When you type 'pcmag.com' in the address bar, it’s no surprise that the browser quickly displays PCMag’s latest articles and reviews. But getting from your request to the page you seek isn’t as simple as it might seem. The server handling the request isn’t called pcmag.com. Rather, it’s identifiable by a daunting numeric address. To bridge that communication gap, the Domain Name System, or DNS, translates the domain name you typed into a numeric IP address. That IP address identifies the desired web server, which serves up the page you requested. Understanding DNS can help you protect your online security and privacy and even speed up your web surfing. Here's how to change your DNS server and why it might be a good idea.

What Do DNS Servers Do?

The numbers responsible for routing your internet requests are called IP addresses. For ages, the internet got by with IP addresses in the form 104.16.20.118, where each of the four numbers can run from 0 to 255. That’s around four billion possible addresses, which seems like a lot, but it wasn’t enough. The modern IPv6 system uses longer numbers. And by that, I mean much longer. Here's a sample IPv6 address: 2606:4700:0000:0000:0000:0000:6810:1576. To be fair, you can typically shorten that to 2606:4700::6810:1576. And yes, that number corresponds to pcmag.com.

Again, the servers only speak numbers, but people want to use sensible domain names like girlgeniusonline.com or zombo.com. To resolve this impasse, the Domain Name System handles the translation of friendly domain names to numeric IP addresses.

Your home network typically relies on a DNS Server from your ISP. After your browser sends the server a domain name, the server goes through a moderately complex interaction with other servers to return the corresponding IP address, thoroughly vetted and verified. If it's a much-used domain, the DNS Server may have that information cached for speedier access. Now that the interaction is down to numbers, the machines can handle the pages you want to see.

Why Should You Change Your DNS Servers?

As you can see, the Domain Name System is essential to all your internet activities. Any problems with the system can have cascading effects on your experience.

For starters, if the ISP-supplied DNS servers are slow or not properly configured for caching, they can effectively slow your connection. This is especially true when you load a page that draws content from many different domains, such as advertisers and affiliates. Switching to DNS servers optimized for efficiency can speed up your surfing, whether in a home or business setting.

Speaking of a business setting, some companies offer DNS services with business-friendly add-ons. For example, they can filter out malicious domains at the DNS level so the pages never reach an employee's browser. They may also filter out porn sites and other work-inappropriate domains. Similarly, DNS-based parental control systems help parents control children's access to age-inappropriate content on every device. However, they admittedly lack the fine control of locally installed parental control software.

I mentioned that DNS servers typically cache popular requests so they can respond quickly without having to query other components of the Domain Name System. Your PC or Mac also has a local DNS cache, and if the cache gets screwed up, you can have trouble visiting certain sites. This is a simple problem that doesn't require switching DNS servers. All you need to do is flush your local DNS cache.

Unless you use a VPN (virtual private network), your ISP's DNS servers see every domain you request. You really can't keep that information from them. If you want something from the internet, you have to tell someone what you want. Your ISP knows where you go on the web and probably doesn't care.

However, some ISPs have found a way to monetize their DNS service. When you hit an erroneous domain, one that has no actual IP address, your ISP may divert your browser to a search and advertising page preloaded with a search phrase derived from the domain name you tried to visit. For example, the image below shows the results of trying to visit the non-existent funnydogepiktures.com through such an ISP.

(Credit: AT&T/PCMag)

This might seem like a nonissue. What does it matter if the ISP displays ads? But privacy-wise, it's significant. You started with a private back-and-forth between your browser and the DNS server. The ISP broke that bubble of privacy by sending a version of your request to a search engine, which winds up in your search history. Some people worry about search privacy, which is why no-history search sites like DuckDuckGo and StartPage exist.

Can the DNS System Be Abused?

You're probably familiar with the concept of phishing. Nefarious webmasters set up a fraudulent website that looks exactly like PayPal, your bank, or even a gaming or dating site. They disseminate links that rope in victims to the fake site using spam, malicious adverts, or other techniques. Any hapless netizen who logs in without noticing their chicanery gives valuable login credentials to the fraudsters. The smartest phonies use those credentials to log you into the real site so you don't realize anything untoward has happened.

