Best free and public DNS servers of 2018

Best DNS server
Best DNS server

DNS (Domain Name System) is a system which translates the domain names you enter in a browser to the IP addresses required to access those sites.

Your ISP will assign you DNS servers whenever you connect to the internet, but these may not always be the best choice. Slow DNS servers can cause a lag before websites start to load, and if your server sometimes goes down, you may not be able to access any sites at all.

Switching to a free public DNS server can make a real difference, with more responsive browsing and lengthy 100% uptime records meaning there's much less chance of technical problems.

Some services can also block access to phishing or infected sites, and a few offer content filtering to keep your kids away from the worst of the web.

You need to choose your service with care - not all providers will necessarily be better than your ISP - but to help point you in the right direction, this article will highlight six of the best free DNS servers around.

OpenDNS

1. OpenDNS

Primary, secondary DNS servers: 208.67.222.222 and 208.67.220.220

Veteran operator
Phishing sites blocked by default
Optional web filtering

Founded in 2005 and now owned by Cisco, OpenDNS is one of the biggest names in public DNS.

The free service offers plenty of benefits: high speeds, 100% uptime, phishing sites blocked by default, optional parental controls-type web filtering to block websites by content type, along with free email support if anything goes wrong.

Commercial plans enable viewing a history of your internet activity for up to the last year, and can optionally lock down your system by allowing access to specific websites only. These aren't going to be must-have features for the average user, but if you're interested, they can be yours for around $20 (£14.30) a year.

If you're an old hand at swapping DNS, you can get started immediately by reconfiguring your device to use the OpenDNS nameservers.

If you're a newbie, that's okay too, as OpenDNS has setup instructions for PCs, Macs, mobile devices, routers and much, much more.

Cloudflare

2. Cloudflare

Primary, secondary DNS servers: 1.1.1.1 and 1.0.0.1

Impressive performance
Tight privacy levels
Community forum for support

Best known for its top-rated content delivery network, Cloudflare has extended its range to include a new public DNS service, the catchily-named 1.1.1.1.

The product doesn't have any of the extras you'll often see elsewhere. There's no anti-phishing, no ad-blocking, no content filtering or other attempts to monitor or control what you can access, and what you can't.

Instead, Cloudflare has focused much more on the fundamentals. These start with performance, and independent testing from sites like DNSPerf shows Cloudflare is the fastest public DNS service around.

Privacy is another major highlight. Cloudflare doesn't just promise that it won't use your browsing data to serve ads; it commits that it will never write the querying IP address (yours) to disk. Any logs that do exist will be deleted within 24 hours. And these claims aren't just reassuring words on a website. Cloudflare has retained KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises.

The 1.1.1.1 website has some setup guidance, with simple tutorials covering Windows, Mac, Android, iOS, Linux and routers. These are very generic - you get one set of instructions for all versions of Windows, for instance - but there are some pluses (IPv6 as well as IPv4 details) and you should be able to figure it out.

If you have any problems, Cloudflare offers a community forum where you can ask questions or see what others are doing, a nice extra touch which we'd like to see followed by other providers.

Google Public DNS

3. Google Public DNS

Primary, secondary DNS servers: 8.8.8.8 and 8.8.4.4

Solid on the privacy front
Commendable transparency
Meant for experienced users

Google has its fingers in most web-related pies, and DNS is no exception: it's free Public DNS is a simple and effective replacement for your own ISP's nameservers.

Privacy can't quite match the 'we don't keep anything' promises of Cloudflare, but it's not bad. The service logs the full IP address information of the querying device for around 24 to 48 hours for troubleshooting and diagnostic purposes. 'Permanent' logs drop any personally identifiable information and reduce location details to the city level, and all but a small random sample of these are deleted after two weeks.

There's a further benefit for experienced users in Google's detailed description of the service. If you'd like to be able to assess the significance of Google's privacy policy, for instance, you can read up on absolutely everything the service logs contain to find out for yourself.

