Best DNS Servers

Best DNS servers compared

Provider	Primary	Secondary	Speed	Privacy	Features
Cloudflare	1.1.1.1	1.0.0.1	Fastest globally (~11 ms avg)	No query logging; audited annually	DoH, DoT, WARP
Google Public DNS	8.8.8.8	8.8.4.4	Very fast (~20 ms globally)	Queries logged for diagnostics	DoH, DoT, DNSSEC
Quad9	9.9.9.9	149.112.112.112	Fast (~20 ms globally)	No logging; Swiss-based	Malware blocking, DoH, DoT
OpenDNS	208.67.222.222	208.67.220.220	Fast (~25 ms globally)	Queries logged (Cisco owned)	Content filtering, phishing blocks
NextDNS	Varies (custom)	—	Fast (~15–25 ms)	Optional logging; configurable	Ad blocking, custom blocklists, analytics
Your ISP's default	DHCP-assigned	—	Often 30–80 ms	Queries logged; often sold	None

Which DNS server is fastest for you?

DNS latency is highly dependent on geographic location relative to the server. Cloudflare's anycast infrastructure means 1.1.1.1 is geographically near most users, which is why it's the fastest globally on average. However, in some regions or ISP configurations, a different provider may have lower latency for you specifically.

To find the fastest DNS server for your specific location, use the DNS test tool to measure your current resolver's response time. You can then change to a different resolver and retest to compare.

DNS for privacy

Your ISP's default DNS server sees every domain you look up — a complete log of every website and service you connect to. Many ISPs retain this data and sell anonymised versions to advertisers. Switching to a privacy-respecting resolver like Cloudflare 1.1.1.1 (which explicitly does not log queries beyond 24 hours for operational purposes, and undergoes independent audits) or Quad9 (which does not log at all) removes this data trail from your ISP.

For maximum DNS privacy, use DNS over HTTPS (DoH) or DNS over TLS (DoT), which encrypts your queries in transit so your ISP cannot see which domains you're resolving even if you're using a third-party resolver. How DNS works and the difference DoH makes →

DNS with malware and ad blocking

Quad9 — malware blocking

Quad9 (9.9.9.9) automatically blocks queries to domains known to serve malware, ransomware, and phishing pages. The blocklist is maintained by IBM X-Force, Proofpoint, and other threat intelligence providers. This is DNS-level blocking — it works across all devices and all browsers without any browser extension, and operates even on devices where you can't install software (smart TVs, IoT devices).

NextDNS — customisable

NextDNS provides a configurable DNS resolver where you can choose from multiple ad blocking and malware blocklists, set per-device policies, enable parental controls, and view analytics on blocked queries. It has a free tier (300,000 queries/month) and paid plans for unlimited use. The setup requires creating an account and using a custom DNS address.

Cloudflare 1.1.1.3 — family filtering

Cloudflare operates 1.1.1.3 as a family-safe DNS server that blocks malware and adult content. It's a zero-configuration option — simply set your DNS to 1.1.1.3 and 1.0.0.3 to enable filtering without any account required.

How to change your DNS server

At the router (affects all devices)

Log into your router admin panel (192.168.1.1 or 192.168.0.1). Find the DHCP or DNS settings. Enter your preferred primary and secondary DNS server addresses. Save and restart the router. All devices on your network will use the new DNS server when their DHCP leases renew.

On Windows

Settings → Network & Internet → Change adapter options → Right-click your adapter → Properties → Internet Protocol Version 4 (TCP/IPv4) → Properties → Use the following DNS server addresses.

On macOS

System Settings → Network → Select your connection → DNS tab → Add DNS addresses with the + button.

In a browser (DoH only)

Chrome: Settings → Privacy and security → Security → Use secure DNS. Firefox: Settings → Network Settings → Enable DNS over HTTPS. This overrides DNS for that browser only.