ISP’s Default DNS Server
Your computers, phones, and other devices normally use the Domain Name System (DNS) server with which the router is configured. Unfortunately, this is often the one provided by your Internet Service Provider (ISP). These lack privacy features and also might be slower than some alternatives.
The solution to this issue is DNS over HTTPS (DoH). This new protocol simply encrypts the contents of a DNS query so third parties can’t sniff it out. Major DNS providers, like Cloudflare, OpenDNS, and Google Public DNS, already support it. However, Chrome and Firefox are also in the process of rolling it out.
Aside from the privacy improvements, DoH prevents any tampering with DNS queries in transit. It’s just a more secure protocol, and everyone should use it.
Your ISP Can Log Your Browsing History
If you care at all about privacy online, using your ISP’s DNS server is a massive problem. Every request sent can be logged and tells your ISP which websites you browse, down to the hostnames and subdomains. Browsing history like this is the kind of valuable data off of which many companies make huge profits.
Many ISPs claim they don’t log customer data (and even though it’s legal to do so), it would be very easy to implement since they control the DNS servers you use. In the USA the FTC was concerned enough to investigate whether ISPs are doing this. Laws and regulations in other countries vary, so it’s up to you whether you trust your ISP.
It’s worth noting that your ISP has adopted DoH, but this doesn’t protect your privacy when it comes to the company monitoring your DNS queries. DoH secures the connection between you and the DNS provider, but, in this case, Comcast is the DNS provider and, therefore, can still see the queries.
Of course, DNS isn’t the only way ISPs track you. They can also see the IP addresses you connect to, regardless of which DNS server you use. They can glean a lot of information about your browsing habits this way. Changing DNS servers won’t stop your ISP from tracking, but it will make it a little harder.
Using a virtual private network (VPN) for your daily browsing is the only real way to prevent your ISP from seeing what you’re connecting to online.
Third-Party DNS Servers Might Be Faster, Too
In addition to privacy concerns, DNS services provided by ISPs can be slower than Google or Cloudflare. This isn’t always the case, as your ISP will generally be closer to you than a third party, but many people get faster speeds with a third-party DNS server.
Which Public DNS Server Should You Use?
If you want to switch to a public DNS server, you have a few options. The most common is Google’s Public DNS, which use the addresses 126.96.36.199 and 188.8.131.52.
If you trust Google less than your ISP, you can also use CloudFlare’s DNS, which claims to be the fastest and takes a privacy-first stance. The main address for it is 184.108.40.206, with an alternate of 220.127.116.11.
Lastly, you can also use OpenDNS, from Cisco.
Use dnscrypt-proxy, it's a flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).
All the details are here: