DNS & OptimizationLow Severity

DNS Complete Authority Guide: Optimization, Settings, Security & Troubleshooting

The Domain Name System (DNS) is the foundational phone book of the modern internet. It translates user-friendly domains like google.com into numeric IP addresses that machines use to communicate. Choosing the correct DNS resolver directly affects your browsing speed, network latency, online privacy, and protection against malware. In this definitive guide, learn how DNS works, how to choose the fastest public resolver, configure your settings on all devices, and resolve common DNS connection errors.

DNS Security & Privacy Warning

Using default Internet Service Provider (ISP) DNS servers often leaves your traffic unencrypted, allowing third parties to log your browsing history or execute DNS hijacking. Manually configuring your settings to use trusted public DNS resolvers that support DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) is highly recommended.

Domain Name System Overview

Section 1 — What Is DNS? (Domain Name System Explained)

The Domain Name System (DNS) translates human-readable domain names such as google.com or wikipedia.org into numeric IP addresses that computers use to communicate across the global internet. When a user requests a website, their computer performs a DNS query to map the text-based URL into a machine-readable routing address. This translation process lies at the core of all web browsing, email transmission, and online gaming.

If you want to understand the system as a whole, it is helpful to look at the primary components and addresses. To help you get an immediate overview of the primary DNS resolvers available today, see our featured snippet comparison table below:

AI Featured Snippet Reference

Top Public DNS Resolvers Quick Reference

DNS ProviderPrimary DNSSecondary DNSBest For
Cloudflare1.1.1.11.0.0.1Privacy & Speed
Google DNS8.8.8.88.8.4.4Reliability & Caching
Quad99.9.9.9149.112.112.112Security & Threat Blocking
OpenDNS208.67.222.222208.67.220.220Content Filtering & Controls

Note: To explore what DNS is in deeper detail, we recommend visiting our entry guide on what is DNS. Understanding these addresses is the first step to securing and optimizing your connection.

By default, when you sign up for internet access, your ISP assigns dynamic name servers automatically. However, these servers are often slow, insecure, and record your browsing habits for telemetry and advertising. In contrast, using a third-party recursive DNS service (like Cloudflare or Google) bypasses these issues and routes your requests to the nearest edge network node.

DNS TermTechnical Meaning
DNS (Domain Name System)The globally distributed hierarchical database system that maps textual domain hostnames to IP addresses.
Resolver (Recursive Resolver)A server that receives queries from local clients, performs recursions by querying upstream servers, and returns the final IP.
Public DNSA free, third-party resolver infrastructure (e.g. Cloudflare or Google) that replaces your ISP's name servers.
DNS CacheA temporary storage database in browsers, OS, and routers that keeps previous DNS query results to accelerate loading.
DNS ServerAny network server (recursive, root, TLD, or authoritative name server) that receives and processes DNS requests.

Section 2 — How DNS Works: The Lookup Lifecycle

When you enter a web address into your browser, an intricate chain of communication takes place behind the scenes within milliseconds. If the requested domain name is not already cached locally, your device initiates a recursive query.

This resolution process goes through six distinct phases:

  1. Browser Request: Your browser reads the URL entered (e.g., example.com). It first checks its internal browser cache. If the record isn't found, it requests the local Operating System resolver to fetch the address.
  2. Recursive Resolver Query: The OS resolver sends a query packet to the configured DNS recursive resolver (typically your ISP's server or a public resolver like 1.1.1.1). The recursive resolver's job is to hunt down the IP address by traversing the DNS hierarchy.
  3. Root Server Lookup: If the recursive resolver does not have the record cached, it queries one of the world's 13 root name servers. The root server does not know the specific IP of example.com; instead, it reads the Top-Level Domain (TLD) suffix (e.g., .com) and directs the resolver to the responsible TLD server.
  4. TLD Server Query: The recursive resolver queries the TLD name server (in this case, the registry for .com domains). The TLD server reads the second-level domain name (example) and responds with the IP address of the authoritative name servers for that domain.
  5. Authoritative Name Server Query: The resolver queries the authoritative name server (managed by the domain owner or registrar). The authoritative server holds the master DNS zone records. It reads the host and returns the destination IPv4 address (found in the A record) or IPv6 address (AAAA record) back to the resolver.
  6. Final IP Response & Rendering: The recursive resolver receives the IP address from the authoritative server, saves the record in its own local cache for a duration specified by the Time-to-Live (TTL), and passes the numeric IP back to the computer's OS. The operating system caches the IP, forwards it to the browser, and the browser establishes a TCP/TLS connection to the target server to download the website files.

