The best DNS servers provide another way to connect online, offering a faster and safer surfing experience than through your ISP.
If you’re new to DNS servers, the DNS or Domain Name System is a protocol that takes the domain names that you enter into a browser and translates them into the IP addresses needed to access those particular websites.
You're automatically assigned a DNS server by your ISP every time you go online, but it may not always be the best choice. If your ISP's DNS is slow, that will cut your browsing speeds, and if it goes down, you may be unable to access some (or maybe all) of the web.
Fortunately, switching to a quality free and public DNS server can deliver more responsive browsing, often with a bunch of security benefits thrown in: anti-phishing, blocking of infected websites, and maybe content filtering to keep your children away from unsavory web content.
You need to choose your service with care - not all providers will necessarily be better than your ISP - but to help point you in the right direction, this article will highlight six of the best DNS servers around.
What is DNS?
The Domain Name System (DNS) is a phone book for the internet, a framework which translates domain names, like facebook.com or twitter.com, into the IP addresses necessary for devices to load those internet resources (e.g. 126.96.36.199). In geek terms, that's called Resolution.
The mechanics of DNS can be quite complicated, as information isn't held in a single database, but rather distributed in a worldwide directory including a vast number of DNS servers.
Fortunately, the average internet user doesn't have to get involved in the low-level technical details. Your ISP automatically provides you with a DNS server whenever you go online, and when you enter a URL into your browser, this finds the relevant IP address for you.
The best free and public DNS servers of 2023 in full:
Reasons to buy
Best known for its top-rated CDN, Cloudflare has extended its range to include a new public DNS service, the catchily-named 188.8.131.52.
Cloudflare has focused much more on the fundamentals. These start with performance, and independent testing from sites like DNSPerf shows Cloudflare is the fastest public DNS service around for raw worldwide speeds.
Privacy is another major highlight. Cloudflare doesn't just promise that it won't use your browsing data to serve ads; it commits that it will never write the querying IP address (yours) to disk. Any logs that do exist will be deleted within 24 hours. And these claims aren't just reassuring words on a website. Cloudflare has retained KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises.
The 184.108.40.206 website has some setup guidance, with simple tutorials covering Windows, Mac, Android, iOS, Linux and routers. These are very generic—you get one set of instructions for all versions of Windows, for instance—but there are some pluses (IPv6 as well as IPv4 details) and you should be able to figure it out. Additionally, mobile users can use WARP which secures all of the phone’s internet traffic.
The product doesn't offer ad-blocking or attempt to monitor what you can access, and what you can't. The one caveat is that Cloudflare has introduced content filtering for malware and adult content blocking, with their 220.127.116.11/18.104.22.168 and 22.214.171.124/126.96.36.199 services respectively, but this is an option a user can choose rather than have forced on them.
If you have any problems, Cloudflare offers a community forum where you can ask questions or see what others are doing, a nice extra touch which we'd like to see followed by other providers.
Read our full Cloudflare 188.8.131.52 review.
Reasons to buy
Reasons to avoid
Google Public DNS is a simple and effective replacement for your own ISP's nameservers.
Privacy can't quite match the 'we don't keep anything' promises of Cloudflare, but it's not bad. The service logs the full IP address information of the querying device for around 24 to 48 hours for troubleshooting and diagnostic purposes. 'Permanent' logs drop any personally identifiable information and reduce location details to the city level, and all but a small random sample of these are deleted after two weeks.
Google's support site offers only very basic guidance targeted at experienced users, warning that "only users who are proficient with configuring operating system settings [should] make these changes." If you're unsure what you're doing, check the tutorials from a provider such as OpenDNS, remembering to replace its nameservers with Google's: 184.108.40.206 and 220.127.116.11.
Read our full Google Public DNS review.
Reasons to buy
Reasons to avoid
Quad9 is an experienced DNS outfit which has been providing a fast and free DNS service since August 2016.
The company sells itself on its ability to block malicious domains by collecting intelligence from 'around 20' public and private sources. We're not necessarily convinced that using a large number of providers will help (the quality of the intelligence is more important than the quantity), but as your ISP probably offers no DNS threat protection at all, you're still safer overall.
Quad9 delivers very capable performance, too, with DNSPerf currently rating the service seventh out of 12 Public DNS resolvers for average worldwide query times. That's lagging a little behind market leaders such as Google and Cloudflare, but it competes well with the likes of NextDNS and G-Core, and speeds overall are well above average.
