Congress Killed Your Privacy, What Next? – Step Two: Change your DNS servers

(Updated 7/12/2018, now that net neutrality is dead in Trump’s swamp.)

So your browsing history and more can now (unless Trump does something unexpected) be sold by your ISP without them needing your consent.

The first thing you should do is find (and use!) a VPN.  Sometimes that isn’t feasible, or is beyond your technical prowess.  Fair enough.  Changing your DNS servers, though, is a fairly simple matter.  (If you know what you’re doing and want the DNS server addresses, skip to the bottom.)

If you don’t know, DNS is pretty much the “address book” of the internet.  Most ISPs modems and routers default to giving you their DNS servers.  To strain the analogy a little bit, that’s like your computer or phone calling their operator every time you look up anything online.  Giving them that data literally gives them a record of everywhere you’ve decided to point your web browser.  Also, it makes it really easy to censor the internet when you control the “address book”.

Finally, changing your DNS server might speed up your internet a bit, so yay!

If you’re using a VPN, you’re probably already using their DNS servers, so you’re covered.

If you’re mostly worried about speed, you can check out the Namebench tool at https://code.google.com/p/namebench/.  (2018 UPDATE: While that code’s outdated (but sorta useful?) Gibson Research (looooong trusted by security folks) has this tool: https://www.grc.com/dns/benchmark.htm )

Often, people just talk about Google’s public DNS or the OpenDNS system (now owned by Cisco).  There’s other offerings that don’t log or censor your DNS request.  DNS.watch seems to be a good offering as well as Free.DNS‘s open free, and public offerings.  You might also want to check out the OpenNIC project, which I just learned about while researching this post.  (2018 UPDATE: OpenNIC seems to be the best option of the bunch. Click on each entry to see if the “nearest you” entry has logging, DNSSEC, etc.)

There’s guides from Google, the How-To Geek, Lifewire, OpenDNS, or Greycoder to set up your system appropriately; the nice thing is that when you know the numbers to put in, whatever guide makes more sense for you will work.

IMPORTANT:  I have not included IPv6 servers below.  If you’re using IPv6 please check to make sure your DNS requests aren’t leaking.

IMPORTANT:  If your router or computer has more than two entries for DNS and the provider you choose only has two entries, you have these options:

  1. 0.0.0.0 to fall back to your ISP DNS (DO NOT WANT!)
  2. 10.0.0.0 (a non-usable IP) if you don’t want to use any other servers
  3. Another DNS server of your choice (Do not duplicate one of the first two DNS’s or it will default to 0.0.0.0)

Google DNS servers (UPDATED 2018 – Google’s dropped “Don’t be evil” from their motto; let’s not give them more information than necessary, okay?):
8.8.8.8
8.8.4.4

OpenDNS servers
(UPDATED 2018 – I’ve had mixed luck with OpenDNS since they’ve been sold to Cisco. Use with caution):
208.67.222.222
208.67.220.220
208.67.222.220
208.67.220.222

DNS Watch Servers
84.200.69.80
84.200.70.40

Free DNS servers
37.235.1.174
37.235.1.177

OpenNIC servers (2018 UPDATE: RECOMMENDED. These are just four examples, go to https://www.opennic.org/ for the real deal.)
138.197.25.214
45.32.230.225
50.116.23.211
96.90.175.167