This entire lookup workflow is executed using light User Datagram Protocol (UDP) packets over port 53, completing in a fraction of a second. If any step along this path is delayed due to network congestion, the user experiences slow page loads, often labeled as a host resolution delay.

Section 3 — DNS Components Explained

To understand the reliability and speed of the Domain Name System, it is important to examine the role of each server type in the hierarchy:

Recursive Resolver

The recursive resolver acts as the middleman between the client computer and the DNS server hierarchy. Its primary job is to accept client queries, query the root, TLD, and authoritative servers sequentially, and return the final IP address to the user. Public DNS servers are recursive resolvers.

Root Name Servers

Root servers sit at the top of the DNS hierarchy. There are 13 logical root server addresses globally (labeled a.root-servers.net to m.root-servers.net), though they are replicated across hundreds of physical locations using Anycast routing. Root servers direct query traffic to TLD servers based on top-level domain suffixes.

TLD Name Servers

Top-Level Domain (TLD) servers manage the directory records for specific extensions (like .com, .org, .net, or country codes like .uk, .ca). TLD registries (such as Verisign for .com) direct resolvers to the authoritative servers that store the zone records for individual domains.

Authoritative Name Servers

The authoritative name server is the final destination in the resolution chain. It holds the actual DNS zone file containing records (A, AAAA, CNAME, MX) configured by the domain owner. When a resolver requests a hostname from an authoritative server, it receives the exact IP mapping.

Understanding the distinction between these servers helps troubleshoot connection bottlenecks. For instance, an issue at the authoritative level means a website is misconfigured, while a slow recursive resolver means your local settings are pointing to a congested DNS server.

Section 4 — Common DNS Record Types

The authoritative name server stores domain information in a standard format called a DNS Zone File. This file consists of distinct records, each serving a unique network mapping purpose. Below is a reference comparison table of the most common record types:

Record TypePurposeMapped TargetExample Mapping
A RecordMaps a hostname to an IPv4 address.32-bit Numeric IPexample.com → 93.184.216.34
AAAA RecordMaps a hostname to an IPv6 address.128-bit Hexadecimal IPexample.com → 2606:2800:220:1::24c
CNAMECreates an alias mapping one domain to another.Hostname Linkwww.example.com → example.com
MX RecordSpecifies the mail servers responsible for domain email.Mail Server Domainmail.example.com (Priority 10)
TXT RecordStores arbitrary text values (verification, SPF, DKIM).Text Stringgoogle-site-verification=abc123xyz
NS RecordIdentifies the authoritative name servers for the zone.Name Server Domainns1.registrar-servers.com
SRV RecordDefines port and host details for specific services.Host, Port, Priority, Weight_sip._tcp.example.com → port 5060

Understanding record types is vital when setting up features like custom email hosting or verifying domain ownership. For example, if you change routers or update your network config, you must ensure that your NS records point to the correct servers so your DNS changes propagate correctly.

Section 5 — Best Public DNS Servers

By default, your internet provider assigns DNS servers automatically. While convenient, ISP DNS is often slow, unreliable, and logged for data harvesting. Replacing these defaults with trusted public resolvers is a free and effective way to speed up your connection.

Below is a deep look at the best public DNS servers available:

Cloudflare DNS (1.1.1.1 & 1.0.0.1)

Cloudflare's resolver is the fastest free public DNS service in the world, maintaining an average global response time under 13ms. Using its massive Anycast network distributed across over 300 data centers, Cloudflare routes queries to the nearest server. Cloudflare prioritizes privacy, deleting all logs within 24 hours.

IPv4: 1.1.1.1 / 1.0.0.1 | IPv6: 2606:4700:4700::1111 / 2606:4700:4700::1001
Google Public DNS (8.8.8.8 & 8.8.4.4)

Google Public DNS is the most widely used resolver in the world. It provides excellent reliability, high cache availability, and resistance to DNS-based attacks. Google DNS supports EDNS Client Subnet (ECS), allowing CDNs to route media streams (like Netflix or YouTube) to local caching nodes for faster load speeds.