Setup guidance isn't quite as comprehensive as we elsewhere, and some of the tutorials look a little outdated (the Windows guidance covers Windows 8 and 10, there's games console advice for the PS4.) But overall, it's well presented, and it's not difficult to figure out what you need to do.
Read our full Quad9 review.
Reasons to buy
Founded in 2005 and now owned by Cisco, OpenDNS is one of the biggest names among public DNS providers, resolving a massive 620 billion DNS queries each day.
The free OpenDNS service (with a claimed 100% uptime since 2006) includes anti-phishing and configurable content filtering. If you're after simplicity, OpenDNS Family Shield (also free) comes preconfigured to block adult content, no manual tweaking required.
Paid plans deliver a little more parental controls-type features from $19.95 a year, including the ability to view a history of your internet activity, or lock down your system by allowing access to specific websites only. That's welcome, but we think the best parental control apps deliver better child protection for only a little more cash.
If you're an old hand at swapping DNS, you can get started immediately by reconfiguring your device to use the OpenDNS nameservers.
If you're a newbie, that's okay too, as OpenDNS has setup instructions for PCs, Macs, mobile devices, routers and much, much more.
Read our full OpenDNS review.
Reasons to buy
Reasons to avoid
For those looking for a DNS to provide security, but also simplicity, Cleanbrowsing can fit the need. We like that you just need to choose the type of filtering that you want to do, and then insert the primary and secondary DNS’ that accomplishes that goal.
There are three free filters to choose from. The Security filter keeps you safe from malware, spam and phishing domains. An Adult filter also protects users from pornographic or explicit sites. Finally, a Family filter extends Cleanbrowsing's parental controls reach by also setting Google, Bing and YouTube to Safe search mode, and blocks VPN and proxy sites which allow smarter kids to bypass its protection.
That's a very capable range of features, especially for a free service, but Cleanbrowsing hasn't finished yet. If you're put off by some of the technical setup procedures you'll see elsewhere, Cleanbrowsing has some free apps to do this for you. We downloaded the Windows app, clicked the button for our preferred filter, and it reconfigured our system immediately, nothing else to do.
Reasons to buy
Reasons to avoid
Comodo Group is the power behind a host of excellent security products, so it's no surprise that the company also offers its own public DNS service.
Just as you'd expect, Comodo Secure DNS has a strong focus on safety. It doesn't just block phishing sites, but also warns if you try to visit sites with malware, spyware, even parked domains which might overload you with advertising (pop-ups, pop-unders and more). Furthermore, you can try out the Comodo Dome Shield service, which adds additional features to Comodo Secure DNS.
Comodo claims its service is smarter than average, too, detecting attempts to visit parked or 'not in use' domains and automatically forwarding you to where you really want to go. We also like the available iOS and Android apps.
Performance is key, of course, and the company suggests its worldwide network of servers and smart routing technology give it an advantage. Unfortunately, Comodo stats weren't that impressive, and in our tests, we got an average query time of around 72ms. Furthermore, we did not find it ranked on DNSPerf for either worldwide, nor North America.
That said, Comodo may still be interesting if you're looking for an extra layer of web filtering, and the support website has some short but useful instructions on setting the service up on Windows PCs, Macs, routers and Chromebooks.
Read our full Comodo Secure DNS review.
Best DNS servers FAQs
How we choose the best DNS server for you
DNS servers can vary hugely in speed, particularly in areas which don't always have the best internet coverage (Africa, South America, Oceania.) To take an example of a single day when we tested, DNSPerf.com reported Cloudflare achieved an average 4.43ms query time for Oceania, while Yandex was left trailing at 350.24ms. That's potentially more than a third of a second in extra waiting time before your browser can access any new website.
This is an extreme example, to be fair. European or US lookups may see less than 30ms variation between most DNS services, and as your device or router will probably cache the address for reuse later, even this delay will only occur very occasionally. Still, a sluggish DNS server can noticeably slow down your browsing in some situations, and trying an alternative – especially as there are multiple options that are all free is often a good idea.
There's a second possible benefit in terms of uptime. If and when your ISP DNS server fails, you will encounter some difficulty accessing some or all of your favorite sites. Big-name providers such as OpenDNS claim they've had 100% uptime going back years. These are the factors we take into consideration when choosing the best DNS servers.
How we test a DNS server?
