If your Internet connection is slow, it almost always helps if you optimize your DNS. But there’s more to the best public DNS than just speed. I’ll tell you how to find the fastest DNS, but using a DNS that offers improved security gives your computer protection beyond what your antivirus and firewall provide.
Sometimes it’s enough, and it’s definitely cheaper than buying a new router. Even if you do get a new router, using fast DNS helps. Here’s how to find the best public DNS to use, to improve your speed and your security.
Normally DNS isn’t anything we think about. And you probably shouldn’t, unless your job happens to be maintaining one, like mine once was.
You might be surprised to hear this, but there’s an entire Internet subculture around DNS. But don’t worry. You don’t have to become a DNS snob. You can make the change and forget about it, which is what I recommend you do in most cases.
The best public DNS as of 2018
I use the unheralded 22.214.171.124 and 126.96.36.199 as my public DNS. It’s faster than any ISP’s DNS in my testing, which is good, but it blocks more malware, phishing, and other nastiness than even 188.8.131.52 and 184.108.40.206, which are the ones most security professionals laud. You can read more about the malware testing here. If you want content filtering beyond security, here are some options that offer that as well.
If you just want speed, or if you want to know how to test Clean Browsing’s servers against other options, keep reading. But for now at least, the best overall public DNS I’ve found is the 220.127.116.11/18.104.22.168 pair, or another one of Clean Browsing’s options.
Clean Browsing improves security because most malware and phishing has to pull additional content down from the Internet to function. Clean Browsing blocks known-bad domains, which keeps most malware and phishing from being able to operate properly. If it can’t phone home, that greatly limits how much it can harm your computer.
What is DNS?
DNS is the Internet’s phone book. The number 22.214.171.124 is meaningless to you. Google.com is meaningless to your computer. The faster your computer can translate names like google-public-dns-b.google.com into addresses like 126.96.36.199, the fewer delays you see when you load web pages.
Whoever sells you an Internet connection provides you with DNS as part of the service, but some companies are better at it than others. That’s why Google got into the business. Google even provides a nice instruction page on changing your DNS settings.
But should you switch to Google Public DNS?
Not necessarily. In my case, when I tested, Google’s servers aren’t as fast as AT&T’s. Shocking.
OpenDNS’s servers, which have a reputation for being lightning fast, were even slower. So were Level 3’s servers (188.8.131.52 and 184.108.40.206), which is another very popular choice. You wouldn’t believe how many flames I get for daring to suggest you might want to use something other than Level 3’s servers.
Why the best public DNS can vary
The fastest server for you may not be the fastest one for your neighbor, especially if you have different Internet providers. Think of two people, starting from different streets in the same zip code, trying to drive to the same McDonald’s location. Depending on traffic, stoplights, street layout, and even whether the turn into the parking lot is a right or left turn, one might be able to get there significantly faster than the other.
The Internet doesn’t have any perfect analogues to left and right turns, but it definitely has the equivalents of two-lane roads versus 8-lane highways. It has speed limits too, and no realistic way to break them either.
The most important thing to remember is that Google searches for “fast DNS server” are pretty meaningless if the only thing the page you land on says to do is change your settings to 220.127.116.11 or something like that. 18.104.22.168 could be terribly slow for you.
This is why I don’t have a lot of patience for DNS snobs. The server they don’t like might be fast at your house. There is no universal fastest DNS server in the world. Or the compromises that DNS they don’t like decides to make might not affect you at all.
The right way to optimize your DNS
To find the best DNS for you, download Steve Gibson’s DNS benchmark. It will pound a few DNS servers mercilessly, figure out the fastest ones, and give you recommendations. Just download and run it, click on the Nameservers tab, click Run Benchmark, then when it finishes, click on the Conclusions tab. If it finds faster servers than what you’re using, change them following Google’s instruction page, just using whatever Gibson’s benchmark says is the fastest.
It may take 30 minutes for the test to finish, but in the end, the results are worth it.
If you’re the type who enjoys tweaking, you might re-run the test every so often. Most people will probably just set it up and forget about it. Which should be just fine, until or unless you change Internet providers. If you ever do change Internet providers, simply run the test again and adjust.
Gibson’s tool will also give you warnings about any particular DNS it finds. Some DNS servers will redirect invalid results, for example. That can be bad. But one server, 22.214.171.124, redirects results known to be hosting malware. That’s not so bad at all. It’s taking something that’s normally bad and using it for something that can be really good.
I’m not a fan of everything Steve Gibson does or says, but I do like his DNS tool. Gibson can be controversial because he tends to be outspoken and opinionated, and sometimes tends to talk about things where he doesn’t have firsthand experience. But he does have the background to write a good benchmarking tool.
Changing your DNS after you find a good one
To change your DNS in Windows 10, right click on the network icon in your system tray and select Open Network and Internet Settings. Click Change Adapter Options and double-click on your network interface. Click Properties, then click on Internet Protocol Version 4 and click Properties. Select Use the following DNS server addresses and type in the two best overall addresses Gibson’s tool found for you.
Gibson’s tool doesn’t run on a Mac but you can run the tool on a Windows machine on the same network and use its conclusions. On a Mac, click the Wifi icon at the top of your screen then select Open Network Preferences. Click Advanced, then click DNS. Click + and then enter the first DNS address you want. Click + again and enter a second, and a third if you wish.
Some tips for more speed
If you like tweaking, you’ll want to know about TCP Optimizer, another tool that can help you test various arcane network settings to get higher performance and make it easy.
These don’t have anything to do with DNS, but here’s how to size your Internet connection. If you want a faster web browser, check out Speedyfox, which also works with Chrome. It makes Firefox and Chrome launch faster, consume less memory and render faster. It works by optimizing the browsers’ databases. If you use Firefox, I have a few Firefox-specific speedup tips.
I also have a long, in-depth guide on optimizing Windows 10.