What are VPN Custom DNS settings and when should you use them?
Malware blocking, extra speed, connection troubleshooting, could all be just a few clicks away
Connect to a VPN and strong encryption immediately keeps you safe from snoopers, thieves, and anyone else looking to monitor your web activities. And that's very good news, but it's not the only benefit.
VPNs also redirect your DNS queries, essential network traffic which translate domains like techradar.com into the IP addresses devices need to communicate online.
Normally VPNs handle DNS entirely on their own, making absolutely sure no-one else can see or log the domains you're visiting. But some apps give you a Custom DNS option which allow you to use whatever DNS provider you like. In this article we'll look at why this might be a good idea, when it's best avoided, and - if DNS switching works for you - exactly how you can make this happen.
Custom DNS - the advantages
One of the main reasons for switching DNS servers on regular connections is to speed up your browsing. Big providers such as Cloudflare can be much faster than your regular ISP's DNS, too, but the difference may not be as clear when you're using a VPN.
Custom DNS servers are more useful for filtering websites, blocking particular types of danger: ads, trackers, malware-related IPs, phishing sites.
Others have simple parental controls-type features, preventing you accessing adult or other child-unfriendly content.
Switching DNS can help troubleshoot odd browsing problems, too. If your VPN's DNS server is faulty, for example, you might find you can't access a particular website when you're connected, although it works just fine when you shut the VPN down. Changing your VPN DNS could resolve the issue and get you into the site.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Custom DNS - the disadvantages
Switching your VPN DNS isn't always a good idea - there are potential costs, too.
Does your current VPN already have some kind of malware or ad-blocking? Chances are that's also DNS-based. Switch to another DNS server and you'll gain one set of features, but maybe lose others.
You're also adding some extra complexity to your setup, and that may hurt you later.
Suppose you switch to DNS server A, for instance, and six months later that has temporary issues, blocking some of your favorite sites. Will you remember you switched DNS, or think to switch back? If not, you might easily blame your VPN, contact support, and spend an age trying to get them to fix an issue which isn't actually their fault.
There's also a privacy disadvantage, in that if your DNS queries go to another provider, that server could log your browsing history. This is a danger, but if you choose a DNS service which doesn't require an account, it won't know who you are. All the DNS server sees is combined queries from the VPN customers using those IP addresses, so there's little risk to you.
To switch, or not to switch?
If you're looking for the easiest possible VPN life, or you'd like to lock down even the tiniest of VPN privacy holes, then the safest option is to leave any Custom DNS option turned off. The risks might be small, but they're not worth it.
If you have a very specific need to use another DNS server, though, and you understand the consequences and are happy to deal with any extra troubleshooting complications in future, then it could be worth a try. You can often switch servers in a few seconds, so it's easy to create and test a new setup, and switch back later if you're unhappy.
Which alternative DNS provider should I use?
We're assuming in this article that you already know exactly which DNS provider you'd like to use, but if not, there are plenty of options available.
Cloudflare's 1.1.1.1 is best known for its excellent performance. As we write, the benchmark site DNSPerf ranks it third out of 42 providers for speed worldwide. But its 1.1.1.1 for Families service goes further, blocking malicious sites and (optionally) adult content.
OpenDNS is another big name with years of DNS experience. It delivers a reliable service with anti-phishing and optional content filtering, free and with no registration required.
Comodo Secure DNS, as you'll guess from the name, is more focused on security, and there are plenty of others to choose from. Our best free public DNS servers guide has more.
How to use custom DNS on a VPN
Many providers don't offer any way to change your VPN's DNS servers, but there are plenty that do.
NordVPN's Windows app has a 'Custom DNS' option in its Advanced Settings page, for example; ProtonVPN has a 'Custom DNS Servers' option on its Connection tab, and Hide.Me enables entering both IPv4 and IPv6 DNS server IPs on its Settings, Network page.
If you're using another provider, browse the Settings pages, check in areas with titles like Connection, Connectivity, Network or Advanced for anything DNS-related.
The precise steps you'll take vary with each app, but typically there are only two: turn the Custom DNS feature on, then add your preferred DNS server IP addresses in the boxes.
There are usually two IP addresses, a primary and a secondary (Cloudflare uses 1.1.1.1 and 1.0.0.1 for its main service, for instance.) Your DNS provider website should have a setup guide with the details.
Once you've made the change, reconnect to your VPN, visit DNSLeakTest.com and click Extended Test. If you see the custom DNS IP addresses you've just entered, the change has worked. If you don't, there's something wrong. Switch browsers, use the DNSLeak.com website, reboot your device and try again.
Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.