Faster and without blocks: use alternative DNS servers

Before a browser can request a website, it must first resolve the address that the user has typed in – via the Domain Name System, or DNS for short. A DNS server works like an address book in which a name like heise.de is assigned to an IP address. Speedy surfing is therefore not possible without speedy name resolution.

In a typical home network, the primary DNS server for the devices is the router – but it doesn’t know all the IP addresses in the world. If he gets a question that he cannot answer, he forwards the question to a public DNS. If you don’t do anything else and have set up the router according to the instructions from your Internet provider, you can use one of the provider’s services as a public DNS server. But there are alternatives and good reasons to enter a DNS server other than that of the provider.

network blocking

The DNS servers of German providers do not always deliver the truth that is stored in the DNS. In the case of websites whose main aim is to unlawfully distribute copyrighted material (especially films, live sports and music), the DNS servers redirect the queries to a page of the “Copyright Clearing House on the Internet” (CUII). The CUII lawyers call such sites “structurally infringing on copyright”. Since the introduction of such network blocks, critics have feared that they could also be used to censor unwanted content. However, the pages are not really blocked at all – the provider DNS simply does not reveal the correct address.

At the end of March 2023, provider 1&1 proved how dangerous DNS manipulation can be. Due to a technical error, the address heise.de ended up on the CUII block list for some users. Instead of the news ticker, they saw a blocking page. The bug was quickly fixed, but proves that false locks are not a theoretical problem.

Anyone who does not want to have anything to do with such blocks and potential censorship can use an alternative DNS provider from abroad, where the CUII has no influence. But it also works the other way around: Some alternative DNS servers have deliberately installed their own network blocks. For example, they filter content unsuitable for children or addresses that have been noticed in connection with malware. This can be useful in environments with children (at home or at school, for example). You can read which provider is suitable for you in the “Alternatives” section.

speed

The name resolution via DNS is at least as important for the perceived Internet speed as the delivery of the data itself. Nobody needs a second to think before visiting a website. And when it comes to speed, the provider’s DNS servers aren’t exactly top class. It’s true that measurements of DNS speeds should always be treated with caution, and almost every alternative provider claims to be the fastest at resolving issues. However, experience shows that DNS providers such as Google, Quad9 and Cloudflare (more on this later) resolve faster on average than the providers’ servers. Especially at peak times you get some speed with such a provider.

That is how it goes

Changing the DNS provider for your own network is done in a few minutes and works the same in almost every router. You have to look for a point called Internet settings. There is usually a check mark to use the provider’s standard server, including two fields for your own IP addresses. The background: If one server fails, the router accesses the second. You don’t get any of this. It can be a sensible strategy to use an address from another provider as the second server. This greatly reduces the probability of failures.

In the Fritzbox, which is widespread in Germany, you will find the setting under the menu item Internet/Access data/DNS server.

alternatives

Google has stirred up the alternative DNS server market by using the very easy-to-remember addresses 8.8.8.8 and 8.8.4.4 for DNS servers. As always with Google, the offer is solid and very fast, but in return you have to live with the fact that Google logs and analyzes usage.

After Google, another US company entered the race: Cloudflare offers companies numerous commercial services on the Internet, its DNS servers are free at addresses 1.1.1.1 and 1.0.0.1. Cloudflare itself states that it does not keep logs of who has resolved which pages. There are two other offerings from Cloudflare: 1.1.1.2 (and 1.0.0.2 as a reserve) filter malware-distributing sites. 1.1.1.3 (and 1.0.0.3) filter malware and adult content.

A European alternative is Quad9, operated by a Swiss foundation. Their IP address is 9.9.9.9 (and 149.112.112.112 as a reserve). Also from Europe comes the DNS.Watch project with the IP address 84.200.69.80 (and 84.200.70.40 as a reserve). The project does not have a legal form, and the creators do not appear either – apparently protective measures to prevent being forced to block the project like that of the CUII.

The table gives you an overview of the addresses of the DNS providers. If you are surfing via IPv6 and your router also has fields for IPv6 DNS servers, you will find the appropriate addresses in the last two columns.

(yum)