I agree with SoP’s response and also your comment. 9.9.9.9 is a totally acceptable alternative, in my opinion. I honestly should have mentioned it. Nice comment!
Will look into that. Though Switzerland's place as a privacy sanctuary may be coming to an end. There are some new laws in the works that are anti-privacy.
This is a great post.... this alone is a great tip:
"Flip your router’s upstream DNS to Cloudflare 1.1.1.1 (primary) and 1.0.0.1 (secondary). If your firmware supports DoT, use tls://one.one.one.one.
This is completely FREE and takes minimal time and effort.
Cloudflare, in partnership with KPMG, conducts annual audits of their DNS service, 1.1.1.1, to ensure that they are not logging users' IP addresses and maintaining their privacy-first approach. These audits are meant to verify that Cloudflare adheres to its promise of not collecting or logging user data."
If your Orbi is tunneling all traffic through a VPN, changing the WAN-side DNS from the ISP default to Cloudflare 1.1.1.1 only matters if the VPN client actually lets that DNS traffic through unchanged.
Most consumer VPN services push their own DNS servers down the tunnel to prevent “DNS leaks” (I know ProtonVPN does this). In that case the router will silently swap your router's DNS for the VPN provider’s resolver, and your tweak has no effect except as a fallback if the tunnel drops.
Some VPN clients (or custom OpenVPN/WireGuard configs) allow custom DNS. If your Orbi’s VPN tab has a box that says “Use these DNS servers” and you enter 1.1.1.1 there, the queries will ride inside the encrypted tunnel to Cloudflare. Your ISP still can’t see them, but now your DNS privacy is in Cloudflare’s hands instead of the VPN company’s.
Performance gains are marginal once everything is inside a VPN; the extra 30–60 ms of tunnel latency usually dwarfs any speed difference between resolvers. But Cloudflare may still be a bit faster or more reliable than a small VPN provider’s DNS in distant regions.
VPN would be an extra layer. In some respects, changing your DNS setting like recommended in the post adds a VPN to your router, so you have a VPN at the router level instead of the device level.
Quad9
Rather switch to quad9.net at 9.9.9.9 they're under Swiss jurisdiction, the best privacy guarantees.
I agree with SoP’s response and also your comment. 9.9.9.9 is a totally acceptable alternative, in my opinion. I honestly should have mentioned it. Nice comment!
Will look into that. Though Switzerland's place as a privacy sanctuary may be coming to an end. There are some new laws in the works that are anti-privacy.
This is a great post.... this alone is a great tip:
"Flip your router’s upstream DNS to Cloudflare 1.1.1.1 (primary) and 1.0.0.1 (secondary). If your firmware supports DoT, use tls://one.one.one.one.
This is completely FREE and takes minimal time and effort.
Cloudflare, in partnership with KPMG, conducts annual audits of their DNS service, 1.1.1.1, to ensure that they are not logging users' IP addresses and maintaining their privacy-first approach. These audits are meant to verify that Cloudflare adheres to its promise of not collecting or logging user data."
Forgive the ignorance here, but how does this interact with a VPN service such as Mullvad?
I think my proton vpn supersedes the router dns so if you are on that, it’s moot. But are all your devices on vpn all the time? :-)
This is the thing. The person reading this is probably covered, but ‘smart’ devices and those of friends and family visitors are likely not…
what about using something like a Netgear Orbi router, with and network wide VPN? Would switching to 1.1.1.1 make any difference at that point?
If your Orbi is tunneling all traffic through a VPN, changing the WAN-side DNS from the ISP default to Cloudflare 1.1.1.1 only matters if the VPN client actually lets that DNS traffic through unchanged.
Most consumer VPN services push their own DNS servers down the tunnel to prevent “DNS leaks” (I know ProtonVPN does this). In that case the router will silently swap your router's DNS for the VPN provider’s resolver, and your tweak has no effect except as a fallback if the tunnel drops.
Some VPN clients (or custom OpenVPN/WireGuard configs) allow custom DNS. If your Orbi’s VPN tab has a box that says “Use these DNS servers” and you enter 1.1.1.1 there, the queries will ride inside the encrypted tunnel to Cloudflare. Your ISP still can’t see them, but now your DNS privacy is in Cloudflare’s hands instead of the VPN company’s.
Performance gains are marginal once everything is inside a VPN; the extra 30–60 ms of tunnel latency usually dwarfs any speed difference between resolvers. But Cloudflare may still be a bit faster or more reliable than a small VPN provider’s DNS in distant regions.
hope this helps
This is tremendously helpful thank you 🙏
My pleasure! Glad it helped. Thank you for taking your privacy seriously in an age when many do not
No worries.
VPN would be an extra layer. In some respects, changing your DNS setting like recommended in the post adds a VPN to your router, so you have a VPN at the router level instead of the device level.
Before I read all that, what are you selling?
Absolutely nothing lol