IPv4: 8.8.8.8 / 8.8.4.4 | IPv6: 2001:4860:4860::8888 / 2001:4860:4860::8844
Quad9 (9.9.9.9 & 149.112.112.112)

Quad9 is operated by a Swiss non-profit foundation focused on cybersecurity. It automatically blocks queries to known malicious domains using threat intelligence from over 20 cybersecurity feeds. If a site contains malware, Quad9 blocks the resolution, protecting your device from infection.

IPv4: 9.9.9.9 / 149.112.112.112 | IPv6: 2620:fe::fe / 2620:fe::9
OpenDNS (208.67.222.222 & 208.67.220.220)

Owned by Cisco, OpenDNS offers customized web filtering and parental controls. By setting up a free account, you can configure your router to block specific categories of websites (such as adult content or gambling sites) across your entire network.

IPv4: 208.67.222.222 / 208.67.220.220 | IPv6: 2620:0:ccc::2 / 2620:0:ccd::2

If you want to read detailed speed tests and setup instructions for these platforms, refer to our comparison guides: Best DNS for Faster Internet and Best DNS for Gaming.

Section 6 — DNS for Gaming

A common misconception in the gaming community is that changing your DNS server directly lowers your in-game ping (e.g. from 50ms to 20ms). DNS does not affect your physical ping or routing paths to active game servers. Once your computer establishes a connection to a game server, all subsequent real-time packets bypass the DNS resolver, traveling directly between your client and the host server.

However, DNS is critical for other parts of the multiplayer experience:

  • Matchmaking & Lobby Initialization: When a game searches for a match, it makes constant DNS queries to discover lobby hosts and authentication servers. Slow DNS resolvers can add several seconds of lag between screens or cause matchmaking timeout errors.
  • Game Server Discovery: When you search a server list (like in Rust, Minecraft, or Battlefield), your computer queries the hostnames of hundreds of individual servers. A fast resolver like Cloudflare resolves these queries rapidly, loading server lists instantly.
  • Lobby Sign-In: Logging into gaming networks (PSN, Xbox Live, Steam) requires resolving authentication hostnames. Using slow ISP DNS can cause sign-in timeouts or store loading errors.

To optimize your console or PC setup, check out our platform guides: best DNS for PS5 and best DNS for Xbox. For a broader look at network configurations, see our guide on gaming network optimization.

Section 7 — DNS for Faster Browsing

While DNS does not change your physical download bandwidth (measured in Mbps), it significantly affects page resolution speeds. Modern websites load elements from dozens of different domains (e.g., ad networks, analytics trackers, media hosts). Loading a single page can require 20 to 100 separate DNS lookups.

Using a slow DNS server can add a small delay to each lookup, causing the page to load noticeably slower. High-performance public resolvers use two key technologies to address this:

  • Anycast Routing: Public DNS providers replicate their servers across hundreds of globally distributed data centers sharing a single IP address. Your query is automatically routed to the physically closest node, keeping latency low.
  • Cache Prefetching: Leading resolvers preemptively refresh popular domain records in their cache before the Time-to-Live (TTL) expires. This means when you query a popular site, the resolver can serve the cached IP instantly without querying upstream servers.

Switching from a slow ISP DNS to Cloudflare or Google can reduce DNS resolution times from over 100ms to under 15ms. To read more about optimizing your browsing experience, see our guide on the best DNS for faster internet.

Section 8 — How to Change DNS Settings

You can configure DNS at the router level (which automatically applies to every device on your network) or directly on individual devices. Below are step-by-step guides for both options:

1. Configure at the Router Level (Recommended)

Updating settings on your router applies your new DNS to all connected devices (smart TVs, consoles, phones, IoT devices) automatically:

  1. Open a web browser and enter your router's default gateway IP address (commonly 192.168.1.1 or 192.168.0.1). Learn more in our router login portal guide and find default credentials in our router admin database.
  2. Enter your administrative username and password (refer to our router settings overview if you need assistance).
  3. Navigate to WAN, Internet, or DHCP Server settings. Look for the parameters labeled Primary DNS and Secondary DNS.
  4. Toggle the setting to manual, enter your preferred DNS IP addresses (e.g., Cloudflare's 1.1.1.1 and 1.0.0.1), and save your changes.

