The Domain Name System (DNS) is used to translate the easy-to-understand and remember web addresses that we are familiar with, to their “true” numerical IP addresses that computers understand: for example translating the domain name proprivacy.com to its IP(v4) address of 18.104.22.168.
This DNS translation process is usually performed by your ISP, but when using a VPN, all DNS requests should be sent through your encrypted VPN tunnel, to be handled by your VPN provider instead.
There are a number of reasons why you might want, or need, to change your DNS settings (that is, change the default DNS server used by your Operating System to handle DNS requests). These include:
- To improve privacy by preventing your ISP from handling DNS requests. This can happen even when using a VPN (this is known as a DNS leak). Changing your DNS settings to a third party provider is therefore a good safety precaution
- To use a SmartDNS service
- To fix internet connection issues – in relation to VPN, when a VPN connection suddenly drops for some reason, it is common for the DNS settings to remain pointing at the VPN provider’s DNS server. To reconnect to the internet (including to reconnect the VPN!) it is sometimes necessary to change the DNS settings back to using a third party server)
- To evade censorship – changing DNS settings can effective at evading DNS level censorship / DNS poisoning by ISPs.
Fortunately, changing your DNS settings is pretty easy…
Back up your DNS settings
Before changing your DNS settings, it might be an idea to note down your existing settings and store them somewhere safe, so you can easily reset them should you need to. I can’t actually think of a reason why you might need to do this, but it is probably a sensible precaution anyway.
What settings should I use?
If you are changing your DNS settings to something in particular, then you should already know the settings you require (for example a SmartDNS provider will tell you the settings you need in order to muse its service).
If you are changing DNS settings for a more general reason, then you can use a public DNS server such as those run by Google Public DNS, Open DNS or Comodo Secure DNS. Google DNS, in particular, can be useful for quick-and-dirty solutions, as its settings (DNS server addresses) are very easy to remember (22.214.171.124 and 126.96.36.199).
Google, however, is Google. And it will spy on your DNS requests in order to track what you get up to on the internet in order to target you with ads.
Graffiti in Istanbul encouraging the use of Google Public DNS as an anti-censorship tactic during the government’s 2014 crackdown on Twitter and YouTube
If you are at all interested in privacy, then a much better option to Google and the other US-based commercial providers listed above is OpenNIC. This is a non-profit, decentralized, open, uncensored and democratic DNS provider. Designed to take back power from governments and corporations, OpenNIC is run by volunteers, and provides a completely unfiltered DNS resolution service, with DNS servers located all across the world.
For more information about OpenNIC, please see here.
In this article we will use example DNS settings provided by OpenNIC. As I am connected to a VPN when visiting its website, the suggested settings are based on the IP address of my VPN server, which suits my privacy agenda just fine
- (Optional) Disable IPv6
iOS (iPhones and iPads)
In iOS you can change the DNS settings for specific WiFi networks (such as your home network), but this will have be to setup for each network you connect to. As far as I know, it is not possible to change the DNS settings for mobile networks.
On unrooted Android devices you can change the DNS settings for specific WiFi networks (such as your home network), but this will have to be set up for each network you connect to. There is no way to change DNS settings for mobile (3G and 4G) networks.
Users of rooted devices can download a number of apps such as DNSet Pro (a free version is also available, which is limited to Google Public DNS servers), which can dynamically change DNS settings across both WiFi and mobile networks.
Note that some “no root” DNS changer apps also exist. These work by creating a local VPN on your device (not an external VPN), and might be useful for evading DNS-based censorship, but will conflict with a regular VPN.
Below are instructions for changing the DNS settings for WiFi networks on unrooted devices. Note that Android devices run many different versions of the OS, and many are heavily skinned. Details may therefore differ slightly on your device.
You can change the DNS settings of any router using its web interface. This is usually pretty intuitive, so for example purposes I will show you how to change the DNS settings of a DD-WRT router.
You can change the DNS settings for just about every internet capable device, including smart TV’s, games consoles, streaming devices and IoT gizmos. Although this guide is intended to be “complete”, I think it fair to say that there are far too many such devices to cover here.
What SSL is to HTTP traffic (turning it into encrypted HTTPS traffic), DNSCrypt is to DNS traffic. Unfortunately, DNS was not built with security in mind, and it is vulnerable to a number of attacks, the most important of which is a “man-in-the-middle” attack known as DNS spoofing (or DNS cache poisoning), where the attacker intercepts and redirects a DNS request.
This could, for example, be used to redirect a legitimate request for a banking service to a “spoof” website designed to collect the account details and passwords for unsuspecting victims. The open source DNSCrypt protocol solves this problem by encrypting your DNS requests, and authenticating communications between your device and the DNS server.
DNSCrypt is available for most platforms (mobile devices must be rooted/jailbroken), but does require support from your chosen DNS server.
Note that DNSCrypt is not required if using a VPN, as all DNS requests should be sent through the encrypted VPN tunnel direct to your VPN provider’s DNS servers.
DNS Jumper (Windows)
Changing DNS settings regularly can be something of a pain (especially in Windows). Luckily, there’s an app for that! DNS Jumper is a lightweight utility (with no installation required) that makes changing your DNS settings a doddle.
You can select from an extensive list of DNS providers, or specify custom servers