The one thing that gives these frauds away is the address bar. Keeping a sharp eye on the address bar is one way to avoid phishing scams. Some are egregious, like a page that purports to be, say, LinkedIn but has a totally unrelated domain, such as bestastroukusa.com. Others work harder to fool you, with slightly-off names like microsfot.com and pyapal.com, or extremely lengthy URLs that conceal the actual domain. But no matter how they try, they can't fool an eagle-eyed web surfer.

(Credit: PayPal/PCMag)

That's where cache poisoning comes in. In this attack, malefactors infiltrate incorrect information into the Domain Name System, typically by manipulating the cache. The user types a valid domain name, the poisoned DNS system returns the IP address for a fraudulent site, and the Address Bar shows the valid name. Unless the miscreants did a poor job imitating the target site, there's no visible clue to their chicanery.

A similar attack called DNS hijacking happens on your local computer. Malware running on the system reaches into the TCP/IP settings and simply switches you to a DNS server controlled by hackers. Of course, this only works if the malware in question can get past your antivirus.

What's the Best Replacement DNS Server?

DNS attacks and problems occur when DNS isn't top of mind for your ISP. Getting away from these problems can be as simple as switching to a service that prioritizes DNS security and privacy.

Google Public DNS has been available since 2009, with the easy-to-remember IP addresses 8.8.8.8 and 8.8.4.4. Google promises a secure DNS connection that is hardened against attacks and offers speed benefits.

Recommended by Our Editors

Thousands of Scam FIFA Sites Emerge To Target World Cup Fans

From Pentagon Concerns to Street-Level Phone Theft: Digital Tracking Is Everyone's Problem Now

Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar

Founded in 2005, OpenDNS has offered secure DNS even longer than Google. It doesn't have memorable IP addresses like Google's but does offer a variety of services. In addition to DNS servers focusing on privacy and security, it offers what it calls FamilyShield servers, which filter out inappropriate content. The company also offers a premium parental control system that gives parents more granular control over filtering. Its parent company, Cisco, supplies enterprises with Cisco Umbrella, which includes security and DNS services for businesses.

Cloudflare may be the biggest internet company you've never heard of. With a sprawling, worldwide collection of servers, it provides businesses with internet security and protection against Distributed Denial of Service attacks, among other services. Starting in 2018, Cloudflare made secure DNS available at the very memorable IP addresses of 1.1.1.1 and 1.0.0.1. The company also offers a free desktop and mobile app, cleverly named 1.1.1.1, which automates using secure DNS and provides related privacy protection features.

There are other free, public, security-centric DNS services, but you won't go wrong with one of these three big ones.

How Do You Change Your Router's DNS Server?

I have good news and bad news about switching your router to a fast, secure DNS server. The good news is that if you make the change in your router settings, it affects every connected device. Apart from computers and smartphones, that means video doorbells, smart baby monitors, and even internet-connected light bulbs. The bad news is that the precise technique for changing your router's DNS settings differs for every router.

To get started, search the web by appending "change DNS" to the make and model of your router. If you're lucky, you'll find a clear set of instructions. Navigate to the desired setting and enter the primary and alternate DNS addresses for your chosen service. You may need to restart the router for the change to take effect.

If your router is an all-in-one handling internet and TV signals, and possibly phone, you may not have the necessary access to make this change. These high-end multi-function devices don’t make it easy to directly access settings, and even when they do, they may not allow you to switch to another DNS server. A true network expert could install a standard router upstream from the all-in-one and thereby take greater control over the network, but most of us aren’t true network experts.

Configuring your router for fast, secure DNS protects all the devices on your home network. However, you almost certainly have some devices that don't stay on the home network. When your laptop or smartphone connects to the free Wi-Fi at that sleazy internet café, you also use whatever DNS server the owner chose as the default. Who needs cache poisoning when you have total DNS control? That's why you should change your laptops' and mobile devices' local DNS settings. Just how you do that varies by platform.