For detailed instructions by router manufacturer, see our guide on how to change DNS on router.

2. Configure on Windows (10 & 11)
  1. Open Settings and go to Network & internet → Advanced network settings.
  2. Click on your active connection (Wi-Fi or Ethernet) and select Edit next to DNS server assignment.
  3. Change the setting from Automatic (DHCP) to Manual, toggle IPv4 to On, and enter your preferred DNS addresses.
  4. Click Save and close settings.

Alternative: To change settings using PowerShell as Administrator, execute: Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses ('1.1.1.1','1.0.0.1').

3. Configure on macOS
  1. Go to Apple Menu → System Settings → Network.
  2. Click your active adapter, then click Details....
  3. Select the DNS tab in the sidebar.
  4. Click the '+' icon under the DNS Servers list, add your primary and secondary DNS IPs, and click OK.
4. Configure on Android

Go to Settings → Network & internet → Private DNS. Select Private DNS provider hostname and enter one.one.one.one (Cloudflare) or dns.google (Google) to enable secure DNS.

5. Configure on iOS / iPhone

Go to Settings → Wi-Fi. Tap the information 'i' icon next to your active network. Scroll down and tap Configure DNS → Manual. Tap Add Server and input the preferred IP addresses.

Section 9 — DNS Security & Privacy

The original DNS protocol, developed in the 1983, sends queries in plaintext over UDP port 53. This lacks encryption, exposing your internet activity to security vulnerabilities:

  • DNS Hijacking: Attackers or ISPs intercept DNS queries and redirect you to their own search portals or malicious sites.
  • DNS Spoofing (Poisoning): Attackers inject fake IP addresses into a recursive resolver's cache, redirecting users to phishing sites when they try to visit legitimate domains.
  • Plaintext Eavesdropping: Any device along the network path (including your ISP) can monitor and log the hostnames you resolve, building a history of your browsing habits.

To address these security concerns, modern web standards introduce secure, encrypted protocols:

DNS over HTTPS (DoH)

DoH encrypts DNS queries and wraps them inside secure HTTPS traffic on TCP port 443. This makes DNS traffic look like standard encrypted web traffic, preventing ISPs and network firewalls from monitoring or blocking your queries.

DNS over TLS (DoT)

DoT encrypts DNS traffic using TLS (Transport Layer Security) over a dedicated port (TCP port 853). Unlike DoH, DoT separates DNS queries from web traffic, making it easier for network administrators to monitor and manage.

DNSSEC (Domain Name System Security Extensions)

DNSSEC adds cryptographic signatures to DNS records at the authoritative server level. When a recursive resolver receives a query response, it verifies this signature to ensure the data has not been modified in transit, preventing DNS spoofing.

Section 10 — DNS vs VPN: Understanding the Differences

Many users wonder about the difference between changing their DNS settings and using a Virtual Private Network (VPN). While both tools improve your online privacy, they work in different ways and secure different parts of your network connection.

DNS (Domain Name System) changes how your computer translates domain names into IP addresses. Changing your DNS (or enabling secure DNS like DoH or DoT) encrypts your domain queries, preventing your ISP or network administrators from monitoring what websites you look up. However, DNS does not encrypt the actual traffic sent to those websites. Once the IP is resolved, any data you send (such as downloads or form entries) travels over your standard ISP connection.

VPN (Virtual Private Network) creates an encrypted tunnel for all your network traffic. When using a VPN, every packet sent from your device (including DNS queries, web traffic, and app data) is encrypted and routed through the VPN provider's server. This hides your physical location and IP address, preventing third parties from monitoring your online activity.

FeatureCustom/Secure DNSVirtual Private Network (VPN)
Encryption ScopeDomain name queries only.All network traffic and data packets.
IP Address ProtectionDoes not hide your public IP address.Masks your public IP with the VPN server IP.
Speed ImpactZero speed reduction; can improve load times.Slight speed reduction due to encryption overhead.
Setup Cost100% Free.Requires a paid subscription for high speeds.

For optimal security, you can use both tools together. A VPN secures your active connection, while a custom DNS configured on your router serves as a fallback for devices that cannot run VPN software.

