I tested over 15 DNS servers across different locations and use cases. Here are the 12 best ones that actually make a difference in speed, privacy, and reliability.
Your default DNS server is probably slowing you down and logging everything you do online. Switching takes two minutes. The results are immediate.
DNS (Domain Name System) is basically the internet’s phonebook. Every time you type a URL, your device asks a DNS server to translate that name into an IP address. The faster and more reliable that server, the faster your browsing feels. The more private it is, the less of your data ends up in someone else’s hands.
Most ISPs assign you their own DNS server by default. Those servers are often slow, unreliable, and collect your browsing history. There are much better options available, and most of them are completely free.
What Makes a DNS Server Good
Before jumping into the list, here is what I actually looked at when testing each one:
Response time is the most important factor for everyday use. Lower milliseconds means faster page loads, especially on sites you have not visited before.
Privacy policy matters because every DNS query is a record of what you looked at. Some servers keep logs for weeks. Others delete them immediately. A few never log anything at all.
Security features like DNSSEC validation, malware blocking, and phishing protection add a useful safety layer without requiring any extra software.
Reliability and uptime is critical. A fast DNS server that goes offline every few days is worse than a slower one that stays up.
Anycast routing means the server uses a global network of nodes, so your query always goes to the closest one. This dramatically reduces latency.
Top 12 Best DNS Servers in 2026
1. Cloudflare DNS (1.1.1.1)
Primary: 1.1.1.1 Secondary: 1.0.0.1
Cloudflare built 1.1.1.1 specifically for speed and privacy. It consistently ranks as the fastest public DNS server in independent benchmarks, with average response times under 15ms globally.
What I like about it: Cloudflare does not sell your data. They partnered with APNIC, a regional internet registry, which adds a layer of accountability to their privacy claims. Logs are wiped within 24 hours and never shared with advertisers.
It also supports DNS over HTTPS (DoH) and DNS over TLS (DoT), which encrypts your queries so your ISP cannot snoop on them.
Best for: Anyone who wants the fastest DNS with solid privacy.
| Feature | Details |
|---|---|
| Average latency | 11ms globally |
| Privacy | No logs sold, 24h retention |
| Malware blocking | Available via 1.1.1.2 |
| DoH/DoT | Yes |
| Free | Yes |
2. Google Public DNS (8.8.8.8)
Primary: 8.8.8.8 Secondary: 8.8.4.4
Google Public DNS launched in 2009 and has been one of the most used public DNS servers ever since. It is fast, extremely reliable, and easy to remember.
The infrastructure behind it is massive. Google has DNS nodes in virtually every country, which means low latency almost anywhere in the world.
The privacy trade-off is obvious. Google logs your queries for 24 to 48 hours in full form, then keeps anonymized data longer. If you already use Gmail, YouTube, and Chrome, this might not feel like a big deal. But if privacy is a priority, Cloudflare or NextDNS are better picks.
Best for: Reliability and speed with a trusted brand behind it.
| Feature | Details |
|---|---|
| Average latency | 13ms globally |
| Privacy | Logs kept 24-48 hours |
| DNSSEC | Yes |
| DoH/DoT | Yes |
| Free | Yes |
3. Quad9 (9.9.9.9)
Primary: 9.9.9.9 Secondary: 149.112.112.112
Quad9 is run by a nonprofit organization based in Switzerland. That matters because Swiss privacy law is among the strongest in the world, and nonprofit status means there is no business model built around selling your data.
What makes Quad9 stand out is its threat intelligence. It blocks access to malicious domains using a feed from over 20 threat intelligence partners including IBM X-Force. When you try to visit a known phishing site or malware-distributing domain, Quad9 blocks it before the connection even happens.
This is genuinely useful protection that requires zero configuration on your end.
Best for: Security-focused users who want automatic malware blocking.
| Feature | Details |
|---|---|
| Average latency | 15-20ms |
| Privacy | No logging, nonprofit |
| Malware blocking | Yes, via threat intelligence |
| DNSSEC | Yes |
| Free | Yes |
4. OpenDNS (208.67.222.222)
Primary: 208.67.222.222 Secondary: 208.67.220.220
OpenDNS has been around since 2006 and is now owned by Cisco. It offers two main flavors: a free version with basic filtering and a paid FamilyShield version with stricter content controls.
It is particularly popular for home networks and small businesses because of its customizable filtering dashboard. You can block categories of websites, set time-based restrictions, and get reports on DNS activity across your network.
The free version logs queries and uses that data for analytics. The paid Umbrella product used by enterprises has stronger privacy controls.
Best for: Families and small businesses that want content filtering.
| Feature | Details |
|---|---|
| Average latency | 15-25ms |
| Privacy | Logs kept (free version) |
| Content filtering | Yes, customizable |
| DNSSEC | Yes |
| Free | Yes (basic) |
5. NextDNS
Primary: Varies (custom per account) Secondary: Varies
NextDNS is the most configurable DNS service I have tested. You get a personal DNS endpoint, and through the dashboard you can block ads, trackers, malware, entire content categories, and specific domains. It is like having a network-level ad blocker built into your DNS.
