reconnaissance

SecurityTrails Blog · Dec 25 2018 · SecurityTrails team

The Top 5 Best DNS Servers for improving Online Privacy & Security

We recently ran two Twitter polls to ask what you thought the best DNS servers were in terms of online privacy and security.

ISPs (Internet Service Providers) generally offer DNS services to their customers, so when you don’t set up DNS servers on your computer or router, your DNS queries will run on your ISPs DNS servers. Using the default ISP DNS servers can result in certain problems while browsing the Internet:

Issues can happen with DNS requests themselves; most of the time they’re unencrypted and this leaves room for different types of DNS attacks.

We’ve offered tips for preventing DNS attacks, and today we’ll discuss the best DNS servers available, so you can enter 2019 with better cyber hygiene.

Changing your DNS servers is always a good idea, as it:

  • Improves your Internet speed and page load-time
  • Stabilizes your connection
  • Provides greater online security and privacy
  • Removes geo-restrictions

Best DNS servers votes 1

Best DNS servers votes 2

We have created a list of the top 5 Best DNS Servers based on the results of our 2 polls:

5. OpenNIC

OpenNIC is a free DNS server that routes your traffic away from DNS servers provided by your ISP. One unique feature of OpenNIC is that, depending on your location, you are offered different servers. So, once you’ve decided to switch to OpenNIC, they will provide you with the 4 servers closest to your location, both for IPv4 and IPv6.

Another thing that sets OpenNIC apart from the others is that it isn’t a public DNS server per se; it’s a group of volunteers who run an alternate DNS network.

OpenNIC offers DNS neutrality, but you also get the right to choose how much data OpenNIC logs.

One of the privacy issues some users may have is that because everything is run by a group of volunteers, and it isn’t that difficult to set up a Tier 2 server on OpenNIC, the log data may be viewed by anyone. Additionally, some users have reported that the speed of OpenNIC servers isn’t always up to par.

4. Cloudflare DNS

Even though Cloudflare DNS might be the most popular of Internet services with their content delivery network, and now with their public DNS service, but according to the Twitter poll it came in second to last!

Now, we’re talking about improving your online security, so Cloudflare DNS—an anycast service that doesn’t feature anti-phishing, improved security or any content filters—wouldn’t be on the list if it weren’t for a few other aspects in which it excels.

Cloudflare won’t control what you can or can’t visit while online, but your privacy is number one here. They do not log your DNS traffic and it don’t save your IP address. Everything logged by Cloudflare is deleted within the next 24 hours. In the interest of transparency, KPMG is hired by Cloudflare to audit their system and show in public reports that all promises of privacy to their users are being upheld.

Not to mention that Cloudflare has the fastest public DNS servers of all!

So, the benefits of using Cloudflare are:

  • Not logging DNS traffic, no saving of your IP—privacy first
  • Speed—the fastest of all DNS providers
  • Community forum support
  • Easy setup

Primary and secondary DNS servers:

  • 1.1.1.1
  • 1.0.0.1

The DNS resolver also operates through IPv6:

  • 2606:4700:4700::1111
  • 2606:4700:4700::1001

Besides its lack of protective and security measures, another con of Cloudflare is quite ironic—they’re dedicated to the privacy of users, but the DNS query data is shared with APNIC Labs in exchange for using its 1.1.1.1. And while Cloudflare claims that APNIC will not have access to IP addresses of users that make the DNS query data, we can’t seem to forget about Cloudbleed.

3. OpenDNS

Founded in 2005 and owned by Cisco since 2016, OpenDNS is a free, public and cloud-based service that provides DNS servers. It’s one of the most popular, but surprisingly, our Twitter poll showed it in third place.

OpenDNS is a great choice for protecting yourself from malicious attackers. To connect with your nearest DNS server, and for faster page load times, it uses anycast routing.

