Almost every connection to the Internet depends on the Domain Name System. DNS, as it is often called, translates domain names such as gadgethacks.com into IP addresses, which network devices use to route data. The problem with DNS servers is that they do not take your privacy into account.
How regularly DNS works
When you type a "friendly" URL in the address bar of your browser (eg Gadgethacks.com), your phone first connects to a DNS server. This acts as a kind of internet phone book and replaces the descriptive name you entered with the website's IP address, usually a series of digits.
By default, this connection is not encrypted. This means that you are prone to man-in-the-middle attacks where hackers make their device look like a Wi-Fi hotspot. If you accidentally connect to one, they can redirect your DNS requests to malicious websites where they can infect your phone or mislead you to disclose personal information.
As a result, the industry has created tools for the interaction between your device and the DNS server. These include DNS via HTTPS (DoH) and DNS via TLS (DoT), which encrypt the communication between your phone and the DNS server. Encrypted data is unreadable without a private key that hackers should not have.
The problem is that many ISPs and wireless providers do not use these security tools, putting you at risk for this type of attack. A major reason for this is that ISP & # 39; s often sell your DNS logs to advertisers, so good security costs them money.
How Private DNS works
In Android 9 Pie, Google added two very important things to protect its users, even if ISPs do not: support DNS via TLS and Private DNS. Android uses DoT by default as long as the DNS server supports this. With Private DNS you can manage DoT usage, along with the ability to access public DNS servers.
Public DNS servers offer many benefits of the DNS servers provided by your wireless network provider. Some do not record information about how you use their servers. This means no tracking of your whereabouts online and no third-party advertisements that use your data. Many support DoT and DoH so that your data is encrypted.
Before Android 9, the only way to use private DNS servers was to configure them for individually stored Wi-Fi networks or to use a local VPN. The previous method had the limitation that it only applied to Wi-Fi, which means that your phone was vulnerable to mobile data. The latter meant that you had to pay a subscription for a reputable provider. Thanks to Private DNS support, all these disadvantages have disappeared, since Private DNS applies to all data connections and is usually free.
Because native support for private DNS is a newer feature, you must use Android 9 or higher. In that case go to Settings -> Network and internet -> Advanced or Settings -> Connections -> More connection settings and tap "Private DNS"
Now select "Host name of private DNS provider" in the pop-up and enter the URL of your private DNS service in. The most common is the free 22.214.171.124 service from Cloudflare, so if you want to work with it, copy the text in the code box below and paste it into your settings.
We recommend Cloudflare because they support DoH and DoT and access to the server is completely free. The only problem is that they do some logging. Most of the logging is deleted after 24 hours, but there are a few data points (which you can view here ) that are stored indefinitely.
If you want to use the Cloudflare DNS service, but you are on an older Android version without the above setting, you can still get things done by installing a local VPN app. It sounds a bit complicated, but it's not that bad – just view the instructions in our full tutorial below.
Another great option is NextDNS, which allows you to configure the security level. You can bypass restrictions (such as countries that block certain social media platforms) and again, it's completely free. If you want to know more, see how we used NextDNS to protect against a shady app on Samsung phones.
Don't Miss It: More Android Security Tips & Tricks