Section 11 — Common DNS Error Codes

When DNS resolution fails, browsers display specific error codes depending on where the connection broke. Understanding these codes helps isolate the issue:

Error CodeWhat It MeansPrimary CauseTroubleshooting Guide
DNS_SERVER_NOT_RESPONDINGThe recursive resolver is offline or unreachable.ISP server failure or incorrect local settings.DNS Not Responding Guide
DNS_PROBE_FINISHED_NO_INTERNETThe DNS query probe completed but found no active internet link.Physical connection dropout or router gateway offline.No Internet Probe Guide
ERR_NAME_NOT_RESOLVEDThe browser cannot find the IP address for the requested domain.Typo in URL or local network connection issues.Troubleshoot Host
NXDOMAIN (Non-Existent Domain)The authoritative server reports the domain name does not exist.Domain registration expired or DNS propagation delay.Check Propagation

By identifying these error codes, you can determine if a connection issue is local to your device, a problem with your router, or an outage on your ISP's network.

Section 12 — DNS Troubleshooting

If you are experiencing DNS errors, use these step-by-step diagnostic actions to resolve the issue:

DNS Diagnostic Checklist:
  1. Perform an IP vs Domain Ping Test: Open your system command console. Execute ping 8.8.8.8. If the ping succeeds, your hardware is connected to the internet. Next, execute ping google.com. If this fails with a host resolution error, your DNS settings are misconfigured or offline.
  2. Flush Your Local DNS Resolver Cache: Corrupted or outdated records in your local DNS cache can cause resolution issues. Clear the cache using the terminal commands described in the OS guides above.
  3. Change Settings on Individual Clients: If you cannot access your router's administration panel, set your DNS settings manually on your specific computer or console to bypass the router's DNS proxy.
  4. Reset the TCP/IP Stack: If you experience persistent network issues, you can reset your network configurations back to default. On Windows, open Command Prompt as Administrator and run: netsh int ip reset followed by netsh winsock reset, then restart your PC.

For detailed diagnostic steps, check out our dedicated troubleshooting guides: /dns-server-not-responding and /dns-probe-finished-no-internet.

Section 13 — DNS Cache Explained

To speed up page loading, your device saves the results of previous DNS lookups in a temporary database called the DNS Cache. This prevents your browser from having to query external DNS resolvers every time you visit a site.

DNS caching occurs at multiple layers:

  • Browser Cache: Web browsers (like Chrome or Firefox) save resolved IP addresses for a short time (usually a few minutes) to speed up navigation. You can view and clear this cache directly in browser settings (e.g., in Chrome at chrome://net-internals/#dns).
  • OS Cache: Your computer's operating system maintains a system-wide DNS cache. Any application running on your computer can access this cache to find resolved addresses quickly.
  • Router Forwarding Cache: Your home router caches DNS query results to speed up lookups for all devices connected to your Wi-Fi network.
  • ISP Recursive Cache: Your Internet Service Provider's recursive resolver caches domain queries to handle requests from multiple users more efficiently.

Each DNS record contains a Time-to-Live (TTL) value set by the domain owner. The TTL specifies how long resolvers and client devices should cache the record before checking back with the authoritative server for updates. If a website changes servers or updates its IP address, users may experience connection issues until their local DNS cache expires.

To force your device to update its records immediately, you can flush your DNS cache manually. To learn how to do this on different platforms, check out our guide on how to flush DNS cache.

Section 14 — DNS FAQ

Find answers to common questions about the Domain Name System, resolver settings, speed optimization, and security below:

What is the Domain Name System (DNS)?

DNS stands for Domain Name System, and it serves as the directory of the internet. It translates human-friendly web addresses like 'google.com' into the numeric IP addresses (like '142.251.46.238' or IPv6 '2607:f8b0:4004:83f::200e') that computers, servers, and routers require to communicate. Without DNS, you would have to enter a long sequence of numbers for every page you want to visit.

What is the fastest DNS server?

Globally, Cloudflare's public DNS (1.1.1.1) is recognized as the fastest public resolver, with an average response time of 11-13ms according to global DNSPerf benchmarks. Google Public DNS (8.8.8.8) is the second-fastest option, averaging around 20ms, while boasting the highest global uptime and cached record availability.

