Securing your Home Network using a FREE Public DNS Server
Securing your Home Network using a FREE Public DNS Server
In the vast digital galaxy, your home network is the ship that navigates the stars, taking you to realms of information, connection, and entertainment. But just like any great vessel, it needs protection from the dark side—cyber threats lurking in the shadows, waiting to strike. Fear not, for with the right tools and knowledge, you can defend your digital domain with the power of the Jedi. Just as a Jedi shields themselves with the Force, you can secure your network using free DNS providers that block malicious data, keeping your devices, information, and personal privacy safe from cyber Sith.
May the security be with you, always.
The Typical Situation
In a usual configuration pertaining to our Modem/Router, local ISP provides DHCP for your DNS servers. Typically, this use their own DNS server (ISP owned).
For example here in New Zealand, popular ISPs like Spark or One NZ provides by default the DNS servers for your home router:
https://www.spark.co.nz/help/internet/set-up/dns-settings/
Spark Primary DNS: 122.56.237.1
Spark Secondary DNS: 210.55.111.1
https://www.whatsmydns.net/dns/new-zealand/vodafone.html
One NZ Primary DNS: 203.109.191.1
One NZ Secondary DNS: 203.118.191.1
The listed above DNS server have no issues at all and it will work as intended. However, there are NO SECURITY features embedded in them and sometimes there is poor performance as well. This means, you may NOT be really protected as well as your kids from browsing or connecting to The Harsh Internet! Else, you will need to purchase another security subscription from your ISP. Well, we don’t want that!
Why use other DNS providers?
When setting up your home network, one of the first decisions you’ll make is choosing which Domain Name System (DNS) server to use. Many users opt to stick with their Internet Service Provider’s (ISP) default DNS settings, but this may not be the most secure or efficient choice. Switching to a free, more secure DNS provider can significantly improve your online security, privacy, and browsing performance. Here’s why:
1. Improved Security Against Malicious Content
2. Better Privacy and No Tracking
3. Faster and More Reliable Performance
4. Protection Against DNS Spoofing and Cache Poisoning (Just another Threat Protection for you)
5. Resilience Against Downtime
What is the BEST in My Opinion?
When it comes to securing your home network, Quad9 DNS stands out among free DNS providers. In my opinion, Quad9 offers the best balance of security, privacy, and reliability, making it an ideal choice for anyone looking to protect their digital life without spending a dime. Here’s why Quad9 is my go-to recommendation:
1. Unmatched Security Against Malicious Domains
Quad9 was specifically built with security in mind. Unlike many DNS providers that focus primarily on speed or privacy, Quad9’s main mission is to block access to dangerous and malicious websites. Through partnerships with multiple threat intelligence providers, including well-known cybersecurity organizations, Quad9 is able to filter out millions of malicious domains in real time.
- Real-time Threat Intelligence: Quad9 aggregates data from over 20 different threat intelligence providers. This means they’re constantly updating their filters to block access to phishing sites, malware sources, and other harmful content, providing protection against new threats as they emerge.
This feature is essential for home networks where users may accidentally click on harmful links or visit risky websites, as it stops cyber threats before they even have a chance to reach your devices.
2. Commitment to Privacy
Privacy is becoming increasingly important, and Quad9 takes a strong stance on protecting user data. Unlike some DNS providers that log user queries for analysis or advertising, Quad9 has a strict no-logging policy for personally identifiable information (PII).
- No IP Address Logging: Quad9 is structured to avoid tracking your IP address or logging your personal data. This makes it a privacy-focused choice for those who want to protect their browsing habits from being monitored or sold to third parties.
In a world where data is often traded as a commodity, Quad9’s commitment to privacy sets it apart as a trusted provider that respects your right to anonymity online.
3. Simple to Set Up, Yet Robust in Performance
Setting up Quad9 is incredibly easy, whether you’re adding it to a single device or configuring it on your home router to cover your entire network. With primary and secondary DNS servers (9.9.9.9 and 149.112.112.112), the setup takes only minutes and provides immediate, network-wide protection against malicious sites.
- Reliability and Speed: While security is its primary focus, Quad9 doesn’t sacrifice performance. With a global network of DNS servers and caching features that ensure speedy query resolution, Quad9 provides reliable, quick responses, keeping your browsing experience fast while blocking harmful sites.
