Quick Links

Key Takeaways

  • Cloudflare's DNS is fast, secure, and privacy-focused, offering additional services for malware and adult content blocking.
  • Google Public DNS is known for speed and security features, but users should be wary of data collection practices.
  • OpenDNS Home offers identity theft protection and parental controls, with customizable filtering and detailed usage stats.

Changing your DNS provider can dramatically improve your computer's defenses against online threats.

If you are ready to switch DNS providers, you might be wondering which DNS provider you should choose. There are many options, but which is the best, what features are available, and are there any drawbacks?

DNS Provider

IP Addresses

Key Features

Cloudflare

1.1.1.1, 1.0.0.1

  • Among the fastest DNS services globally
  • Does not log IP addresses, wipes metadata within 24 hours
  • Supports DNS over HTTPS (DoH) and DNS over TLS (DoT)
  • No content filtering (unless malicious)
  • Additional services for malware and adult content blocking (1.1.1.2/1.0.0.2 and 1.1.1.3/1.0.0.3)

Google Public DNS

8.8.8.8, 8.8.4.4

  • Known for speed and reducing DNS bottlenecks
  • Global server coverage
  • Built-in security features against DoS attacks and DNS cache poisoning
  • DNSSEC and DoH standard
  • Collects anonymized DNS data for analysis

OpenDNS Home

208.67.220.220, 208.67.222.222

  • Owned by Cisco since 2016
  • Offers identity theft protection and parental controls
  • Customizable filtering with Home package
  • Detailed usage stats and whitelist-only browsing in the VIP Home package
  • Stores DNS and IP address information, uses web beacons

DNSWatch

84.200.69.80, 84.200.70.40

  • No censorship or content filtering
  • No logging of DNS queries
  • No business deals with ad networks or data sale
  • DNS-Over-HTTPS support
  • No ISP DNS hijacking

Quad9

9.9.9.9, 149.112.112.112

  • Privacy-focused, never logs IP addresses
  • Utilizes threat intelligence from over 20 cybersecurity firms
  • Based in Switzerland, known for privacy protection
  • Encryption for DNS queries
  • Extensive global network for speed and reliability

OpenNIC

206.125.173.29, 45.32.230.225

  • User-owned and controlled
  • Offers DNS neutrality and prevention of ISP DNS hijacking
  • Adjustable data logging levels
  • Users can vote on project operations and policy changes

1. Cloudflare

cloudflare dns provider home page
  • IP Addresses: 1.1.1.1 and 1.0.0.1

Cloudflare is best known for its content delivery network and DDoS protection and mitigation tools. But did you know that Cloudflare's DNS service is typically among the fastest in the world (if not the fastest most of the time)? According to the well-respected DNS performance tracking site DNSPerf, Cloudflare remains the fastest DNS provider, which is a great boon among the numerous other providers.

But it's not just fast. Cloudflare doesn't log IP addresses used to make requests and wipes any meta-data within 24 hours. Furthermore, it supports DNS over HTTPS (DoH) and DNS over TLS (DoT), which prevent eavesdropping and manipulation of DNS data, and doesn't filter or block content (unless deemed malicious!), leaving you free to browse the web in peace.

If you want to go the extra mile in security and privacy, Cloudflare offers two additional services under its "1.1.1.1 for Families" program. For extra malware protection, you can use Cloudflare's 1.1.1.2 or 1.0.0.2 DNS, while to block both malware and adult content from your network, use 1.1.1.3 or 1.0.0.3.

2. Google Public DNS

google public dns home page feb 2024
  • IP Addresses: 8.8.8.8 and 8.8.4.4

Google DNS's most significant advantage is its speed. DNS lookups often cause a bottleneck that can slow down your browsing. According to Google's research, the biggest DNS bottleneck cause is "cache misses." They occur when a DNS resolver has to communicate with several external name servers to load a page. It's just one of the many benefits of changing your DNS server.

Google tries to mitigate the problem by offering four key performance and security features:

  • Global coverage: There are servers nearby regardless of where you are in the world.
  • Denial-of-Service (DoS) attack prevention: Google provides DNSSEC security as standard.
  • Load balancing: Shared caching improves the cache hit rate.
  • Spoofing and Cache Poisoning: Google's DNS specifically aims to protect against DNS cache poisoning attacks.

