Doman Name System (DNS) servers function behind the scenes while we work and play on the Internet. By pairing together the site name you type in, or link to, and the public IP address for that destination, they help make it easy to navigate the Internet. So, for example, when you type in hotmail.com, the DNS server associated with your connection will point your computer or device to the IP address 220.127.116.11.
Seems pretty straightforward. You may be wondering why are there public and free DNS servers when a service provider is already doing the job? This article will go through the possible reasons for changing your DNS provider. Also, we will look at some of the most popular public and free DNS available in 2019.
Why Use a Public DNS?
For most people, their Internet Service Provider (ISP) provides adequate DNS services. However, many prefer the features available from public and free DNS providers. Here are some of the most popular reasons for switching.
Those who seek improved response times online may find a public DNS service preferable to the ones provided by their ISP. Often this is a result of ISP’s that treat DNS as an afterthought.
ISP’s focus so much of their energy and resources on overall bandwidth and coverage. They do not always allocate the resources necessary to match the usage of subscribers on their servers. Alternatively, most organizations that specialize in providing DNS are good at scaling their services to match the activity of their subscribers.
While not precise, there is a way to check the response of your ISP’s DNS server and a publicly available DNS server. From a command prompt, type in:
ping *IP of the server you want to test*
Here is what you might see if you ping Google’s public DNS address.
ping 18.104.22.168 Pinging 22.214.171.124 with 32 bytes of data: Reply from 126.96.36.199: bytes=32 time=14ms TTL=121 Reply from 188.8.131.52: bytes=32 time=13ms TTL=121 Reply from 184.108.40.206: bytes=32 time=13ms TTL=121 Reply from 220.127.116.11: bytes=32 time=12ms TTL=121
Ping statistics for 18.104.22.168: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 14ms, Average = 13ms
Compare the time= measurement between your ISP’s DNS servers and the public DNS server you are interested in, and you will have a general idea of which will be quicker.
A marketing tool for many public DNS providers is that they offer options for parents concerned about where their kids may be going to on the Internet. As you will see in the list below, several of the top providers offer free DNS services and pay service options that include parental controls.
Many of the public and free DNS services subscribe to list providers that manage a global database of known malicious sites and IP addresses. Inclusion on these lists means the site’s address will not be resolved.
It is important to note that these lists change daily. People who create and distribute malicious software do not advertise that they will be doing this. They are almost always placed on a list after they have inflicted damaged on computers or mobile devices. Security screening is a beneficial feature, but should not replace other programs you use to protect your information.
Improved Time to Update Records
For most people, the updating of DNS records is something they do not ever pay attention to. If a website move to a new host or access provider, the transition is transparent and runs in the background. But for many people, particularly website and application developers, any improved speed in the updating of DNS records is helpful. Most public DNS servers are faster at updating then some ISPs. This is not always the case, but if you have an interest in taking advantage of faster update times, you will want to take advantage of this as a potential feature of a public DNS service.
Popular Public and Free DNS Servers
Primary DNS IP: 22.214.171.124
Secondary DNS IP: 126.96.36.199
Google offers both free public DNS access for name resolution and a paid product for organizations called Cloud DNS. Their free public product is widely used by individuals and businesses. Many companies with internal networks will configure an internal DNS server, that includes resolution of private corporate resources, and the free Google DNS as a second or third DNS server option.
Google promotes the speed and security benefits of their service as well as not redirecting your session when you resolve to their servers. If a server is not available, Google returns an error. They will not redirect you to an ad page or any other page that attempts to present information to you that you did not request.
Google offers support forums, the ability to submit trouble tickets and a number of non-Google created videos to guide you through using and testing their service.
Primary DNS IP: 188.8.131.52
Secondary DNS IP: 184.108.40.206
Verisign has long been at the forefront of Internet domain registration, security and providing DNS services for well over 150 million domain names. There are 13 Internet authoritative name servers that provide the backbone of domain name management. These servers communicate all changes to DNS records root servers globally. Verisign manages two of the 13 authoritative name servers.
Verisign places a heavy emphasis on their experience and stability when marketing to prospective customers. They also do not share public DNS data with third parties and do not redirect customers to ads.
One of the benefits Verisign offers to anyone, not just users of their DNS services, is the ability to flush the public DNS cache. What this means is that if you are responsible for making changes to DNS records, you can submit a site for Verisign to check. If your changes are there they will flush the DNS cache and the changes will be reflected across much of the Internet much sooner than if the check was not made. Verisign can do this because they have direct access to one of the 13 authoritative name servers.