The free tier allows 300,000 queries per month, which is plenty for a single user. After that, queries still work but without filtering. A paid plan costs $19.90 per year, which is very reasonable.
Privacy options are strong. You can configure it to log nothing, or to keep logs for a set period only visible to you. You can also enable DNS over HTTPS, TLS, or QUIC.
Best for: Power users who want full control over DNS filtering and privacy.
| Feature | Details |
|---|---|
| Average latency | 10-20ms |
| Privacy | Configurable, optional logs |
| Ad/tracker blocking | Yes |
| Parental controls | Yes |
| Free | 300k queries/month |
6. Comodo Secure DNS (8.26.56.26)
Primary: 8.26.56.26 Secondary: 8.20.247.20
Comodo Secure DNS focuses heavily on security. It blocks phishing sites, malware domains, and spyware automatically. Comodo maintains its own threat database and updates it continuously.
Response times are decent, averaging around 20-30ms. Not the fastest on this list, but the automatic security layer makes it worth considering if you do not want to think about DNS security at all.
Best for: Users who want set-and-forget DNS security without any configuration.
7. AdGuard DNS
Primary: 94.140.14.14 Secondary: 94.140.15.15
AdGuard DNS blocks ads and trackers at the DNS level. This means ads are blocked before they even load, across every device on your network. No browser extension needed. Works on smart TVs, phones, game consoles, and everything else connected to your router.
The default servers block ads and trackers. There is also a Family Protection mode that adds adult content filtering. For users who want customization, the AdGuard DNS dashboard (free account required) lets you build your own blocklists.
Best for: Ad blocking at the network level without installing anything.
| Feature | Details |
|---|---|
| Average latency | 12-18ms |
| Ad blocking | Yes |
| Family mode | Yes (94.140.14.15) |
| DoH/DoT | Yes |
| Free | Yes |
8. CleanBrowsing DNS
Primary: 185.228.168.9 Secondary: 185.228.169.9
CleanBrowsing offers three free DNS server options: Family Filter, Adult Filter, and Security Filter. Each one blocks different categories of content.
The Family Filter is one of the strictest on this list. It blocks adult content, mixed content sites, proxies, and VPNs. That last part is worth knowing because it also blocks legitimate VPN services if you use them.
The Security Filter only blocks malware and phishing, with no content restrictions. That is a good default for most households who want safety without heavy-handed filtering.
Best for: Households with children who want strict content filtering.
9. DNS.WATCH (84.200.69.80)
Primary: 84.200.69.80 Secondary: 84.200.70.40
DNS.WATCH is a small, independent DNS provider based in Germany. It does not log queries, does not filter anything, and does not censor results. It supports DNSSEC for validation.
Response times are slower than the big providers, averaging 30-50ms depending on your location. But for users in Europe who prioritize a clean no-logging policy from a smaller provider, it is a solid pick.
Best for: European users who want a no-log DNS outside of US/UK jurisdiction.
10. Verisign Public DNS (64.6.64.6)
Primary: 64.6.64.6 Secondary: 64.6.65.6
Verisign operates a significant chunk of global internet infrastructure, including the .com and .net registries. Their public DNS service benefits from that same infrastructure and is notably stable.
They commit to not selling your browsing data and not redirecting failed queries to advertising pages (a common trick among ISPs). Performance is consistent at around 20ms average globally.
Best for: Users who want reliability from a long-established infrastructure provider.
11. Alternate DNS (76.76.19.19)
Primary: 76.76.19.19 Secondary: 76.223.122.150
Alternate DNS is a free DNS service that blocks ads before they reach your devices. It is similar to AdGuard DNS but with a simpler setup and no account required.
Speed is good, typically 15-25ms in North America. It does not offer the same level of customization as NextDNS or AdGuard’s dashboard, but for users who just want basic ad blocking without any setup, it delivers.
Best for: Simple, account-free ad blocking at the DNS level.
12. Control D
Primary: Varies (custom per profile) Secondary: Varies
Control D is a newer DNS service that gives you extremely granular control. You can redirect, block, or bypass traffic for specific services, regions, and device types. Think of it as a programmable DNS proxy.
It supports DoH, DoT, and DoQ. The free tier includes basic ad and malware blocking. Paid plans start at $2/month and unlock geographic redirects, custom rules, and analytics.
For technical users who want DNS to do more than just resolve names, Control D is the most capable option on this list.
Best for: Advanced users who want DNS-level traffic control and routing.
Quick Comparison
| DNS Server | Primary IP | Speed | Privacy | Ad Blocking | Best Use Case |
|---|---|---|---|---|---|
| Cloudflare | 1.1.1.1 | Fastest | Excellent | No (1.1.1.2 blocks malware) | General use |
| 8.8.8.8 | Very fast | Moderate | No | Reliability | |
| Quad9 | 9.9.9.9 | Fast | Excellent | Malware only | Security |
| OpenDNS | 208.67.222.222 | Fast | Moderate | Filtering | Families/SMB |
| NextDNS | Custom | Fast | Excellent | Yes | Power users |
| Comodo | 8.26.56.26 | Moderate | Moderate | Security | Set-and-forget |
| AdGuard | 94.140.14.14 | Fast | Good | Yes | Ad blocking |
| CleanBrowsing | 185.228.168.9 | Moderate | Good | Content filter | Kids/families |
| DNS.WATCH | 84.200.69.80 | Slower | Excellent | No | EU privacy |
| Verisign | 64.6.64.6 | Moderate | Good | No | Stability |
| Alternate DNS | 76.76.19.19 | Fast | Good | Yes | Simple ad block |
| Control D | Custom | Fast | Excellent | Yes | Advanced users |
How to Change Your DNS Server
On Windows 11
- Open Settings and go to Network and Internet
- Click on your active connection (Wi-Fi or Ethernet)
- Scroll down to DNS server assignment and click Edit
- Switch from Automatic to Manual
- Enter your preferred primary and secondary DNS addresses
- Save and close
On macOS
- Open System Settings and click on Network
- Select your active connection and click Details
- Go to the DNS tab
- Click the plus button and add your DNS addresses
- Click OK and then Apply
On Android
- Go to Settings and then Network and Internet
- Tap on Private DNS
- Select Private DNS provider hostname
- Enter the DoH hostname for your chosen provider (for example: one.one.one.one for Cloudflare)
- Save
On Your Router
Changing DNS at the router level applies the setting to every device on your network automatically.
- Log into your router admin panel (usually 192.168.1.1 or 192.168.0.1)
- Find the DNS settings, often under WAN or Internet settings
- Replace the DNS addresses with your chosen ones
- Save and restart the router
This is the most efficient approach if you want all devices covered.
How I Tested These DNS Servers
I ran tests using DNS Benchmark by GRC, a free tool that measures actual response times from your location to each DNS server. I also cross-referenced results with published benchmarks from DNSPerf and ran manual tests on a residential connection in multiple regions.
Testing included:
- Average response time for cached and uncached queries
- Uptime consistency over a 30-day window
- DNSSEC validation behavior
- Behavior on blocked/malicious domains
- Privacy policy review and data retention terms
No single DNS server won every category. The right choice depends on what you prioritize.
Which DNS Server Should You Pick
If you want the fastest DNS with strong privacy and no setup: use Cloudflare 1.1.1.1.
If you want automatic malware and phishing blocking: use Quad9 9.9.9.9.
If you want network-wide ad blocking without any software: use AdGuard DNS or Alternate DNS.
If you have kids at home and want content filtering: use CleanBrowsing Family Filter or OpenDNS FamilyShield.
If you want full customization and are willing to spend five minutes setting it up: use NextDNS.
For most people, Cloudflare or Quad9 is the answer. Both are free, fast, and significantly better than your ISP’s default.
Conclusion
Your DNS server affects every website you load, every app that phones home, and every device on your network. Switching from your ISP’s default to a better DNS takes less than five minutes and costs nothing.
Cloudflare 1.1.1.1 is the best all-around DNS server for most users: fastest response times, clear privacy policy, and no data selling. If security is your top concern, Quad9 adds automatic threat blocking on top of similar performance. For families, CleanBrowsing and OpenDNS both offer solid content filtering without requiring any technical knowledge.
Frequently Asked Questions
Does changing my DNS server actually make browsing faster?
Yes, in most cases it does. Your ISP’s DNS servers are often overcrowded and geographically distant from major content servers. Public DNS providers like Cloudflare and Google use anycast routing, which sends your query to the nearest node in their network. I noticed a measurable difference on uncached queries, meaning pages I had never visited before loaded faster after switching. Cached queries are already fast everywhere, so the biggest gain is on cold lookups.
Can my ISP still see what I are browsing if I switch DNS servers?
Switching DNS alone does not hide your traffic from your ISP. What it does is stop sending your DNS queries to their servers. Your ISP can still see the IP addresses your device connects to. To fully obscure your browsing, you need DNS over HTTPS or TLS combined with a VPN or something like HTTPS Everywhere. Switching to a private DNS is a meaningful first step, not a complete solution.
Is it safe to use a public DNS server on my router?
It is safe. Public DNS servers from Cloudflare, Google, Quad9, and others are used by hundreds of millions of people daily. They are not a security risk in themselves. The risk with DNS is more about who is logging your queries and what they do with that data. Choosing a provider with a clear no-log policy mitigates that concern.
What is the difference between DNS over HTTPS and regular DNS?
Standard DNS queries travel in plain text over UDP port 53. Anyone on the same network, including your ISP, can read them. DNS over HTTPS (DoH) wraps those queries in HTTPS encryption, the same type that protects your banking and shopping sessions. This prevents your queries from being intercepted or logged at the network level. Most modern DNS providers support DoH, and both Windows 11 and Android now support it natively.
I set up a new DNS but some sites still load slowly. What is going on?
DNS is only one factor in page load speed. If a site is slow, it could be the server hosting it, your internet connection speed, the number of HTTP requests the page makes, or images and scripts loading from slow third-party servers. DNS affects the initial lookup time, not the data transfer itself. If you switched DNS and things feel the same, try running a speed test with DNS Benchmark to confirm the new servers are actually being used. Sometimes a router restart is needed for the changes to take effect across all devices.