Although Google offers DNSSEC and DNS-over-HTTPS as standard, data collection is one significant security drawback to using the service. Remember, Google is an advertising company, and user data is its biggest asset. Although the DNS data it collects is theoretically impersonal, it might scare away some privacy-conscious users.

3. OpenDNS Home

opendns home website page feb 2024
  • IP Addresses: 208.67.220.220 and 208.67.222.222

Another popular third-party DNS provider is OpenDNS. Since November 2016, the service has been owned by Cisco.

Users can choose from four tiers of service: OpenDNS Family Shield, OpenDNS Home, OpenDNS VIP Home, and OpenDNS Umbrella Prosumer.

The first two services, OpenDNS Family Shield and OpenDNS Home, are free. The features are largely the same; they both have built-in identity theft protection and parental controls for every device in your home. The only significant difference is customizable filtering: the Family Shield is pre-configured for routers, computers, smart devices, and servers, while the Home package needs your input to adjust some of the 50 different filters.

The VIP Home package costs $19.95 per year. It introduces detailed internet usage stats for the previous 12 months (categorized across eight types of security threats and 60 types of web content) and the ability to restrict internet access to a whitelist of domains, thus giving users on your network a "locked down" experience. The company also offers business packages.

The final Prosumer package is $20/user and will protect three devices for a single cost.

Sadly, there is a trade-off for OpenDNS' security. The company stores both your DNS and IP address information and places web beacons on pages you visit using the servers so it can learn about "what content is effective."

You can draw your own conclusions about that quote.

4. DNSWatch

dnswatch website home page feb 2024
  • IP Addresses: 84.200.69.80 and 84.200.70.40

DNSWatch is a security-conscious DNS provider that's entirely free for all users. DNSWatch can be broken down into four key areas:

  • DNS Neutrality: The servers do not censor any DNS requests. This differs from some ISPs around the world who actively censor what you can and cannot access.
  • Privacy Protection: The company does not log any DNS queries. It does not record any of your actions. To once again draw a comparison with a typical ISP DNS server, many log your history, and some don't even anonymize the data collected.
  • Data for Sale: The company does not have any business deals in place with ad networks or other institutions that have an interest in learning about your online habits.
  • No ISP DNS Hijacking: If you use your ISP's DNS servers, no doubt you'll have occasionally stumbled across a sponsored search page if the site you're trying to visit does not return a response. They're a nightmare for privacy; anything you enter on those pages is collected and collated by your ISP.

DNSWatch also includes some extra security options, such as DNS-Over-HTTPS, which makes it one of the best DNS for security-minded folks.

5. Quad9

quad9 dns provider home page
  • IP Addresses: 9.9.9.9 and 149.112.112.112

First launched in 2016, Quad9 has become one of the most popular third-party DNS providers. Quad9 has a strong focus on privacy and security, sourcing threat intelligence from its network of more than 20 cybersecurity companies to keep you secure. Furthermore, Quad9 never logs your IP address in its system, uses encryption to protect your DNS queries, and is based in Switzerland, which has a strong history of protecting personal privacy.

Quad9's network is distributed worldwide, with more than 200 server locations across 90 different countries. It focuses specifically on "Internet Exchange" points with high interconnection rates between global networks. This means Quad9 is also one of the fastest DNS providers.

6. OpenNIC

opennic
  • IP Addresses: 206.125.173.29 and 45.32.230.225

The OpenNIC project is best known for its user-owned and controlled top-level Network Information Center, which offers an alternative to typical top-level domain (TLD) registries such as ICANN. However, it also provides some of the most secure free DNS servers.

Once again, you need to be aware of some key pillars of its security features. Like DNSWatch, it offers DNS neutrality and prevention of ISP DNS hijacking, but it also provides a couple of additional features.

First, you can choose how much data logging OpenNIC does. This gives you an unprecedented level of granular control.

Second, and perhaps more impressive, you also get to vote on how OpenNIC operates. You can have your say in everything from deciding new TLDs to project-wide policy changes. If something happens you don't like, you can make sure you let OpenNIC know about it!