There is been some talk about using a "private" DNS like Quad9 (9.9.9.9) that helps with your internet privacy especially from using your ISP's DNS. How does this work? Doesn't your ISP see your traffic either way unless you are on VPN?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How does using "private" DNS censor me from my ISP?
- Thread starter MacBH928
- Start date
- Sort by reaction score
VPN mean virtual private network so data is encrypt from the VPN client to VPN Service! So the ISP just sees garbled traffic coming from you! That is point of VPN service!
Better reread the post, I seems OP is aware about what VPN does, but not how changing dns by itself helps.
That said I don't have an answer to the original question.
The way way is find another DNS free server: US Public DNS servers or UK UKPublic servers.
It’s best to change the DNS in your home router to be sure!
It’s best to change the DNS in your home router to be sure!
Last edited:
Well for thin most DNS centers in ISP use public severs in one’s Government! So to keep up to dat go to source that closet to you would be the best! To change in you router just get into router and follow your nose to section to ISP section and manually put into the closet server to you!
Now in Safari Private browsing that just means Safari will not collect cookies that web site deposit on ones browser! It is just bad name and IMHO it should just say will not collect cookies mode or something along that line!
OK also when you get a VPN client (of your trust) and also on Mac OS in network/advanced tab put a check mark in send all data through VPN connection!
Now in Safari Private browsing that just means Safari will not collect cookies that web site deposit on ones browser! It is just bad name and IMHO it should just say will not collect cookies mode or something along that line!
OK also when you get a VPN client (of your trust) and also on Mac OS in network/advanced tab put a check mark in send all data through VPN connection!
If you are using the DNS servers of your ISP, then they know what websites you are visiting. They may even keep a log of what websites you requested. If you change your DNS setting, you are no longer giving your ISP that information. But do you trust the other DNS provider? How are they using your data?
However, your ISP could intercept your DNS requests (and track them) since most DNS request are made over insecure methods.
if your running a public VPN service ike nordVPV, the vpn itself asserts its own dns settings. Some vpn's own operate their own DNS some times they hire it out. Either way, the vpn serice over rides your dns settings.
there is a rumor some internet providors have a script maybe in your cable modem to over ride your dns settings and inject their own.
there is a few web sites that will report back exactly who is your dns. I dont know the best and safe ones to pick here?
there are a few encrypted dns
there is a rumor some internet providors have a script maybe in your cable modem to over ride your dns settings and inject their own.
there is a few web sites that will report back exactly who is your dns. I dont know the best and safe ones to pick here?
there are a few encrypted dns
Then why do services like quad9 even bothering building their own DNS as a private alternative? There is also NextDNS and AdGuard. Something is missing from the picture.
Yes, some devices/software force their own DNS like Chromecast and I think Samsung TVs. I use ipleak.net to check my dns.
Yes. My understanding is that you would either need to be using a VPN, or take active measures on your devices or network to deploy encrypted DNS (DoT or DoH).
https://blog.cloudflare.com/dns-encryption-explained/
Below are quotes from relevant sections of the article (emphasis mine):
Ever since DNS was created in 1987, it has been largely unencrypted. Everyone between your device and the resolver is able to snoop on or even modify your DNS queries and responses. This includes anyone in your local Wi-Fi network, your Internet Service Provider (ISP), and transit providers. This may affect your privacy by revealing the domain names that are you are visiting.
Two standardized mechanisms exist to secure the DNS transport between you and the resolver, DNS over TLS (2016) and DNS Queries over HTTPS (2018).
As both DoT and DoH are relatively new, they are not universally deployed yet. On the server side, major public resolvers including Cloudflare’s 1.1.1.1 and Google DNS support it. Many ISP resolvers however still lack support for it.
Do they require you to install an app or other software on your device? If so, it might be enabling encrypted DNS.
it is a worthless effort to take control of your DNS.
to prove my point; every now and than take a peek at: SystemPreferences -> Network -> DNS -> DNS Servers
it should normally be pointed 192.168.x.1 Your hone network router
so back to the public VPN:
Using a public VPN service, using one of their off-shore servers in a hell hole area of the world the DNS you use in N America might be effective.
i almost always use a public vpn service, even in my iPhone
it does NOT hide as much as you think
to prove my point; every now and than take a peek at: SystemPreferences -> Network -> DNS -> DNS Servers
it should normally be pointed 192.168.x.1 Your hone network router
so back to the public VPN:
Using a public VPN service, using one of their off-shore servers in a hell hole area of the world the DNS you use in N America might be effective.
i almost always use a public vpn service, even in my iPhone
it does NOT hide as much as you think
DoT and DoH is cool but their argument is that it just hides the data from your ISP and makes it available to your DNS provider (Cloudflare). I don't use it as I use PiHole and rather use a VPN over simple DoT.
To use Quad9 all you have to do is switch your DNS provider to 9.9.9.9 which can be done on almost any device in the network preferences. I believe encrypted DNS does not require extra software, FireFox has it built in and set ON by default now days.
This is the Quad9 website: https://www.quad9.net
I think you are missing the point how VPN works. It anonymise the users. A thousand people (including you) connect to the VPN server, then that server uses DNS resolvers. The problem is the DNS provider does not know WHO is making the request except that its coming from the VPN server.
If your VPN provider does not log who connected to their server and when, its impossible to know who made the requests hence providing privacy. You have to trust the VPN provider kind of like how you trust your doctor, lawyer, or bank. The only VPN providers I find trust worthy are ProtonVPN and Mullvad, but I trust Proton more.