Google's support site offers only very basic guidance targeted at experienced users, warning that "only users who are proficient with configuring operating system settings [should] make these changes." If you're unsure what you're doing, check the tutorials from a provider such as OpenDNS, remembering to replace its nameservers with Google's: 8.8.8.8 and 8.8.4.4.

Norton ConnectSafe

4. Norton ConnectSafe

Primary, secondary DNS servers: 199.85.126.10 and 199.85.127.10

Uses Norton Safe Web
Three levels of protection available
Skimpy setup instructions

Norton ConnectSafe is a free DNS service which can automatically block access to fraudulent, phishing and malware-infested websites, as well as optionally filtering sites by content.

This is a familiar idea - OpenDNS and Comodo, amongst others, do much the same thing - but ConnectSafe has one important advantage. It takes its data from Norton Safe Web, a comprehensive database on more than 50 million websites in 23 languages. The service delivers probably the best web filtering performance around, and the ability to get it for free, without having to install any software, is a major safety plus.

Setting up the service requires choosing from three levels of protection.

The Security policy blocks malicious and fraudulent websites only, and uses the nameservers 199.85.126.10 and 199.85.127.10.

The Security and Pornography policy adds support for filtering sexually explicit material, and uses the nameservers 199.85.126.20 and 199.85.127.20.

The very strict Security and Pornography and Other scheme extends the filtering to block 'sites that feature mature content, abortion, alcohol, crime, cults, drugs, gambling, hate, sexual orientation, suicide, tobacco or violence' by using the nameservers 199.85.126.30 and 199.85.127.30.

That's likely to lock you out of a lot of content, but it might appeal as a way to protect young children, and you don't have to use this policy everywhere. You could lock down your kids' tablet with this policy, for instance, but stick with the plain Security policy for your own laptop.

There are only very basic setup instructions on the ConnectSafe site, but if you run into trouble, the tutorials on competitors such as OpenDNS may point you in the right direction. Just be sure to use Norton's nameserver IP addresses when you change your device settings.

Comodo Secure DNS

5. Comodo Secure DNS

Primary, secondary DNS servers: 8.26.56.26 and 8.20.247.20

Focus on security
Smart handling of parked domains
Performance might not be so hot

Comodo Group is the power behind a host of excellent security products, so it's no surprise that the company also offers its own public DNS service.

Just as you'd expect, Comodo Secure DNS has a strong focus on safety. It doesn't just block phishing sites, but also warns if you try to visit sites with malware, spyware, even parked domains which might overload you with advertising (pop-ups, pop-unders and more).

Comodo claims its service is smarter than average, too, detecting attempts to visit parked or 'not in use' domains and automatically forwarding you to where you really want to go.

Performance is key, of course, and the company suggests its worldwide network of servers and smart routing technology give it an advantage. DNSPerf's Comodo stats are less impressive, unfortunately. As we write, DNSPerf reports its average query time as around 82ms, ranking it ninth out of the ten services tested.

That said, Comodo may still be interesting if you're looking for an extra layer of web filtering, and the support website has some short but useful instructions on setting the service up on Windows PCs, Macs, routers and Chromebooks.

Quad9

6. Quad9

Primary, secondary DNS servers: 9.9.9.9 and 149.112.112.112

Speedy performance levels
Blocks malicious domains
Limited help in terms of setup

Quad9 is a young DNS outfit which has been providing a fast and free DNS service since August 2016.

The company sells itself on its ability to block malicious domains by collecting intelligence from 'a variety of public and private sources.' It's not clear what these sources are, but the website says Quad9 used 18+ 'threat intelligence providers' as of May 2018.

That's a little too vague for us, and we're not convinced that using a large number of threat intelligence providers will necessarily help – the quality of the intelligence is generally more important than the quantity.

There's no arguing about Quad9's performance, though. DNSPerf currently rates it third out of ten for average worldwide query times, lagging behind Cloudflare and OpenDNS, but effortlessly outpacing contenders like Comodo and Norton.

