Choosing a DNS Server

The Domain Name System (DNS) protocol was built for incredible speed, as we couldn’t possibly remember the IPv4 addresses of the websites we visit — not to mention their IPv6 addresses. However, therefore security was sacraficed — this means, the DNS protocol is entirely unencrypted and susceptible to all sorts of attacks, like MITM attacks and spoofing. In order to solve the security issue, DNSCrypt and DNS over HTTPS have been created, however, they can’t be used without custom client software.

Furthermore, by default, you’re using a DNS server managed by your ISP, who might censor and almost certainly log, so it’s recommended you change your DNS server.


In order to solve the security issue of DNS, DNSCrypt was born. The DNSCrypt project is entirely open-source and the protocol specification is publicly available. However, in order to use DNSCrypt you need custom client software.


OpenNIC is an open and democratic alternative DNS root, which also resolves custom TLDs like .bit, .lib, .coin, .chan, .libre, .o, .priate, .geek, and many more.

It’s not recommended that you use the above listed IPs, but rather find the DNS server closest to you on their website.

On April Fool’s day 2018, the US-based company Cloudflare released, with an accompanying DNS over HTTPS (DoH) endpoint, as a partial April Fool’s joke, claiming it’s “Privacy First.”

If you want to benefit from the security of DNS over HTTPS (DoH), you can set up custom client software, like the doh-proxy by Facebook.

Google Public DNS

The Google Public DNS permanently logs your ISP and location information for analysis. Additionally, your IP address is also stored for 24 hours. Furthermore, Google is a US-based company.