Quad9’s infrastructure includes more than 150 servers worldwide, ensuring that you get a reliable and consistent connection, no matter where you are located.
4. Support for Encrypted DNS Protocols
Quad9 supports DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), which add an extra layer of encryption to your DNS queries. These protocols prevent your internet provider or anyone else from intercepting or tampering with your DNS requests, adding further privacy and security benefits.
- Enhanced Privacy with Encrypted DNS: DNS encryption hides your DNS queries from potential onlookers, ensuring that your internet activity stays private. This is especially important for users who are concerned about ISP monitoring or live in regions with restricted internet access.
With DoH and DoT support, Quad9 provides a level of DNS privacy and security that is unmatched by most ISPs and even many other free DNS services.
5. Nonprofit, Community-Focused Mission
Unlike commercial DNS providers, Quad9 is a nonprofit organization focused on enhancing internet security for everyone. Their model is driven by a mission to make the internet safer rather than profit. Quad9’s commitment to making advanced cybersecurity available for free shows their dedication to the greater good, not just to profit margins.
This nonprofit approach builds trust with users, knowing that Quad9 isn’t just a product but a service created to protect its community.
General Step-by-Step DNS Configuration
Here’s a general step-by-step procedure to secure your home network using free DNS providers that block malicious data. This guide assumes you’re working with a typical home router. We’ll use Quad9’s 9.9.9.9 DNS as an example, but the process is similar for most DNS providers and Home Modem/Router.
Some reference you can use here in NZ:
Step 1: Access Your Router’s Admin Interface
1. Find the router’s IP address:
This is usually printed on the back or bottom of the router. Common default IPs are 192.168.0.1or 192.168.1.1.
2. Log in to your router:
Open a web browser and enter the router’s IP address in the address bar.
Enter the admin username and password. If you haven’t changed them, they should be listed on the router or in its manual. Common defaults are admin/admin or admin/password.
IMPORTANT: Please change the default router password!!!
—
Step 2: Locate the DNS Settings
1. Navigate to the DNS settings:
Once logged in, find the section for “WAN”, “Internet Settings”, or “Network Settings”. The DNS settings are typically located here. This may vary by router brand, but look for something like “DNS Server,” “LAN Settings,” or “Advanced Settings”.
2. Enable Custom DNS:
You may see the option for “Automatic DNS” or “Obtain DNS server addresses automatically.” You will need to select the option to use custom DNS addresses.
—
Step 3: Enter DNS Provider Information
1. Input the DNS provider’s addresses:
For Quad9’s (9.9.9.9), enter the following:
– Primary DNS: 9.9.9.9
– Secondary DNS: 149.112.112.112
2. Save settings:
Once you’ve entered the DNS addresses, save the settings and exit.
—
Step 4: Verify DNS Configuration
1. Test the new DNS settings:
– You can verify the DNS is working by typing “dnsleaktest.com” into your browser and running the test. This will show which DNS server is being used and confirm the new DNS provider is active.
2. Check for security benefits:
After setting up, try visiting a known malicious site or test with a site designed to show DNS-based blocking. You should notice that sites with known threats or malware are blocked.
—
Step 5: Additional Configuration (Optional)
– Enable DNS-over-HTTPS (DoH) or DNS-over-TLS:
Many routers now support encrypted DNS (DoH/DoT). If your router supports these protocols, enabling them can add a layer of privacy to your DNS queries. This ensures that your DNS requests are encrypted, preventing anyone from intercepting them.
– Use a DNS filtering service:
Some DNS providers, like Cloudflare (with 1.1.1.1 for Families) or OpenDNS, allow you to enable additional filtering that blocks malicious websites, adult content, and more. If your provider offers this, it can be configured directly in the router’s DNS settings or via their online dashboard.
—
Step 6: Restart Your Devices
1. Reboot your router:
After making these changes, restart your router to ensure the new DNS settings take effect.
2. Restart connected devices:
Any devices that were connected to the network may need to be restarted to pick up the new DNS settings.
—
Step 7: Test from your devices
Now that your DNS server settings are better, it is good to note that you should test all your devices at Home if it works better for you and your family. You may want to test it if you want if it really block malicious websites. However, this will never be perfect.