What's your preferred DNS?

I lost connectivity about an hour ago and a bit of detective work tied it down to PlusNet dns servers being down. My Hub2 was set to allocate dns servers automatically so, having managed eventually to find where I could change the setting to manual, I've set 8.8.8.8 as my primary server so I'm back online.

This made me wonder what other people do, what do others prefer?

9.9.9.9 for Quad 9
https://www.quad9.net/

Or 1.1.1.1 for Cloudflare
https://1.1.1.1/dns/

I avoid google (8.8.8.8) for privacy reasons.

Cloudflare 1.1.1.1

A combination of Quad9 and OpenDNS, Both have dual-stack support (servers operating on IPv6 and IPv4 addresses) and both can optionally provide a basic level of blocking on known malware domains by filtering the DNS results returned.

I try to avoid relying on a single DNS provider, but if you are a registered user customising their DNS blocking you may need to do this.

I mostly only configure DNS at the network (router or DHCP server) level rather than per device, as I expect devices to request their DNS config from the network (DHCP and/or RDNSS).

When using VPN tunnels to other systems I factor in whether only certain domains should be queried to an remote LAN DNS server over the tunnel such as where it's a private DNS namespace (e.g. Split DNS).

A router or gateway device is often best placed to determine whether a particular DNS query should use a LAN server or forward to an external service or use the root servers, unless you have a dedicated DNS server on your LAN.

Note that indiscriminately setting all your individual devices to use an external DNS service may result in lookups for your LAN hostnames or FQDNs being inadvertently visible to the wider Internet, unless your router filters outgoing DNS requests for private resources.

For similar reasons it's important for users on domain-joined work computers not to mess with their DNS settings as they almost always need to favour domain-controlled DNS services so that internal services resolve correctly and without timeouts.

Edited by prlzx (Mon 15-Jan-24 20:59:26)

Ta everyone. Avoiding a single source seems sensible and the way to go so I've opted for Quad9 and Cloudflare.

Note that quad9 does Malware filtering. You can get the equivalent service from Cloudflare by using 1.1.1.2. Or if you use 1.1.1.3 then you get malware + "adult content" filtering.

Self-hosted Bind 9 server in the cloud, I connect via dns-over-https. Un-filtered queries forwarded to VM's resolver and returned to me, filtered queries return nxdomain.

Annoyingly I can only use it for web browsers due to Windows 10's lack of DoH support, but browsing is 99% of my queries anyway. Windows is using Google DNS due to Sky's lack of DNSSEC support on their resolvers.

I noticed yesterday when Plusnet DNS went pop that the default IP lease time in the Hub 2 is 1 day which means waiting a long time for devices to automatically pick up the new DNS servers (thats if you don't want to run round to each device), I have reduced the lease time down to 1 hour so I can have a coffee and relax.

Cloudflare 1.1.1.1 for me after last September's PN outage. My wife lost her connection last night so I switched her PN to 1.1.1.1 and connected at once. These downtimes were the first in many years with Plusnet, I wonder are its systems being wound down in preparation for switch to BT/EE?

In reply to a post by Malwaremike:

These downtimes were the first in many years with Plusnet

Same here. I've always just stuck with the automatic settings until now on the basis of 'if it aint broke.....' and it was a very easy fault to diagnose so no harm done.