4 Reasons Why Using Third-Party DNS Servers Is More Secure

Dan Price 17-04-2017

Most of you will be well-versed in the common ways to improve your computer’s online security 7 Top Firewall Programs to Consider for Your Computer's Security Firewalls are crucial for modern computer security. Here are your best options and which one is right for you. Read More . You can install a highly-rated anti-virus suite The 5 Best Free Internet Security Software for Windows Need antivirus, anti-malware, and real-time security? Here are the best free internet security software for Windows. Read More , use a password manager, change your operating system’s privacy settings 7 Tools to Manage Privacy Settings in Windows Every Windows version has its flaws and user privacy is one that haunts them all. We'll introduce you to seven tools that can help you manage native Windows privacy settings. Read More , and a whole lot more.


However, there are also less familiar ways to give your security a boost. One such method is to change your DNS provider.

Why is changing your DNS a good idea? What security benefits does it bring? Keep reading to find out.

What Is DNS?

Before explaining why changing your DNS is a good idea, let’s clarify what DNS is. If you’re already familiar with the term, feel free to skip this section.

DNS stands for Domain Name System. You can think of it as the phone book of the internet. It’s the technology that translates the easily-memorable URL of a website (www.[name].com) into a numerical IP address. IP addresses are how devices, computers, and services are located on a network.

Your ISP will automatically route your traffic through its own DNS servers What Is a DNS Server and Why Is It Unavailable? A DNS server matches a host and domain name with its server IP address. When a DNS server is unavailable, you can't reach the URL. Read More , but there are lots of third-party offerings to choose from. From a security standpoint, the third-party options are often much better than an ISP’s DNS servers.



DNS technology is predominantly vulnerable to two main attack vectors: spoofing attacks and denial-of-service (DoS) attacks.

Spoof attacks have the aim of redirecting you from legitimate to malicious websites. They lead to cache poisoning; corrupted data is introduced to a DNS resolver’s cache and you’ll repeatedly be directed to an incorrect IP address.

The media frequently covers DoS attacks and the public has a better understanding of them. Hackers use them to directly vast amounts of traffic to a website using a forged source IP address. The site in question typically becomes inaccessible.

DNSSEC is the de facto solution to these threats — but providers have not implemented it universally. At the time of writing, most ISPs do not offer DNSSEC on their DNS servers. Lots of third-party ones, including Google and OpenDNS, do provide it.


The technology effectively means your machine cannot be caught up in spoof attacks or DoS attacks; signatures become impossible to forge without access to private keys and resolvers will reject any responses that contain incorrect keys.

2. DNS-over-HTTPS

Third-party DNS servers have also started introducing DNS-over-HTTPS technology.

Most DNS queries are sent using either a UDP or TCP connection without encryption. Obviously, this has security implications: you’ll be vulnerable to eavesdropping, spoofing, and tampering, among other things. You’re particularly at risk if you frequently get responses from recursive DNS resolvers.

DNS-over-HTTPS allows DNS queries to be resolved using an encrypted HTTPS connection instead. It works in conjunction with DNSSEC to give users authenticated end-to-end DNS lookups. As such, the security between a client and a recursive resolver is greatly enhanced.


Google’s DNS servers have been using the technology since April 2016.

3. Phishing Protection

You should be familiar with phishing scams How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More . In short, they are cyber-criminals attempt to make you give up highly-sensitive information. Typically, an email or website will pose as a legitimate business and ask you to enter your bank details, address, or other personal data.

Some third-party DNS servers — including OpenDNS — offer phishing protection. While it’s true that most modern browsers now include built-in phishing protection, the OpenDNS feature is useful if you have to use an old browser on an office network or you’re running Windows XP and cannot use a browser beyond Internet Explorer 6.

Be warned, features such as phishing protection are a trade-off: the more extra services your DNS includes, the slower it will run.


4. Parental Controls

The native parental control features in Windows Check Out The New Windows 10 Parental Control Options Windows 10 parental control reports offer details of your child's online behaviour and activity. Some parents are horrified, whilst others welcome it. Let's look at how to use these settings to secure your computer. Read More have come a long way since the launch of Windows 10, while the offering on Mac has always been reasonably strong.

