I’ve advocated using something other than your ISP’s DNS for years. There’s little if any downside to doing so, and tons of upside. My current favorite third-party DNS is because it does so much to improve performance and security. Here’s my review.

First things first: Don’t worry about how much costs. It has useful tiers available as a free service, even though it’s tremendously valuable.

What is review
To use, all you have to do is change your network properties on your devices, or change the DNS settings on your router if it allows it. Be sure to set them in both IPv4 and IPv6. You won’t find a bad review because there’s no downside to it. is a content filter at the DNS level. What on earth does that mean?

DNS is the Internet’s phone book. It translates human-readable names like or into 32-bit numeric addresses. That way you don’t have to remember or bookmark addresses like every time you want to read your local newspaper or buy model train parts. That makes the Internet far easier to use.

This also makes the Internet easy to filter. Way back in 1999, I wrote a whole book chapter telling people how they could block certain web sites by editing a file on their computer to block DNS from resolving their names. It worked, but it was incredibly clunky and unwieldy. It’s not practical to do on your own and it’s really easy to break stuff, including, ironically, my own web page. The problem was, in 1999 I could explain in two sentences what to block, and the Internet is a lot more complicated now. I still get complaints from time to time from people who followed this advice and wanting me to update it.

Here’s my updated advice. Quit messing with your hosts files and use does that work for you. It blocks different types of content, and all you have to do is change the DNS servers in your network configuration. The only tricky part is remembering to change your DNS settings in both IPv4 and IPv6 if your device supports IPv6. You don’t have to edit any files, and more importantly, you don’t have to maintain them. If something important breaks, chances are someone else will notice it and fix it long before you.

How works

The problem with web content filtering is that what’s objectionable to one person won’t be objectionable to someone else. So defines several filters. On my kids’ computers, I use the most aggressive filter. This forces Youtube to kid-friendly content and forces search engines to use safe mode. It also blocks sites that aren’t kid-appropriate. If you don’t want your second grader to accidentally view adult content, and you don’t want your second-grader playing violent video games like Fortnite, has you covered. Set the DNS on your kids’ devices to’s most aggressive servers and call it a day.

That filter also blocks a lot of content related to women’s health. No problem. On my devices and my wife’s devices, I just use a the least aggressive set of DNS servers from They block domains that are a security risk but nothing else. This effectively blocks fake antivirus messages and in some cases it can interfere with the operation of a real virus if you happen to get infected. It’s not a substitute for running antivirus software on a Windows computer but it’s an essential second layer of protection. It keeps our computers secure, but it doesn’t block her from viewing the health-related content she needs.

Encrypted DNS is also one of the few DNS servers that allow you to use encrypted DNS, to make it much harder for your ISP and hostile third parties to spy on you. It supports both DNS over TLS and DNScrypt.

No consumer routers that I know of support DNS over TLS yet. Android Pie supports it natively but most other operating systems don’t yet. To use DNS over TLS with other operating systems, install a local DNS server called Stubby, set your DNS to, and edit the file stubby.yml to point to the servers you want.

There’s a cleaner way to do it, by running your own local DNS server. If you’re comfortable setting up an Ubuntu virtual machine, that’s a nice option.

You don’t have to use encrypted DNS to use, but security-minded people like me like having that option.


I pulled up some malware domains and tested them using’s servers, Cloudflare’s servers, and Quad-9. All but resolved the second malware domain I tried. caught all of them I tried, while the others caught about 60 percent of them. None of them will be perfect, but is the only one that seems to have as thorough of a list as I have.

What if you want to customize it?

If you want to customize your web filtering, say, to block gambling sites but not sites related to women’s health, offers plans that start at $4.95 per month. In effect this gives you the power of a web content gateway like Bluecoat or Websense, but without the many drawbacks of a proxy server.

How fast is it? is almost certainly faster than your ISP’s DNS. It’s generally not quite as fast as other popular third-party DNS servers run by Cloudflare, Google, or Level 3. But in my tests, the difference between’s servers and any ISP servers is much greater than the difference between and the fastest third-party servers. Your mileage may vary but probably not by a lot. Here’s how to test it.

I don’t think you’ll find a negative review anywhere. It’s reasonably fast, it’s reliable, it’s easy to set up, and it makes you safer. There’s nothing not to like, and it comes with my highest recommendation.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux