DNS (Domain Name System) is a system that helps your computer or phone find websites. But it can also leak a lot of information about what you do online. Every time you visit a website, your device asks a DNS resolver for the website’s address. That means the DNS resolver knows which websites you visit.
Google’s DNS vs Your ISP’s Resolver
Many people use public DNS resolvers like Google (8.8.8.8) or Cloudflare (1.1.1.1). But by doing so, you’re giving all your browsing data to companies that might use it to track you or influence your behavior. Using your local ISP’s DNS resolver may actually be more private.
First, it can make your internet faster because your ISP’s servers are closer to you than Google’s or Cloudflare’s.
Second, if you’re not using encryption (like DNS-over-HTTPS or DNS-over-TLS), your ISP can already see your DNS traffic. So, sending it to both your ISP and Google/Cloudflare is sharing your data with two places instead of one.
One ISP Resolver vs Multiple DNS Resolvers
If you split your DNS requests across many different resolvers, it becomes harder for any one resolver to know all the websites you visit. However, if you use resolvers that aren’t trustworthy and sell data to advertisers, your privacy still won’t improve much. On the other hand, if most of the resolvers are ethical and don’t track you, your privacy will be much better.
You can increase privacy even more by enabling DNS caching. This means your computer will store the addresses of websites you visit frequently, so it won’t need to ask the DNS resolver every time, keeping more of your browsing local.
My suggestion for the most private installation:
- Always use encryption (DNS-over-TLS/HTTPS) to hide your DNS traffic from your ISP.
- Use multiple DNS resolvers and randomly distribute the requests across them.
- Choose ethical DNS services that don’t track or sell your data.
- Enable DNS caching to reduce the number of DNS requests sent over the internet.
Ethical DNS services I proposing:
tls://dns.artikel10.orgtls://dns.digitale-gesellschaft.chtls://dns3.digitalcourage.detls://dnspub.restena.lutls://anycast.uncensoreddns.orgtls://dot1.applied-privacy.nettls://dot.sbtls://dns10.quad9.nettls://unfiltered.adguard-dns.comtls://dns.mullvad.net
Use software Adguard DNS Proxy
I would appreciate any suggestions or feedback.
P.S. There are even more advanced ways to improve DNS privacy, like using DNS-over-HTTPS/TLS over overlay networks, but that’s a topic for another time.