IBRAHIM via Shutterstock.com

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Ryan
    June 14, 2017 at 12:13 pm

    opendns for me since it has content filtering feature which is great for blocking unwanted sites

  2. tom g
    May 11, 2017 at 6:49 am

    What is your opinion about CloudFlare for DNS + ?
    I use them on a few sites.

  3. Bryan
    May 8, 2017 at 5:07 pm

    I use my ISP DNS (Comcast in this case, 75.75.75.75 and 75.75.76.76) and Google as the backup DNS in my router. Both use DNSSEC, which I see no mention of, which I consider to be the first step in security.

  4. Ratindra
    May 2, 2017 at 7:05 pm

    You get a warning from Chrome if you try to go to the DNS.watch web page about as not secure. Whom do we trust now?

  5. Josh
    May 2, 2017 at 3:18 pm

    Thanks for the information. I wasn't aware of #5. For the last year I've been using DNSCrypt. It usually connects to Adblock dns, opennic or ok turtles. Just a suggestion.

  6. likefunbutnot
    May 1, 2017 at 2:59 pm

    I actually run my own DNS Servers. I use OpenDNS for upstream queries but I also add and filter my own custom zones at times. Functionally, it's not much different from having a Pi-Hole set up, but I'm using it for about a dozen customers across multiple physical locations. Since I'm in control of my local server, I have more control over what my customers see than just relying on what OpenDNS would choose to block.

  7. Fred
    May 1, 2017 at 2:54 pm

    Good recap, thanks! I wonder what is the capacity/throughput of UncensoredDNS?

    • Tommaso Pecchia
      May 2, 2017 at 2:51 am

      What about safedns??

    • Tommaso Pecchia
      May 2, 2017 at 2:51 am

      What about safedns