Does changing my DNS improve my internet speed?

Changing your DNS resolver does not increase your physical internet bandwidth (your download or upload cap in Mbps). However, it improves your 'resolution latency'—the time it takes for your browser to look up a website's location and begin loading it. Because modern web pages load files from dozens of different domains, using a faster DNS makes browsing feel much snappier and websites load significantly quicker.

Is Cloudflare DNS better than Google DNS?

Both are excellent, but they serve slightly different priorities. Cloudflare (1.1.1.1) is faster in query resolution latency and has a stricter, verified privacy policy that deletes all transaction logs within 24 hours. Google DNS (8.8.8.8) is exceptionally reliable, utilizes a larger global cache, and supports EDNS Client Subnet (ECS) which helps CDNs route media streams to closer caching nodes, making it slightly better for video streaming.

What causes DNS errors?

DNS errors like 'DNS Server Not Responding' are typically caused by an overloaded resolver on your ISP's network, corrupted DNS cache records on your local computer, a misconfigured router setting, network adapter driver conflicts, or local security firewalls blocking UDP port 53 packets.

Is using a custom public DNS safe?

Yes, using public DNS resolvers from reputable organizations like Cloudflare, Google, and Quad9 is highly secure and often safer than using your ISP's default DNS. Reputable providers support secure protocols like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) that encrypt your queries, and providers like Quad9 actively block malicious domains to protect your system from malware.

What is a DNS cache?

A DNS cache is a temporary database maintained by your web browser and operating system that stores the IP addresses of websites you have recently visited. Saving these records locally allows your computer to bypass querying external DNS resolvers for subsequent visits to the same site, reducing page load times to nearly zero.

Should gamers change their DNS settings?

Yes, gamers should change their DNS settings to Cloudflare (1.1.1.1) or Google DNS (8.8.8.8). While changing DNS does not reduce your physical in-game ping (which is determined by server routing), it dramatically reduces matchmaking lookup delays, game server discovery times, lobby load times, and download speeds on networks like PSN and Xbox Live.

What is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) is a secure protocol that encrypts standard plaintext DNS queries (which run on UDP port 53) and wraps them inside secure HTTPS traffic on TCP port 443. This prevents ISPs, network administrators, or attackers from sniffing your browsing habits, hijacking your queries, or injecting malicious redirects.

How do I fix a 'DNS Server Not Responding' error?

To fix this error, start by flushing your local DNS cache using 'ipconfig /flushdns' in Command Prompt. If that fails, restart your router, update your network adapter drivers, temporarily disable your firewall/antivirus, or manually set your network settings to use public DNS servers like 1.1.1.1 and 8.8.8.8.

What is the fastest DNS for gaming?

The fastest DNS resolver for gaming is Cloudflare DNS (1.1.1.1 and 1.0.0.1). It consistently records the lowest query propagation time globally, which speeds up server lookup queries, matchmaking lobby initialization, and sign-ins on gaming networks. Google DNS (8.8.8.8 and 8.8.4.4) is a highly recommended secondary fallback due to its unmatched stability.

Can DNS reduce ping in multiplayer games?

No, custom DNS settings do not directly reduce your in-game ping once you are connected to a match. Ping is determined by the physical distance and network routing path between your home and the game server. However, a fast DNS resolver reduces the initial connection setup times, matchmaking discovery queues, and lobby load screens, preventing errors when joining multiplayer rooms.

Authority Networking Reference Directory

To help you configure and troubleshoot your network settings, we maintain a comprehensive directory of networking guides:

Change DNS on Router

Step-by-step configuration guide for TP-Link, ASUS, NETGEAR, D-Link, and Linksys.

Best DNS for Gaming

Ranked latency comparisons and manual setup instructions for lowest ping.

Best DNS for Faster Internet

Benchmark testing comparing Cloudflare, Google, and Quad9 for web browsing.

DNS Server Not Responding

Troubleshoot recursive resolver errors, gateway dropouts, and routing issues.

DNS Probe Finished No Internet

Diagnose browser errors when DNS checks verify hardware dropouts.

Gaming Network Optimization

Detailed guide to optimizing settings (QoS, DNS, ports) to minimize latency.

IP Database Directory

Complete database of default router IP addresses and config login setups.