Drilling down into the detail reveals some variations in speed - Quad9 drops to fifth place for North American queries - but overall the service still delivers better performance than most.

Setup guidance is a little limited, with tutorials for the latest versions of Windows and macOS only. They're well presented, though, and it's not difficult to figure out what you need to do.

Got further questions about DNS? Here are some common queries along with our answers.

What is DNS?

The Domain Name System (DNS) is a phonebook for the internet, a framework which translates domain names, like facebook.com or twitter.com, into the IP addresses necessary for devices to load those internet resources.

The mechanics of DNS can be quite complicated, as information isn't held in a single database, but rather distributed in a worldwide directory including a vast number of DNS servers.

Fortunately, the average internet user doesn't normally have to get involved in any of the low-level technical details. Your ISP automatically provides you with access to a DNS server whenever you go online, and whenever you enter a URL into your browser, this will find the relevant IP address for you. 

Verisign

Your ISP DNS isn't performing? Verisign is one of many big-name companies offering a free alternative

Why might DNS matter to me?

DNS servers can vary hugely in speed, particularly in areas which don't always have the best internet coverage (Africa, South America, Oceania.) To take an example of a single day when we tested, DNSPerf.com reported Cloudflare achieved an average 4.43ms query time for Oceania, while Yandex was left trailing at 350.24ms. That's potentially more than a third of a second in extra waiting time before your browser is able to access any new website.

This is an extreme example, to be fair. European or US lookups may see less than 30ms variation between most DNS services, and as your device or router will probably cache the address for reuse later, even this delay will only occur very occasionally. Still, a sluggish DNS server can noticeably slow down your browsing in some situations, and trying an alternative – especially as the best options are all free – is generally a good idea.

There's a second possible benefit in terms of uptime. If your ISP DNS server fails, you might not be able to access some or all of your favorite sites. Big-name providers such as OpenDNS claim they've had 100% uptime going back years.

DNS Jumper

How can I find the fastest DNS service?

DNS speed depends on many factors, including your location, the distance to your nearest server, and that server having enough power and bandwidth to handle all the queries it receives.

DNS Jumper is a portable freeware tool which tests multiple public DNS services to find out which delivers the best performance for you.

The program has a lot of options, but isn't difficult to use. Launch it, click Fastest DNS > Start DNS Test, and within a few seconds you'll be looking at a list of DNS services sorted by speed.

DNS Jumper can be useful, in particular because it's checking how servers perform from your location, but it doesn't run enough tests over a long enough period to give you a definitive answer.

DNSPerf

DNSPerf tests multiple DNS services every minute from 200+ locations around the world and makes the results freely available on its own website. This gives a very good general idea of performance, and also enables seeing how services compare on different continents, as well as assessing their uptime.

How can I switch DNS servers?

The steps involved in changing your DNS service vary according to your hardware and possibly your operating system version.

Generally, you must start by finding the primary and secondary nameservers for the DNS service you'd like to use. These IP addresses are normally displayed very clearly on the service website, so, for example, Cloudflare DNS uses 1.1.1.1 and 1.0.0.1.

The simplest approach for home users is to update their router to use the new addresses. Most other devices will then pick up the new DNS settings automatically, with no further work required.

To make this happen you must log in to your router (the default password may be printed on its base) and look for the current DNS primary and secondary nameservers. Make a note of the current values in case of problems, then replace them with the nameservers you'd like to use.

If you run into problems, check out your DNS service website for any setup guidance. Keep in mind that you can also use the tutorials of other DNS providers, as long as you remember to replace their nameserver IPs with your preferred options. OpenDNS, for instance, has specific guidance for many different router types on its support site.

If router tweaks aren't right for your situation, you may have to change the DNS configuration of each individual device. Cloudflare has short and simple guidance here, while the OpenDNS website goes into more depth.

You might also want to look over our many web hosting guides: