How to Change DNS on Windows Mac and Router for Faster Safer Browsing

Changing the DNS server your Windows PC or Mac uses is one of the simplest network tweaks that can deliver real-world benefits: faster name resolution, better protection from malicious sites, and increased privacy — and you can switch it for a single device or for your entire home network by updating your router.

Background / Overview​

The Domain Name System (DNS) is the internet’s address book: when you type a website name into a browser, your device asks a DNS resolver to translate that name into an IP address. By default, most home networks use the DNS servers assigned by your Internet Service Provider (ISP). That’s convenient, but it’s not always the fastest, most secure, or most private option. Third‑party public DNS providers such as Google Public DNS, Cloudflare (1.1.1.1), OpenDNS, Quad9, and Comodo operate global resolver networks, offer optional filtering, and support encrypted DNS transport like DNS over HTTPS (DoH) or DNS over TLS (DoT).
Why change your DNS? The short answer:

• Performance: Some resolvers respond faster than ISP resolvers in many regions, reducing the time a browser spends doing name lookups.
• Security: Many resolvers offer built‑in blocking of malicious or phishing domains and options for family/parental filtering.
• Privacy: Certain providers minimize logging or provide a no‑logs promise and support encrypted DNS to stop local network observers (including ISPs) from seeing unencrypted DNS queries. Privacy guarantees and logging policies vary by provider and should be reviewed carefully.

Community experience also shows that switching DNS often solves intermittent “DNS not responding” problems and other name resolution headaches — you’ll find numerous forum threads and troubleshooting guides that recommend this as a first troubleshooting step.

---

Which DNS providers are worth trying (quick reference)​

• Google Public DNS — IPv4: 8.8.8.8, 8.8.4.4; IPv6: 2001:4860:4860::8888, 2001:4860:4860::8844. Google highlights reliability and performance and supports DoH/DoT.
• Cloudflare (1.1.1.1) — IPv4: 1.1.1.1, 1.0.0.1; IPv6: 2606:4700:4700::1111, 2606:4700:4700::1001. Cloudflare emphasizes privacy and short retention of logs and supports DoH/DoT.
• OpenDNS (Cisco) — IPv4: 208.67.222.222, 208.67.220.220 (FamilyShield variants available for content filtering). OpenDNS provides content filtering and malware-blocking options.
• Comodo SecureDNS — IPv4: 8.26.56.26, 8.20.247.20. Focused on security and blocking malicious domains. Verify current details before deployment.
• Quad9 — IPv4: 9.9.9.9, 149.112.112.112 — notable for malware-blocking and privacy-centered policies (no local logging). (Noted because it’s commonly recommended.)

Note: resolver performance varies by geography and network. Use a DNS benchmark (examples below) to find the fastest resolver for your exact location.

---

How to change DNS on a Windows 11 PC (step-by-step)​

Windows 11 centralizes DNS controls in Settings and includes options for encrypted DNS (DoH). The GUI method is friendly for most users; command-line alternatives are included later for power users.

• Open Settings → Network & Internet → Advanced network settings.
• Under Network adapters, click the adapter you’re using (Wi‑Fi or Ethernet), then select View additional properties.
• Scroll to DNS server assignment and click Edit. Change the dropdown from Automatic (DHCP) to Manual.
• Toggle IPv4 (and IPv6 if you want to set those too), then enter the Preferred and Alternate DNS addresses for the provider you chose (for example, 1.1.1.1 and 1.0.0.1 for Cloudflare).
• Optionally enable DNS over HTTPS (DoH) using the DoH options available in that dialog: Off, On (automatic template), or On (manual template). If you choose manual DoH, paste the provider’s DoH template/URL if required. Click Save.

Tips and gotchas:

• If your adapter has a typo in the DNS IP, name resolution will fail. Keep a copy of the original (or choose “Obtain DNS server address automatically”) to revert easily.
• Windows 11 lets you set DoH system‑wide in Settings; this makes encrypted DNS available to all apps that rely on the system resolver.

Power users: change DNS via PowerShell (run as Administrator)

# Replace "Wi-Fi" with your interface name; replace addresses with your chosen resolver
Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ServerAddresses ("1.1.1.1","1.0.0.1")
# Verify
Get-DnsClientServerAddress -InterfaceAlias "Wi-Fi"

Or use netsh (legacy but still useful):

netsh interface ip set dns "Wi-Fi" static 1.1.1.1
netsh interface ip add dns "Wi-Fi" 1.0.0.1 index=2

Guides and community references show these methods are widely used to fix DNS problems and to enable DoH in Windows 11.

---

How to change DNS on a Windows 10 PC (step-by-step)​

Windows 10 still commonly uses the Control Panel/adapter properties route:

• Settings → Network & Internet → Advanced network settings → Change adapter options.
• In the Network Connections window, right‑click the active adapter → Properties.
• Select Internet Protocol Version 4 (TCP/IPv4) → Properties.
• Choose Use the following DNS server addresses and enter the Preferred and Alternate servers (for example, 8.8.8.8 and 8.8.4.4 for Google). Click OK and close.

Notes:

• Windows 10’s Settings app does not always expose DoH in the same way as Windows 11; encrypted DNS support exists but may require OS updates or provider apps to enable DoH/DoT. If DoH is essential to you, prefer Windows 11 or use provider apps that install system DNS-over-HTTPS profiles.

---

How to change DNS on a Mac (macOS Ventura & later)​

macOS moved System Preferences to the new System Settings layout in Ventura and later; the DNS controls are familiar but moved.

• Click the Apple menu → System Settings → Network.
• Select your active connection (Wi‑Fi or Ethernet) and click Details….
• Click DNS in the protocol list. Click the + button under DNS Servers and add your provider’s addresses (e.g., 1.1.1.1 and 1.0.0.1). Click OK and close System Settings.

Advanced options:

• macOS supports installing DNS configuration profiles and can use provider-supplied DoH profiles for system-wide encrypted DNS. Some providers publish configuration profiles for easy installation. If you prefer Terminal, use networksetup commands:

# Replace Wi-Fi with your interface name
sudo networksetup -setdnsservers "Wi-Fi" 1.1.1.1 1.0.0.1

• Verify with: networksetup -getdnsservers "Wi-Fi".

---

How to change DNS on your router (recommended for whole-home coverage)​

Changing DNS at the router level sends the new resolver IPs to every device that uses DHCP on your home network. It’s the quickest way to protect phones, smart TVs, consoles, and other devices that don’t have easy DNS settings.

• Sign in to your router’s admin interface (commonly via a local IP like 192.168.1.1 — check your router label or manual).
• Look for Internet, WAN, or Network settings and find fields labeled Primary DNS and Secondary DNS.
• Switch from “Obtain DNS automatically” to “Use these DNS addresses” (wording varies by model). Enter the preferred and alternate DNS addresses. Save and reboot the router if required.

Important considerations:

• Some ISPs overwrite router DNS settings via DHCP; if your router gets overwritten after a reboot, check for an ISP lock or firmware option to prefer static DNS.
• If you use an ISP‑supplied gateway that you cannot change, consider setting DNS per-device as a fallback.
• Changing router DNS affects all devices on the LAN but not devices that use their own static DNS settings or a VPN that routes DNS through the VPN provider.

---

Should you change IPv6 DNS too?​

IPv6 addresses are widely supported but not universal. If your ISP and local network support IPv6, pick a provider that publishes IPv6 resolver addresses (Google, Cloudflare, OpenDNS and Quad9 publish IPv6 addresses) and configure both IPv4 and IPv6 DNS to avoid mixed behavior. Many third‑party guides note that if IPv6 is not in use on your network, leaving IPv6 DNS untouched is fine. Use a test page for IPv6 support to confirm whether your ISP and network are using IPv6 before changing IPv6 DNS.

---

Encrypted DNS (DoH/DoT) — why it matters and how to enable it​

Traditional DNS queries are plaintext and can be observed or tampered with on the local network or by the ISP. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt those queries, preventing passive observers from easily seeing which hostnames you resolve. Windows 11 exposes DoH options in Settings when you manually set DNS; macOS supports DoH via profiles or provider apps; many resolvers support DoH endpoints. However, encryption alone doesn’t make you anonymous — it prevents visibility to the local network/ISP but not to the DNS provider or the destination site.
Provider notes:

• Cloudflare publishes DoH endpoints and explicitly touts short log retention and privacy commitments.
• Google Public DNS supports DoH/DoT and documents the available transport options.

Cautionary note: DoH can complicate network security appliances (some corporate or parental controls inspect DNS); if your network relies on on‑premise DNS filtering, switching to encrypted upstream DNS may bypass those controls. Consider coordination if you manage a business or school network.

---

Practical testing: how to pick the right resolver for you​

Resolver performance and policy tradeoffs vary by geography and network path. Use these approaches to pick:

• Benchmark tools: Namebench, GRC’s DNS Benchmark, and other tools test latency to real resolvers and rank them by speed from your location. Run a benchmark and choose the fastest reliable resolver.
• Short trials: Set a resolver for a day or two and observe real browsing behavior. If pages fail to load, revert quickly. Community troubleshooting threads frequently recommend this simple test approach.
• Feature set: If you need family filtering, OpenDNS FamilyShield ships pre-configured for blocking adult content. If privacy/no‑logs is most important, prefer providers with transparent policies and independent audits — Cloudflare and Quad9 publish details about data handling. If malware blocking is a priority, Quad9 and OpenDNS offer focused protection.