Other benefits of using OpenDNS are:

  • High speed
  • 100% uptime
  • Phishing sites are blocked
  • Web filtering to block adult content - optional
  • Email support
  • History of your internet activity for the past 12 months
  • Access to specific websites only
  • Easy setup

Preferred and alternate DNS servers are:

  • 208.67.222.123
  • 208.67.220.123

OpenDNS offers three solutions in their Home package, two of which are free—OpenDNS Family Shield and OpenDNS Home. Both are similar to the paid solution; they’re equipped with all the same features except internet activity history and differences in access to specific websites.

Family Shield comes with parental protection by default, whereas Home needs to be configured to block adult content.

The OpenDNS VIP Home solution costs $19.95 per year and, along with the standard features included in the free solutions, it offers entire detailed internet usage statistics for the past year and restrictions on internet access to specific whitelisted domains.

Besides the Home package, OpenDNS has a business solution where it offers protection for 3 devices per person, for 1-5 users.

It’s very easy to set up: All you need to do is reconfigure your device to use OpenDNS nameservers, or you can read their setup guide for setting up all kinds of devices.

As with everything, OpenDNS has its downsides.

Information about your DNS and IP address are both stored by OpenDNS, and web content you visit while using their servers is analyzed so it can deem what content is favored by you.

Logging the DNS traffic it receives might be a huge turn-off for some, but it all depends on what kind of service you need.

2. DNSWatch

DNSWatch is another hugely popular DNS provider that is free to all, and doesn’t offer any paid packages like other providers.

DNSWatch proved itself very popular in our polls as well, and for a good reason. It offers DNS neutrality, just like OpenNIC, meaning it doesn’t censor any content. Privacy is also a huge factor in DNSWatch and it doesn’tt log any DNS queries or record your history.

So the main benefits of DNSWatch are:

  • Free service for all
  • No restricted content
  • No logging of any DNS queries

Now, since they are a privacy-focused provider, and a small company which doesn’t offer any security intelligence analysis, any protection against phishing, malware or attacks will need to be addressed by you. In the end, it somehow comes to choosing between a more open internet without restricted content, or more secure browsing.

Primary and secondary DNS servers:

  • 84.200.69.80
  • 84.200.70.40

1. Quad9 DNS

We have a winner! Quad9 DNS has won two of our polls and takes the crown for a reason.

Quad9 DNS has been active since 2016, and from then it has earned its status as one of the best DNS providers around, for the security and speed it offers its users.

Here you will have all malicious and suspicious domains blocked so your security is ensured. Quad9 even uses security intelligence from 19 companies, one of which is IBM’s X-Force.

Quad9 uses whitelisting methods, including one no longer in use, which pulls from Alexa. Since Alexa lists are not updated regularly (the indexed pages are updated daily, but the rank is not), they use the Majestic Million feed and a “Gold List” of domains such as Microsoft, Google, etc., that are always shown as secure.

Also, the foundational performance of Quad9 is astonishing, with a speed just below Cloudflare’s (which is the fastest) but still higher than its competitors, although some users in particular locations may experience slower speeds.

Quad9 is committed to keeping users’ privacy, but they do keep logs on some activity, which they’ve highlighted:

  • General location (on the metropolitan level)
  • Timestamps
  • Geolocation
  • First seen, last seen
  • Requested domain name and its geolocation
  • Record type
  • Transport protocol and their encryption status
  • Whether it’s IPv4 or IPv6
  • Response code
  • Other (such as their machines that processed the request, etc. )

Primary and secondary DNS servers:

  • 9.9.9.9
  • 149.112.112.112

Conclusion

In conclusion, the most important thing to know is what kind of service you need from a DNS provider. After you’ve decided what’s most important to you in terms of privacy, security and speed, it will be much easier to choose the right one. The DNS services provided by default by your ISP aren’t the safest way to browse the Internet, and you may experience certain content restrictions based on your location, so switching to one of these providers is a worthwhile New Year’s resolution for 2019. Improve your online privacy and security and start the year off right!


To improve your online security even more, SecurityTrails can enrich your IP, domain and company data with our powerful algorithms that do the work for you, so any security investigation can be performed with ease. You can also download our whitepaper to better understand how to identify a company’s digital footprint.