If I’ve convinced you to switch providers, you might be wondering which company you should turn to. There are a lot of options out there — but which is the best, what features are available, and are there any drawbacks?
In this article, I’m going to introduce you to the five best third-party DNS providers for your security.
1. Google Public DNS
IP Addresses: 188.8.131.52 and 184.108.40.206
I’m going to start my list with two of the most well-known third-party servers. First up, Google Public DNS.
Google’s DNS most significant advantage is its speed. DNS lookups often cause a bottleneck that can slow down your browsing. According to Google’s research, the biggest cause of the bottlenecks are “cache misses.” They occur when a DNS resolver has to communicate with several external name servers to load a page.
Google tries to mitigate the problem by offering three key performance features:
- Global coverage — There are servers nearby regardless of where you are in the world.
- Denial-of-Service (DoS) attack prevention — Google provides DNSSEC security as standard.
- Load balancing — Shared caching improves the cache hit rate.
Although Google offers DNSSEC and DNS-over-HTTPS as standard, there is one significant security drawback to using the service: data collection. Remember, Google is an advertising company, and user data is its biggest asset. Although the DNS data it collects is theoretically impersonal, it might scare away some privacy-conscious users.
IP Addresses: 220.127.116.11 and 18.104.22.168
The other most commonly-cited third-party DNS provider is OpenDNS. Since November 2016, the service has been owned by Cisco.
Users can choose from three tiers of service: OpenDNS Family Shield, OpenDNS Home, and OpenDNS VIP Home.
The first two services — OpenDNS Family Shield and OpenDNS Home — are both free. The features are largely the same; they both have built-in identity theft protection and parental controls for every device in your home. The only significant difference is customizable filtering: the Family Shield is pre-configured, the Home package needs your input.
The VIP Home package costs $19.95 per year. It introduces detailed internet usage stats for the previous 12 months (categorized across eight types of security threats and 60 types of web content) and the ability to restrict internet access to a whitelist of domains, thus giving users on your network a “locked down” experience. The company also offers business packages.
Sadly, there is a trade-off for some of these services. The company stores both your DNS and IP address information, and places web beacons on pages you visit using the servers so it can learn about “what content is effective.”
You can draw your own conclusions about that quote.
3. DNS Watch
IP Addresses: 22.214.171.124 and 126.96.36.199
DNS Watch is a hugely security conscious DNS provider. It’s entirely free for all users and doesn’t offer tiered packages like OpenDNS.
Its security offering can be broken down into four key areas:
DNS Neutrality — The servers do not censor any DNS requests. This differs to some ISPs around the world who actively censor what you can and cannot access.
Privacy Protection — The company does not log any DNS queries. It is not recording any of your actions. To once again draw a comparison with a typical ISP DNS server, many log your history, and some don’t even anonymize the data collected.
Data for Sale — The company does not have any business deals in place with ad networks or other institutions that have an interest in learning about your online habits.
No ISP DNS Hijacking — If you use your ISP’s DNS servers, no doubt you’ll have occasionally stumbled across a sponsored search page if the site you’re trying to visit does not return a response. They’re a nightmare for privacy; anything you enter on those pages is collected and collated by your ISP. DNS Watch doesn’t do this. You’ll just see your standard browser page if your request is unsuccessful.
IP Addresses: 188.8.131.52 and 184.108.40.206
The OpenNIC project is most well-known for its user owned and controlled top-level Network Information Center. It offers an alternative to typical top-level domain (TLD) registries such as ICANN.
However, the firm also provides free DNS servers. There are four servers to choose from. I’ve given you the two with the best uptime above (100 percent and 99.95 percent, respectively).
Once again, there are some key pillars of its security features you need to be aware of. Like DNS Watch, it offers DNS neutrality and prevention of ISP DNS hijacking, but it also provides a couple of additional features.
First, you get to choose how much data logging is done by OpenNIC. It gives you an unprecedented level of granular control.
Second, and perhaps more impressive, you also get to vote in how OpenNIC operates. You can have your say in everything from deciding new TLDs to project-wide policy changes. If something happens you don’t like, you can make sure you let OpenNIC know about it!
IP Addresses: 220.127.116.11 and 18.104.22.168
UncensoredDNS is perhaps the least recognizable name on this list.
The service operated by a Danish man called Thomas Steen Rasmussen. Here’s how he describes his background and the service in his own words:
“I am a system administrator with a Danish internet provider, I was born in 1979. I run this service as a private individual, with my own money. The DNS service which consists of two uncensored DNS servers. The servers are available for use by anyone, free of charge.”
The best part of UncensoredDNS is the two servers are entirely free of logging. The servers store no information about you as a user, nor do they keep information about how you use the service.
Both servers are physically located in Denmark.
Which DNS Servers Do You Use for Security and Privacy?
In this article, I’ve introduced you to five of the best DNS servers for protecting your security and privacy.
Which is the best? It’s hard to say. Much depends on your personal priorities. If parental controls are your primary concern, turn to OpenDNS. If you want to improve your speed at the expense of some non-personal data logging, use Google. Want to be as discreet as possible but potentially sacrifice some speed and uptime? Consider one of the latter three options.
Remember, using a secure DNS server is important to protect yourself from DNS cache poisoning.
Image Credit: MOHD BAHIRI BIN IBRAHIM via Shutterstock.com