---

Troubleshooting​

If name resolution breaks after changing DNS:

• Double‑check for typos in the IP addresses. A single wrong digit will prevent lookups.
• For Windows, run these commands in an elevated command prompt:
• Flush the resolver cache:
  ipconfig /flushdns
• Renew DHCP lease:
  

  ipconfig /release
  ipconfig /renew

• Reset Winsock if network software is performing badly:
  netsh winsock reset

Community posts and support threads show these steps frequently resolve post-change issues. If problems persist, revert to “Obtain DNS automatically” to confirm the problem is DNS-related before deeper troubleshooting.

---

Security and privacy tradeoffs — what to watch for​

• Logging and profiling: Public DNS providers vary in what they log (client IPs, query names, retention windows). Cloudflare advertises that it minimizes logs and deletes them quickly; Google publishes service details but does collect some usage metadata for performance and abuse prevention. Read each provider’s privacy policy before committing.
• Provider trust: By switching you move trust from your ISP to the DNS operator. Choose a provider whose privacy and security posture you trust. No single provider is perfect for every user.
• Encrypted DNS limitations: DoH prevents on‑path eavesdroppers from seeing DNS queries, but the DNS operator still processes those queries. If an organization’s security setup depends on visible DNS for policy enforcement, encrypted upstream DNS might bypass those controls. Plan accordingly.

Flagging unverifiable claims: many popular articles assert “X DNS is always the fastest.” That claim is almost always location dependent and therefore unverifiable without a local benchmark. Treat performance claims as conditional and test for your environment. Community threads often reflect this variability.

---

Advanced tips and ongoing maintenance​

• Use both IPv4 and IPv6 resolver addresses if you have an IPv6-capable network; leave blank or automatic if you don’t.
• Consider combining router-level DNS (for whole-home coverage) and device-level overrides for exceptions (for example, keeping a Pi-hole on the LAN while using Cloudflare upstream).
• Keep a short checklist for rollback: original DNS addresses, router admin credentials, and a backup of any modified configuration. This reduces downtime if something goes wrong.
• Update router and OS firmware frequently — bugs in network stacks or router software can cause confusing DNS behavior that looks like resolver problems. Community troubleshooting threads regularly recommend firmware and driver updates early in the troubleshooting process.

---

Quick reference: common DNS addresses (copy-and-paste)​

• Google Public DNS: 8.8.8.8, 8.8.4.4 (IPv6: 2001:4860:4860::8888, 2001:4860:4860::8844).
• Cloudflare DNS: 1.1.1.1, 1.0.0.1 (IPv6: 2606:4700:4700::1111, 2606:4700:4700::1001).
• OpenDNS: 208.67.222.222, 208.67.220.220 (FamilyShield variants: 208.67.222.123, 208.67.220.123).
• Quad9: 9.9.9.9, 149.112.112.112.
• Comodo SecureDNS: 8.26.56.26, 8.20.247.20 (verify with provider).

---

Real-world examples and community feedback​

Across support forums and community threads, common patterns emerge: users often fix intermittent DNS failures or unusually slow page loads by switching to a public resolver, and many report that Cloudflare and Google are the most tested first options. Some threads also show that router firmware or ISP interference can prevent DNS changes from sticking; when that happens, per-device changes or contacting the ISP are the next steps. These experiences are echoed in multiple support discussions and knowledgebase notes.

---

Final checklist before you change DNS​

• Note current DNS settings (on device and router) so you can revert.
• Pick two resolvers (primary + alternate). Test IPv4 first; add IPv6 if your network supports it.
• Decide scope: single device (quick test), entire machine set, or router-level (whole-home).
• If privacy is critical, prefer resolvers that publish clear policies and offer encrypted transport. Remember the DNS operator still handles the queries.
• After changing, flush DNS cache and run browsing tests; benchmark with a DNS test tool if you want objective latency comparisons.

---

Changing DNS is low risk, reversible, and often yields measurable benefits. Whether you want a tiny speed bump, stronger protection from malicious sites, or less visibility of your lookups to your ISP, there’s likely a resolver that fits your needs. Test a reputable provider (Cloudflare, Google, OpenDNS, Quad9, Comodo) for a few days, check functionality and performance, and revert if anything breaks. For most home users, changing DNS is an easy, high-value networking tweak that pays off in better reliability, optional content controls, and a step toward encrypted, private DNS queries.
Conclusion: swap DNS, test, and choose the provider whose privacy policy and performance meet your needs — and keep your router and OS updated so your changes stay effective and secure.

---

Source: ZDNET How to change your DNS service on a Windows PC or Mac - and why you should