As with every service, you get what you pay for and it’s really no different here. Free DNS can be good but it’s nothing compared to a Premium paid version. Granted, not everyone wants to pay and depending on their needs they might not need to, but paid DNS can be the better choice depending on your needs. Apart from the increased website performance and security, you also get additional features.
For instance, Dynamic DNS and Secondary DNS are a staple of the premium DNS service. The Dynamic DNS works with dynamic IP addresses and it allows users to access their home computer from anywhere in the world. The Secondary DNS works as a backup of sorts which is always a plus. This is just a small fraction of what a premium DNS can do and the exact number of features will depend on the service provider, which is one of the features we look for when testing a DNS service.
How can I find the fastest DNS service?
DNS speed depends on many factors, including your location, the distance to your nearest server, and that server having enough power and bandwidth to handle all the queries it receives.
DNS Jumper is a portable freeware tool which tests multiple public DNS services to find out which delivers the best performance for you.
The program has a lot of options, but isn't difficult to use. Launch it, click Fastest DNS > Start DNS Test, and within a few seconds you'll be looking at a list of DNS services sorted by speed.
DNS Jumper can be useful, in particular because it's checking how servers perform from your location, but it doesn't run enough tests over a long enough period to give you a definitive answer.
DNSPerf tests multiple DNS services every minute from 200+ locations around the world and makes the results freely available on its own website. This gives a very good general idea of performance, and also enables seeing how services compare on different continents, as well as assessing their uptime.
How can I switch DNS servers?
The steps involved in changing your DNS service vary according to your hardware and possibly your operating system version.
Generally, you must start by finding the primary and secondary nameservers for the DNS service you'd like to use. These IP addresses are normally displayed very clearly on the service website, so, for example, Cloudflare DNS uses 18.104.22.168 and 22.214.171.124.
The simplest approach for home users is to update their router to use the new addresses. Most other devices will then pick up the new DNS settings automatically, with no further work required.
To make this happen you must log in to your router (the default password may be printed on its base) and look for the current DNS primary and secondary nameservers. Make a note of the current values in case of problems, then replace them with the nameservers you'd like to use.
If you run into problems, check out your DNS service website for any setup guidance. Keep in mind that you can also use the tutorials of other DNS providers, as long as you remember to replace their nameserver IPs with your preferred options. OpenDNS, for instance, has specific guidance for many different router types on its support site.
If router tweaks aren't right for your situation, you may have to change the DNS configuration of each individual device. Cloudflare has short and simple guidance here, while the OpenDNS website goes into more depth.
How can I find my current DNS servers?
If you're troubleshooting your internet connection, or maybe thinking of switching DNS servers, it might be useful to check which DNS servers you're using at the moment.
The simplest way to do this is to visit DNSLeakTest.com and tap the Standard Test button. Within a few seconds the website will usually display your DNS server IP addresses, host names, and sometimes (if appropriate) the name of your ISP.
After that, life gets more complicated as there are several potential options. Your device could be set up to use specific DNS servers; it might ask your router to give it the best DNS servers every time it boots; or it might not know anything about DNS servers, and default to the router to handle everything.
On Windows, you could get started by entering IPCONFIG/ALL in a command line window. Look for your network adapter and then you’ll see its DNS servers specified in the list.
If there's a single DNS IP address which points at your router – 192.168.x.x – that suggests the router is handling all DNS queries. Enter that IP address into your browser, log in to the router if necessary and your DNS servers will be listed amongst the settings.
Why paid DNS is better than free
If your browser is telling you a website's 'Server IP address could not be found,' even though you're sure it's up and available, then this could be due to a problem with your DNS. However, keep in mind that you might not want to go to the trouble of changing your DNS service to find out.
Windows users can use the command line tool nslookup.exe to look at the results of any DNS server- without even touching their system settings. Here’s how to do this:
Run cmd.exe to open a command line window, then type:
Then press Enter (replace website.com with the address of whatever website you're trying to reach).
Nslookup uses your default DNS server to look for the IP address of website.com. If it tells you it 'Can't find website.com,' this means your DNS server doesn't have a record for that domain.
Next, tell the tool to use another DNS service by entering a command like:
nslookup website.com 126.96.36.199
The 188.8.131.52 address uses Google DNS – replace that with any DNS service you like, such as 184.108.40.206 for Cloudflare.
If nslookup returns errors using multiple servers, this doesn't look like a DNS issue. If one server returns an IP address and another doesn't, you might want to try setting up your system to use the working DNS, and see if it makes any difference.
Check out the best web hosting services.
We've also featured the best small business servers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.