This demonstrates for both the person who manages domains and those who want accurate and reliable DNS servers that Verisign is one of the main players in the maintenance of millions of DNS records publicly available.
Primary DNS IP: 220.127.116.11
Secondary DNS IP: 18.104.22.168
Primary DNS IP: 22.214.171.124
Secondary DNS IP: 126.96.36.199
If you simply add the OpenDNS IP addresses to your computer or device, you will get basic name resolution services with no content filtering. If you want to add free content filtering, you will need to establish an account.
Establishing an account giver you access to 50 filtering categories. This is ideal for the person or family that wants to choose which sites to block or limit access to. Those that prefer the set-it-and-forget-it method may want to consider the free OpenDNS Family Shield option.
OpenDNS Family Shield is pre-configured using lists maintained by Cisco. Sites that are inappropriate for children are blocked. You do not have to register for this service. Parents can setup their children’s computers, phones and tablets to use this service and use another service for their own devices.
OpenDNS is very popular in schools which is due to the quality of the service and the market share Cisco has for their hardware in schools and government. It is easy to setup, manage and there is a great deal of support material online. Cisco offers email support to any OpenDNS customer.
Primary DNS IP: 188.8.131.52
Secondary DNS IP: 184.108.40.206
In a world of older, more established Internet behemoths like Google, Cisco and Verisign, it is sometimes difficult to stand out from the crowd. Cloudflare has succeeded by focusing on mobile customers and promoting their superior speed.
Cloudflare offers an app for iOS and Android that makes it easy to change the DNS settings on your mobile device.
They also promote a number of security features to users of the app. They track data but do not write any user-identifiable log data. They also will not sell your data or attempt to send you targeted ads.
Primary DNS IP: 220.127.116.11
Secondary DNS IP: 18.104.22.168
Quad9 is a free DNS service that provides a list scan service. They work with 19 threat intelligence partners who provide them current information on potentially malicious sites. If a user attempts to access a site that is on that list, they will be prevented from doing so. This is a service for someone who wants to have the added layer of protection such a list can offer, without content filtering that is based on the subject matter.
One of the interesting aspects of Quad9 is that they operate as a 501(c)(3) nonprofit organization. Their mission is to provide free, open and private Internet to everyone.
Primary DNS IP: 22.214.171.124
Secondary DNS IP: 126.96.36.199
Adult Filter DNS IP: 188.8.131.52
Family Filter DNS IP: 184.108.40.206
CleanBrowsing offers three DNS servers that provide content filtering as well as domain name resolution.
Security Filter blocks malicious domains that have been flagged for potential malware and phishing distribution.
Adult Filter blocks adult domains and sets search engines to safe mode. It also contains the features of the Security Filter.
Family Filter blocks proxies, VPNs and mixed adult content. It will set YouTube to safe mode and contains the features in the Adult Filter.
In addition to these free services, CleanBrowsing offers several pay packages which allow you choose additional sites to block, such as gambling or torrent sites.
Primary DNS IP: 220.127.116.11
Secondary DNS IP: 18.104.22.168
If you are tired of all the ads that bombard your Internet sessions, you may want to consider AdGuard as your DNS provider. Their service will block ads from being passed along with website content.
AdGuard offers a family protection mode that blocks not only ads, but adult content. It also enforces safe search features for searches in the browser.
AdGuard DNS is a free service that claims to block ads, malicious sites and adult content. The advanced features are part of a paid monthly or lifetime subscription program.
Primary DNS IP: 22.214.171.124
Secondary DNS IP: 126.96.36.199
Another ad blocking DNS service is Alternate DNS. They match your domain requests with their database of known ad servers and will block only the data coming from those sites. They also maintain a list of sites that are known to spread malware or originate phishing attempts.
Alternate DNS is currently working on a Family Premium DNS service that will allow parents to restrict access to devices. They do not have a launch date yet for this product.
OpenNIC is unique in many ways. First, the project consists of a series of servers that are provided and maintained by volunteers. When you visit their website you are presented with a list of the servers closest to your location. This helps in overall domain name resolution since your requests do not have to go through as many hops as other services.
OpenNIC is a non profit organization and focused on providing a free and open Internet. Their belief is that corporations and individuals should not be able to block access to websites. They consider themselves to be an alternative to traditional DNS.
It is important to note that since the servers on this network are operated by volunteers, there is a chance that some servers may be unavailable at times or even removed from the service. If you add several of the servers and regularly test them, or check the OpenNIC website, you should be fine.