Cloudflare’s 1.1.1.1 DNS server is popular for its speed, reliability, and support DNS over HTTPs (DOH), which gives you some added privacy. However, 1.1.1.1 doesn’t do much besides lookup IP addresses for you. If you want something that offers additional security, you should try 1.1.1.2 instead.
A Domain Name System (DNS) server functions like the internet’s phone book. Whenever you enter a website’s address into your browser’s address bar, your PC forwards that address to the DNS server, and then the DNS server returns an IP address.
Your PC (or phone) uses that IP address to actually send and receive information with whatever website you’re talking to.
DNS servers aren’t strictly necessary for the internet to work, but without them, you’d need to memorize websites’ IP addresses—a daunting task.
If your DNS server is working perfectly, and you only need to fetch IP addresses, then your choice of DNS server doesn’t matter too much. However, there are a few situations where changing your DNS server can make a difference.
If your current DNS server is down or overloaded, switching to a new DNS server can fix connection or lag issues. Fortunately, problems like that are generally pretty rare now.
More interestingly, because DNS servers sit between you and the websites you connect to, they can also be used to filter your results. Used the right way, that is a powerful tool.
Cloudflare’s 1.1.1.1 is one of the most popular DNS servers. It is fast, reliable, and easy to remember. However, it’ll also connect you with any website out there—even a malicious one—without even a warning message.
That is where Cloudflare’s 1.1.1.2 DNS server comes in. For the most part, 1.1.1.2 works the same way as 1.1.1.1—it provides IP addresses—but it also has an integrated security filter. If you try to connect to a domain known for phishing, running command and control servers, distributing malware, or other kinds of malicious activity, you’ll be redirected to 0.0.0.0 instead.
Because the protection layer exists outside your PC and your home network, malware never even reaches your PC, and if you click a phishing link, you’re never connected. It is a very proactive way to keep your devices safe, and great if you want another passive layer of protection that you can set and forget.
Cloudflare’s 1.1.1.3 DNS server includes everything that 1.1.1.1 and 1.1.1.2 do, but it takes it a step further by blocking websites that are known to host adult-only content.
Despite how helpful DNS-based filtering can be for securing your network and your devices, it has a few limitations.
The biggest limitation—and the most important—is that it only works against known malicious domains. If a new domain crops up that is distributing malware, or a previously-safe domain is taken over by malicious actors, it won’t help you. That is why having multiple layers of protection is essential.
It can also return a false positive and block a perfectly safe website, though that is pretty rare.
To filter your entire network, you need to change the DNS server used by your router. If your router has an app available for desktop or mobile, I’d recommend using that, since they’re usually pretty user-friendly.
If they don’t, you can enter your router’s IP address in the address bar of your browser to log in instead. Most of the time, your router’s IP address will be 192.168.0.1 or 10.0.0.1, but if neither work, you can run ipconfig /all in the Terminal and look for the Default Gateway entry.
Once you’ve logged in to your router, look for settings related to DNS or DHCP—the setting to change your DNS server is usually in there somewhere. On my TP-Link router, it was located in Advanced > Network > DHCP Server.
Once you’re there, set the Primary DNS server to 1.1.1.2 and the Secondary (sometimes called alternate) to 1.0.0.2.
To change your DNS server on Windows, press Windows+i, then go to Settings > Network & internet > Ethernet (or Wi-Fi) > (Your Network), and click Edit next to DNS Server Assignment.
Click the drop-down menu that says Automatic and change it to Manual, enable IPv4, change Preferred DNS to 1.1.1.2 and Alternative DNS to 1.0.0.2, then click Save.
Changing your DNS server isn’t a silver bullet that will protect you from every source of malware on the internet, but it is an important layer of protection in a world with increasingly sophisticated types of malware.
Source: Nick Lewis howtogeek.com