How to Change Your DNS Server on Windows

The process differs slightly for Windows 10 and 11.

Windows 10

(Credit: Microsoft/PCMag)

1. Press Windows key + I to open Settings
2. Click Network & Internet
3. Click Change adapter options
4. Right-click your internet connection and choose Properties
5. Select Internet Protocol Version 4 and click the Properties button
6. Click Use the following DNS server addresses
7. Enter the two addresses for your chosen DNS service
8. Click OK
9. Repeat the process for Internet Protocol Version 6

Yes, that's quite a few steps, but you can do it! Note that the IPv6 addresses aren't easy to remember like the IPv4 ones. For example, Google's 8.8.8.8 becomes 2001:4860:4860::8888.

Windows 11

Windows 11 is much like Windows 10...except when it isn't. To be fair, the dialog boxes where you make those changes in Windows 10 haven't changed for decades. Here's what you do in Windows 11:

(Credit: Microsoft/PCMag)

1. Press Windows key + I to open Settings
2. Click Network & Internet
3. Scroll down and click Advanced Network Settings
4. Find your connection and click the down-chevron to the right
5. Click View additional properties
6. Find the DNS server assignment panel and click its Edit button
7. Switch from Automatic to Manual
8. Switch both IPv4 and IPv6 to On
9. Enter the new DNS addresses for IPv4 and IPv6
10. Click Save

Each address has a switch to enable DNS over HTTPS (DoH). Leave those turned off for now since the technology isn't yet widespread.

How to Change Your DNS Server on macOS

(Credit: Apple/PCMag)

1. Select System Settings from the Apple menu
2. Select Network
3. Click Wi-Fi
4. Click the Details button next to your Wi-Fi connection
5. Click the DNS tab
6. Use the plus-sign button to add both IPv4 and IPv6 DNS addresses
7. Use the minus-sign button to remove any existing addresses
8. Click OK

You should be especially careful when entering the DNS addresses since macOS doesn't seem to check them for validity. Under Windows, a misplaced colon gets you a slap on the wrist. In macOS, by observation, you can enter just about anything.

How to Change Your DNS Server on Android

Whereas ancient versions of Android made setting your DNS servers quite difficult, it’s easy in modern versions. Well, almost.

(Credit: Google/PCMag)

1. Tap Settings
2. Choose Network & Internet
3. Tap Advanced
4. Tap Private DNS
5. Tap Private DNS provider hostname
6. Fill in the desired hostname
7. Tap Save

That next-to-last step is the reason I said it’s almost easy. Android doesn’t let you enter an easy IP address like 1.1.1.1 or 8.8.8.8. Instead, you must enter the corresponding hostname. For Google Public DNS, that’s not too bad—it's dns.google. But for CloudFlare, you’ll have to type 1dot1dot1dot1.cloudflare-dns.com.

How to Change Your DNS Server on iOS and iPadOS

Security-related activities are often tougher to accomplish on iOS than Android because the former locks down settings that other platforms leave open. Fortunately, switching your DNS servers in iOS or iPadOS isn't difficult.

(Credit: Apple/PCMag)

1. Tap Settings
2. Tap Wi-Fi
3. Tap the blue circled “i” next to your active Wi-Fi network
4. Scroll down and tap Configure DNS
5. Tap Manual
6. Use the green + button to add your desired servers
7. Use the red – button to remove any leftover servers

Unfortunately, these settings are linked to your current Wi-Fi network. They’ll stick with it unless you tell your device to forget the network. But if you connect with Wi-Fi in an airport or internet café, you have to do the DNS configuration all over again.

Your DNS Server Is More Important Than You Think

You never see them in action, but the internet just wouldn’t work without DNS servers. They translate human-friendly domain names into machine-friendly IP addresses. Right now, chances are good you’re using a DNS server that your ISP supplied, a server whose provenance is unknown and owned by an entity that likely doesn’t value your privacy. Switching to a third-party DNS service can both speed up your internet activity and protect against tricky DNS-based attacks. Give it a try!