DNS Settings

Follow the steps below to configure DNS-over-HTTPS for any of the DNS providers listed below. Click on a provider to have the necessary URLs populate in the instructions.

Android

How to configured a custom DNS provider on Android

  1. Settings
  2. Network & Internet
  3. Advanced
  4. Private DNS
  5. Set Private DNS Provider Hostname: (option from below)
  6. Click Save

iOS

How to configured a custom DNS provider on iOS

  1. Settings
  2. Wi-Fi
  3. Tap the connected network
  4. Configure DNS
  5. Manual
  6. Tap Add Search Domain and enter: (option from below)
  7. Remove any DNS Services and Search Domains you do not want to use

Note: You will need to repeat this process for every network you connect to!

Chromium

How to configured a custom DNS provider on Chromium-based browsers

  1. Menu
  2. Settings
  3. Privacy and security
  4. Security
  5. Turn on Use Secure DNS
  6. Tap the input field and enter: (option from below)

Firefox

How to configured a custom DNS provider on Firefox

  1. Menu
  2. Settings
  3. General
  4. Network Settings
  5. Click Settings
  6. Check Enable DNS-over-HTTPS
  7. Select Custom on the Use Provider option
  8. Tap the input field and enter: (option from below)

Providers

Provider DNS-Over-TLS (DOT) IPv4 IPv6 DNS-Over-HTTPS (DOH) Filters Ads Adult Malware Privacy Proxies Security VPNs 🛈
SaferPC dns.saferpc.info 169.47.218.87 / 96.77.241.182 2607:f0d0:1e01:76::2 https://dns.saferpc.info/dns-query Security Yes No Yes Yes No Yes No 🛈
CleanBrowsing family-filter-dns.cleanbrowsing.org 185.228.169.168 / 185.228.168.168 2a0d:2a00:1:: / 2a0d:2a00:2:: https://doh.cleanbrowsing.org/doh/family-filter Family Yes Yes No Yes Yes Yes Yes 🛈
CleanBrowsing adult-filter-dns.cleanbrowsing.org 185.228.168.10 2a0d:2a00:1::1 / 2a0d:2a00:2::1 https://doh.cleanbrowsing.org/doh/adult-filter Adult Yes Yes No Yes No Yes No 🛈
CleanBrowsing security-filter-dns.cleanbrowsing.org 185.228.168.9 2a0d:2a00:1::2 / 2a0d:2a00:2::2 https://doh.cleanbrowsing.org/doh/security-filter Security Yes No Yes Yes No Yes No 🛈
CloudFlare one.one.one.one 1.1.1.1 / 1.0.0.1 2606:4700:4700::1111 / 2606:4700:4700::1001 https://cloudflare-dns.com/dns-query None No No No Yes No No No 🛈
CloudFlare security.cloudflare-dns.com 1.1.1.2 / 1.0.0.2 2606:4700:4700::1112 / 2606:4700:4700::1002 https://security.cloudflare-dns.com/dns-query Security No No No Yes No Yes No 🛈
CloudFlare family.cloudflare-dns.com 1.1.1.3 / 1.0.0.3 2606:4700:4700::1113 / 2606:4700:4700::1003 https://family.cloudflare-dns.com/dns-query Security+Adult Yes Yes Yes Yes No Yes No 🛈
Google dns.google 8.8.8.8 / 8.8.4.4 2001:4860:4860::8888 / 2001:4860:4860::8844 https://dns.google/dns-query None No No No No No No No 🛈
OpenDNS dns.opendns.com 208.67.222.222 / 208.67.220.220 2620:0:ccc::2 / 2620:0:ccd::2 https://doh.opendns.com/dns-query Security No No Yes No No Yes No 🛈
OpenDNS FamilyShield familyshield.opendns.com 208.67.222.123 / 208.67.220.123 2620:119:53::123 / 2620:119:35::123 https://familyshield.opendns.com/dns-query Security No Yes Yes No No Yes No 🛈
Quad9 dns.quad9.net 9.9.9.9 / 149.112.112.112 2620:fe::9 / 2620:fe::fe https://dns.quad9.net/dns-query Security Yes No Yes Yes No Yes No 🛈
UncensoredDNS anycast.uncensoreddns.org 91.239.100.100 2001:67c:28a4:: https://anycast.uncensoreddns.org/dns-query None No No No Yes No No No 🛈

Protocols

The following table illustrates the differences between different types of DNS protocols.

Short Name Port Secure? Description 🛈
DNS Domain Name Service 53 No Standard DNS can be served on either UDP or TCP, though is usually served on UDP. DNS is insecure by its nature and may be intercepted or hijacked along the route. For example, Comcast/Xfinity intercepts all DNS requests made by all customers. This means they can replace answers to interfere with legitimate traffic or simply track every website you visit. 🛈
DoT DNS-over-TLS 853 Yes DoT is intended to solve the security issues inherent with standard DNS. 🛈
DoH DNS-over-HTTPS 443 Yes DoH is a secure alternative to DNS and DoT, which uses secure web requests to a trusted provider. 🛈

While DNS-over-TLS is designed to be secure, some ISPs intercept all traffic to both standard DNS (port 53) and DNS-over-TLS (port 853), replacing queries with answers from their own DNS services, effectively hijacking requests. Use DNS-over-HTTPS where possible instead.