DNS Leak Test tool

Test if your browser leaks unencrypted DNS queries to your default ISP resolver.

Best DNS Servers database

The complete list of verified public IPv4 and IPv6 DNS addresses.

Flush DNS Cache

How to clear cached DNS records on Windows, macOS, Chrome, and routers.

Quick Fix Checklist

  • 1Verify physical internet connectivity by pinging a public IP address (such as 8.8.8.8).
  • 2Manually change your DNS settings to Cloudflare (1.1.1.1) or Google DNS (8.8.8.8).
  • 3Flush your local operating system DNS cache ('ipconfig /flushdns' on Windows).
  • 4Reboot your router and network adapter to clear temporary cached forwarding tables.
  • 5Check and configure DNS settings on both the router level (WAN) and individual device levels.

Common Root Causes

ISP Resolver Congestion

Default DNS servers provided by your Internet Service Provider are often under-provisioned, leading to high latency spikes and query timeouts during peak evening usage hours.

Corrupted Local DNS Cache

Stale, outdated, or corrupted DNS lookup records stored in your operating system's memory can cause your browser to attempt connections to incorrect or old server IP addresses.

DNS Hijacking by ISP or Malware

Unencrypted DNS queries running over standard UDP port 53 can be intercepted by ISPs (to inject search portals) or local adware to redirect traffic to unauthorized, malicious sites.

Misconfigured Network Adapter Profiles

Incorrectly entered DNS IP addresses, outdated network drivers, or network routing loops caused by virtual network adapter conflicts (VPNs or virtual machines).

Step-by-Step Diagnostic Resolution Flow

  1. 1

    Verify Physical Connectivity

    Ensure your physical network adapter (Ethernet or Wi-Fi link) is active. To rule out DNS resolution failure, try pinging a public IP address directly (such as 8.8.8.8 or 1.1.1.1) in your system console. If the IP ping succeeds but domain name pings fail, your internet connection is active, and the issue lies purely in DNS configuration.

    Expert Tip: Open Command Prompt (Windows) or Terminal (macOS/Linux) and run 'ping 8.8.8.8'. If packets transmit and receive successfully, your hardware and ISP connection are operating correctly.
  2. 2

    Identify Your Current DNS Resolver

    Check which DNS servers your operating system is querying. On Windows, open a console and execute 'ipconfig /all', looking for the 'DNS Servers' line under your active adapter. On macOS or Linux, print the resolver configuration file by running 'cat /etc/resolv.conf' in the terminal.

    Expert Tip: If the DNS server IP listed matches your default gateway (e.g., 192.168.1.1), your computer is utilizing the router's DNS proxy forwarding table.
  3. 3

    Flush Your Local OS DNS Cache

    Clear out stale, outdated, or corrupted domain-to-IP mappings saved in your system memory. This forces your browser to request fresh, updated IP address entries from your DNS resolver, bypassing old cached data that might be causing errors.

    Expert Tip: On Windows, run 'ipconfig /flushdns' as an administrator. On macOS, run 'sudo killall -HUP mDNSResponder' in the terminal.
  4. 4

    Manually Configure DNS Resolver Addresses

    Upgrade from default ISP name servers to high-performance public resolvers. Configure your network adapter's IPv4 properties to use Cloudflare DNS (Primary: 1.1.1.1, Secondary: 1.0.0.1) or Google DNS (Primary: 8.8.8.8, Secondary: 8.8.4.4). For router-level configuration, log in to your router console and input these IPs in the WAN DNS parameters.

    Expert Tip: Always configure both Primary and Secondary DNS addresses to ensure automatic failover redundancy if one provider experience outage.
  5. 5

    Audit Secure Protocol Options (DoH / DoT)

    Ensure your DNS traffic is encrypted by setting up DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT). In web browsers like Chrome, Edge, or Firefox, navigate to privacy settings and enable secure DNS, choosing a custom provider. On modern operating systems or routers, configure systemic DoH profiles to prevent ISP sniffing.

    Expert Tip: Wrapping DNS traffic in HTTPS over port 443 keeps your network queries private and prevents local middleware devices from hijacking your DNS packets.

When To Contact Your ISP

If custom DNS settings are configured correctly on both the router and local clients, but web browsers continue to report name resolution failures, contact your ISP. They may be employing transparent DNS hijacking proxies at the modem level or experiencing core routing failures that block external DNS queries on port 53.