However, both operating systems’ tools are dependent on managing the controls on a user-by-user basis. If your child happens to start using your machine on an adult account, they might accidentally stumble across salacious content.

Some DNS servers offer a solution to the paradox. For example, OpenDNS allows you to configure blacklisted and whitelisted sites from its website. You can even block entire categories of sites — useful for keeping your kids off social media when they should be doing their homework.

Best of all, OpenDNS lets you set the parental controls at a network level: it will protect all your phones, laptops, tablets, and games consoles.

How to Change Your DNS

How you change your DNS server depends on which operating system you’re using. I’m only going to detail the process for Windows and Mac (there are too many Linux variants to cover them all). You can also change the DNS settings on your router, but again, the permutations are too numerous to cover here.


If you’re running Windows How to Change Your DNS Settings on Windows (And Why You Might Want To) DNS is an important part of browsing the internet, but the DNS servers your system uses aren't set in stone. Here's how to change that. Read More , you need to head to the Network and Sharing Center to make the changes. Right-click on your Wi-Fi icon in the toolbar and select Open Network and Sharing Center. Next, click on the name of your Wi-Fi network.

change dns windows wi-fi name

On the new window, click Properties.

change dns windows properties

Highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties.

change dns windows properties ipv4

Finally, mark the checkbox next to Use the Following DNS Server Addresses and enter your provider of choice. If you want to add more than two, click Advanced.


The process is different if you use a Mac How to Change Your DNS Settings on Mac (And Why You Might Want To) Your Mac handles DNS settings automatically, but you can change these easily. Here's how to specify a different DNS address in macOS. Read More .

To begin, open the Apple menu and click on System Preferences.

mac system preferences

Next, head to Network > Advanced > DNS.

mac change dns

Lastly, click the + icon under the left-hand column and enter your new DNS server address.

Have Your Changed Your DNS Provider?

After reading the article, I hope you have a clear understanding of what a DNS server is, what benefits you can enjoy by changing it, and how to change it.

Now it’s your turn to offer some input. I’d love to know which DNS provider you use. Why did you select it over its competitors? What features does it offer?

As always, you can leave your stories and opinions in the comments section below.


Related topics: DNS, Online Privacy.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Cody
    March 1, 2019 at 7:33 pm


    - DNSSEC has the chicken and egg problem.
    - Privacy
    - You talk about DoS attacks but neglect to mention that open recursive DNS servers are a great way to do exactly that. The Spamhaus is a great example of that.
    - Do man in the middle attacks mean anything to you?
    - As if so-called parental controls can’t be circumvented! Hilarious really.
    - Of course if you have your own authoritative DNS server or even if not it’s better to use that. Assuming you know how to secure it. And since open DNS servers have had problems ...
    - There are other issues here too.

  2. Whisper
    May 4, 2017 at 12:23 pm

    Use VPN for privacy.
    OpenDNS does NOT work when using a VON service!

  3. Whisper
    May 4, 2017 at 12:22 pm

    OpenDNS does NOT work when using a VPN service which the company's tech support confirmed.

    Choose one or the other.

    For privacy, use VPN.

  4. E.Keen
    April 24, 2017 at 9:04 am

    I am surprised that you're not mentioning any worries regarding Google DNS servers. Do you consider Google to be trustworthy to handle your private data? Reliable VPNs do not recommend to use google servers since Google is known for collecting and sharing private information.

  5. Pascal
    April 18, 2017 at 4:18 am

    I use OpenDNS ever since. No problems at all. Also read: Deep Packet Inspection which is also interesting in terms of data safety and encryption.

  6. Jahe
    April 18, 2017 at 12:12 am

    Yep. And i use Dnscrypt

  7. Mark Smith
    April 17, 2017 at 4:44 pm

    In the section on parental controls, you used the word salubrious to describe adult content. How is adult content healthy for children? Salacious might be a better choice.

    • Dan Price
      April 17, 2017 at 5:53 pm

      Ooops! Good catch! Changed.