← All Tips/DNS
DNS

Use Quad9 or 1.1.1.1

Default ISP DNS is slow and monitors your traffic. Switch to a secure, private resolver at the router level.

What DNS Is and Why It Matters

Every time you type a website address, your device sends a DNS query to translate the domain name into an IP address. Think of it as the phone book of the internet — you look up "google.com" and get back "142.250.80.46".

By default, your DNS queries go to your ISP's DNS servers. This means your ISP sees a log of every domain you visit — every website, every lookup, every query — even when you're using HTTPS. HTTPS encrypts the content of your traffic; DNS reveals where you're going.

Why ISP DNS Is a Problem

  1. Privacy: Your ISP logs your DNS queries and can sell anonymized (or not-so-anonymized) browsing data to data brokers
  2. Speed: ISP DNS servers are often slower than purpose-built resolver infrastructure
  3. No malware filtering: ISP DNS doesn't block known malicious domains
  4. No DNSSEC validation: Many ISP resolvers don't validate DNSSEC, making DNS poisoning attacks easier

The Alternatives

Quad9 (9.9.9.9)

  • Run by a non-profit (Quad9 Foundation)
  • Blocks DNS queries to known malicious domains (malware, phishing, botnet C2)
  • Supports DNSSEC validation
  • No logging of personal data
  • Best for security-focused users

Cloudflare (1.1.1.1)

  • Fastest public DNS resolver in the world by most benchmarks
  • Privacy-first: doesn't log your IP address
  • Supports DNS-over-HTTPS and DNS-over-TLS
  • 1.1.1.2 = malware blocking, 1.1.1.3 = malware + adult content blocking
  • Best for performance-focused users

Google (8.8.8.8)

  • Fast and reliable
  • No malware blocking
  • Google logs and uses your DNS data (consistent with their business model)
  • Not recommended if privacy matters

How to Switch

On your router (recommended — protects all devices):

  1. Log into your router admin panel (192.168.1.1 or 192.168.0.1)
  2. Find DNS settings (usually under LAN or DHCP settings)
  3. Set Primary DNS: 9.9.9.9 (Quad9) or 1.1.1.1 (Cloudflare)
  4. Set Secondary DNS: 149.112.112.112 (Quad9) or 1.0.0.1 (Cloudflare)
  5. Save and reboot

For encrypted DNS (DNS-over-HTTPS):

  • Firefox: Settings → General → Network Settings → Enable DNS over HTTPS
  • Chrome: Settings → Privacy and Security → Use secure DNS
  • Windows 11: Settings → Network → DNS server assignment → Manual → enable "Preferred DNS encryption"

The Extra Step: DNS-over-HTTPS

Standard DNS queries travel in plain text — anyone between you and the resolver can read them (ISPs, coffee shop routers, nation-state surveillance). DNS-over-HTTPS (DoH) encrypts your DNS queries, hiding them from network observers.

Combine Quad9 with DoH for both security filtering and private queries.

Switch your DNS. It takes five minutes and your ISP stops seeing your browsing history immediately.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.

Speak to a Specialist →
← Previous
The 3-2-1 Backup Rule
Next →
Check the "Lock" Details