Expert Q&A & Troubleshooting Insights

What is the Domain Name System (DNS)?

DNS stands for Domain Name System, and it serves as the directory of the internet. It translates human-friendly web addresses like 'google.com' into the numeric IP addresses (like '142.251.46.238' or IPv6 '2607:f8b0:4004:83f::200e') that computers, servers, and routers require to communicate. Without DNS, you would have to enter a long sequence of numbers for every page you want to visit.

What is the fastest DNS server?

Globally, Cloudflare's public DNS (1.1.1.1) is recognized as the fastest public resolver, with an average response time of 11-13ms according to global DNSPerf benchmarks. Google Public DNS (8.8.8.8) is the second-fastest option, averaging around 20ms, while boasting the highest global uptime and cached record availability.

Does changing my DNS improve my internet speed?

Changing your DNS resolver does not increase your physical internet bandwidth (your download or upload cap in Mbps). However, it improves your 'resolution latency'—the time it takes for your browser to look up a website's location and begin loading it. Because modern web pages load files from dozens of different domains, using a faster DNS makes browsing feel much snappier and websites load significantly quicker.

Is Cloudflare DNS better than Google DNS?

Both are excellent, but they serve slightly different priorities. Cloudflare (1.1.1.1) is faster in query resolution latency and has a stricter, verified privacy policy that deletes all transaction logs within 24 hours. Google DNS (8.8.8.8) is exceptionally reliable, utilizes a larger global cache, and supports EDNS Client Subnet (ECS) which helps CDNs route media streams to closer caching nodes, making it slightly better for video streaming.

What causes DNS errors?

DNS errors like 'DNS Server Not Responding' are typically caused by an overloaded resolver on your ISP's network, corrupted DNS cache records on your local computer, a misconfigured router setting, network adapter driver conflicts, or local security firewalls blocking UDP port 53 packets.

Is using a custom public DNS safe?

Yes, using public DNS resolvers from reputable organizations like Cloudflare, Google, and Quad9 is highly secure and often safer than using your ISP's default DNS. Reputable providers support secure protocols like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) that encrypt your queries, and providers like Quad9 actively block malicious domains to protect your system from malware.

What is a DNS cache?

A DNS cache is a temporary database maintained by your web browser and operating system that stores the IP addresses of websites you have recently visited. Saving these records locally allows your computer to bypass querying external DNS resolvers for subsequent visits to the same site, reducing page load times to nearly zero.

Should gamers change their DNS settings?

Yes, gamers should change their DNS settings to Cloudflare (1.1.1.1) or Google DNS (8.8.8.8). While changing DNS does not reduce your physical in-game ping (which is determined by server routing), it dramatically reduces matchmaking lookup delays, game server discovery times, lobby load times, and download speeds on networks like PSN and Xbox Live.

What is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) is a secure protocol that encrypts standard plaintext DNS queries (which run on UDP port 53) and wraps them inside secure HTTPS traffic on TCP port 443. This prevents ISPs, network administrators, or attackers from sniffing your browsing habits, hijacking your queries, or injecting malicious redirects.

How do I fix a 'DNS Server Not Responding' error?

To fix this error, start by flushing your local DNS cache using 'ipconfig /flushdns' in Command Prompt. If that fails, restart your router, update your network adapter drivers, temporarily disable your firewall/antivirus, or manually set your network settings to use public DNS servers like 1.1.1.1 and 8.8.8.8.

What is the fastest DNS for gaming?

The fastest DNS resolver for gaming is Cloudflare DNS (1.1.1.1 and 1.0.0.1). It consistently records the lowest query propagation time globally, which speeds up server lookup queries, matchmaking lobby initialization, and sign-ins on gaming networks. Google DNS (8.8.8.8 and 8.8.4.4) is a highly recommended secondary fallback due to its unmatched stability.

Can DNS reduce ping in multiplayer games?

No, custom DNS settings do not directly reduce your in-game ping once you are connected to a match. Ping is determined by the physical distance and network routing path between your home and the game server. However, a fast DNS resolver reduces the initial connection setup times, matchmaking discovery queues, and lobby load screens, preventing errors when joining multiplayer rooms.