I’ve advocated using something other than your ISP’s DNS for years. There’s little if any downside to doing so, and tons of upside. My current favorite third-party DNS is Cleanbrowsing.org because it does so much to improve performance and security. Here’s my Cleanbrowsing.org review.
First things first: Don’t worry about how much Cleanbrowsing.org costs. It has useful tiers available as a free service, even though it’s tremendously valuable.
What Cleanbrowsing.org is
Cleanbrowsing.org is a content filter at the DNS level. What on earth does that mean?
DNS is the Internet’s phone book. It translates human-readable names like Amazon.com or Dell.com into 32-bit numeric addresses. That way you don’t have to remember or bookmark addresses like 126.96.36.199 every time you want to read your local newspaper or buy model train parts. That makes the Internet far easier to use.
This also makes the Internet easy to filter. Way back in 1999, I wrote a whole book chapter telling people how they could block certain web sites by editing a file on their computer to block DNS from resolving their names. It worked, but it was incredibly clunky and unwieldy. It’s not practical to do on your own and it’s really easy to break stuff, including, ironically, my own web page. The problem was, in 1999 I could explain in two sentences what to block, and the Internet is a lot more complicated now. I still get complaints from time to time from people who followed this advice and wanting me to update it.
Here’s my updated advice. Quit messing with your hosts files and use Cleanbrowsing.org.
Cleanbrowsing.org does that work for you. It blocks different types of content, and all you have to do is change the DNS servers in your network configuration. The only tricky part is remembering to change your DNS settings in both IPv4 and IPv6 if your device supports IPv6. You don’t have to edit any files, and more importantly, you don’t have to maintain them. If something important breaks, chances are someone else will notice it and fix it long before you.
How Cleanbrowsing.org works
The problem with web content filtering is that what’s objectionable to one person won’t be objectionable to someone else. So Cleanbrowsing.org defines several filters. On my kids’ computers, I use the most aggressive filter. This forces Youtube to kid-friendly content and forces search engines to use safe mode. It also blocks sites that aren’t kid-appropriate. If you don’t want your second grader to accidentally view adult content, and you don’t want your second-grader playing violent video games like Fortnite, Cleanbrowsing.org has you covered. Set the DNS on your kids’ devices to Cleanbrowsing.org’s most aggressive servers and call it a day.
That filter also blocks a lot of content related to women’s health. No problem. On my devices and my wife’s devices, I just use a the least aggressive set of DNS servers from Cleanbrowsing.org. They block domains that are a security risk but nothing else. This effectively blocks fake antivirus messages and in some cases it can interfere with the operation of a real virus if you happen to get infected. It’s not a substitute for running antivirus software on a Windows computer but it’s an essential second layer of protection. It keeps our computers secure, but it doesn’t block her from viewing the health-related content she needs.
Cleanbrowsing.org is also one of the few DNS servers that allow you to use encrypted DNS, to make it much harder for your ISP and hostile third parties to spy on you. It supports both DNS over TLS and DNScrypt.
No consumer routers that I know of support DNS over TLS yet. Android Pie supports it natively but most other operating systems don’t yet. To use DNS over TLS with other operating systems, install a local DNS server called Stubby, set your DNS to 127.0.0.1, and edit the file stubby.yml to point to the Cleanbrowsing.org servers you want.
There’s a cleaner way to do it, by running your own local DNS server. If you’re comfortable setting up an Ubuntu virtual machine, that’s a nice option.
You don’t have to use encrypted DNS to use Cleanbrowsing.org, but security-minded people like me like having that option.
I pulled up some malware domains and tested them using Cleanbrowsing.org’s servers, Cloudflare’s servers, and Quad-9. All but Cleanbrowsing.org resolved the second malware domain I tried. Cleanbrowsing.org caught all of them I tried, while the others caught about 60 percent of them. None of them will be perfect, but Cleanbrowsing.org is the only one that seems to have as thorough of a list as I have.
What if you want to customize it?
If you want to customize your web filtering, say, to block gambling sites but not sites related to women’s health, Cleanbrowsing.org offers plans that start at $4.95 per month. In effect this gives you the power of a web content gateway like Bluecoat or Websense, but without the many drawbacks of a proxy server.
How fast is it?
Cleanbrowsing.org is almost certainly faster than your ISP’s DNS. It’s generally not quite as fast as other popular third-party DNS servers run by Cloudflare, Google, or Level 3. But in my tests, the difference between Cleanbrowsing.org’s servers and any ISP servers is much greater than the difference between Cleanbrowsing.org and the fastest third-party servers. Your mileage may vary but probably not by a lot. Here’s how to test it.
I don’t think you’ll find a negative Cleanbrowsing.org review anywhere. It’s reasonably fast, it’s reliable, it’s easy to set up, and it makes you safer. There’s nothing not to like, and it comes with my highest recommendation.