A DNS server (also known as a name­serv­er) is special server software that uses a DNS database to answer queries about the Domain Name System. Since DNS servers are usually located on dedicated hosts, the computers that host the cor­re­spond­ing programs are also called DNS servers.

Free DNS
Reduce page loading speeds with free DNS
  • Faster domain res­o­lu­tion to keep you online longer
  • Added pro­tec­tion against outages and downtime
  • No domain transfer needed

Thanks to DNS, internet users can enter a domain, i.e. a memorable name, in the browser’s address bar. Every domain on the internet has at least one IP address, which computers require to com­mu­ni­cate on the network. A DNS server knows the com­bi­na­tions of domains and IP addresses or knows which other DNS server to forward the request to. So when a website is accessed, a request is first made to one or more DNS servers in order to finally be connected to the website. This makes DNS servers core elements of a func­tion­ing internet.

Different types of DNS servers

A dis­tinc­tion is made between au­thor­i­ta­tive and non-au­thor­i­ta­tive DNS servers when it comes to DNS operation.

  • Au­thor­i­ta­tive DNS servers store secured domain in­for­ma­tion about a specific zone of the domain name space in their DNS database. The DNS is struc­tured in such a way that there is at least one au­thor­i­ta­tive name­serv­er for each zone. Systems like these are usually im­ple­ment­ed as a server cluster, where identical zone data is stored on a master system and several slaves. In this case, they are referred to as primary and secondary name­servers. This type of re­dun­dan­cy increases the re­li­a­bil­i­ty and avail­abil­i­ty of an au­thor­i­ta­tive name­serv­er.
  • Non-au­thor­i­ta­tive DNS servers use a name­serv­er’s DNS in­for­ma­tion not from their own zone file, but from a second or third hand one. A situation like this occurs when a name­serv­er cannot answer a query due to its own data stock and obtains the in­for­ma­tion from another name­serv­er (recursion). This DNS data is tem­porar­i­ly stored in local memory (caching) and delivered when new queries are made. However, since the entries in the actual zone file may have changed in the meantime, DNS in­for­ma­tion from non-au­thor­i­ta­tive name­servers is unsecure.

How do DNS servers resolve a DNS request?

Resolving a DNS request to the correct IP address is done step by step:

Image: An overview of DNS query resolution
While the DNS request is being resolved, the DNS resolver com­mu­ni­cates with various DNS servers. This is how it finds the IP address that the client requested at the beginning.
  1. The client where the domain name or URL was accessed first sends a request to the DNS resolver.
  2. The DNS resolver forwards the request directly to a root server.
  3. The root server is an au­thor­i­ta­tive name­serv­er. It responds to the DNS resolver with the address of a server for the re­spec­tive top-level domain.
  4. The DNS resolver then sends a request to the TLD server con­tain­ing the DNS records as­so­ci­at­ed with its top-level domain.
  5. In response, the DNS resolver receives the IP address of the au­thor­i­ta­tive DNS server of the domain being searched for.
  6. The DNS resolver queries the au­thor­i­ta­tive DNS server for the IP address of the origin server hosting the website.
  7. The DNS resolver obtains the origin server’s IP address from the au­thor­i­ta­tive DNS server.
  8. The DNS resolver forwards the IP address to the client.
  9. The client can now interact with the requested website’s origin server via the IP address.
  10. The origin server sends the data of the requested website to the client.

What happens if a DNS server fails?

If a DNS server is not re­spond­ing or fails al­to­geth­er, the name res­o­lu­tion process cannot be completed properly. This leads to in­ter­rup­tions in operation. Since DNS server failure is always a pos­si­bil­i­ty, it makes sense that your DNS in­fra­struc­ture is as failsafe as possible.

To do this, you can run two name­servers for the same DNS zone. One of these servers is labeled as the primary server, and the other as the secondary server. Clients should have both servers set so that if a server fails, the other DNS server can take over.

An overview of trusted public DNS servers

There are many different public DNS servers that you can use for free. In some cases, a higher surfing speed can be achieved by switching to a high-per­for­mance DNS server. However, not every server solution is faster than your internet provider’s stan­dard­ized DNS settings. It makes sense to compare the speeds before you make the switch.

Our table gives you an overview of the ten most popular public DNS servers:

DNS server Primary address Secondary address Security Features
Cloud­flare 1.1.1.1 1.0.0.1 - Pro­tec­tion against DNS spoofing - Logs are deleted within 24 hours - High speed - Over 200 server locations worldwide
Cy­berGhost 10.101.0.243 38.132.106.139 - No encrypted con­nec­tion - Access to internet content without country re­stric­tions - High speed
Google Public DNS 8.8.8.8 8.8.4.4 - Im­ple­ments DNSSEC standard - IP address is deleted after 48 hours - No request limits - No reg­is­tra­tion required
Quad9 9.9.9.9 149.112.112.112 - Pro­tec­tion against malware, spyware and phishing - Doesn’t save iden­ti­fy­ing data - Over 145 server locations - Extra focus on security
DNS.Watch 84.200.69.80 84.200.70.40 - Personal data isn’t logged - No in­te­grat­ed malware pro­tec­tion - High speed - Funded by donations - Un­cen­sored access to the internet
OpenDNS 208.67.222.222 208.67.220.220 - Collects and discloses non-iden­ti­fy­ing data - Option to set in­di­vid­ual filters - Fam­ilyShield DNS server blocks all adult content
AdGuard DNS 94.140.14.14 94.140.15.15 - Blocks malware and ad­ver­tis­ing - Collects personal data for internal purposes - Au­to­mat­i­cal­ly blocks ad­ver­tis­ing - Option to block adult content
Comodo DNS 8.26.56.26 8.20.247.20 - Spyware and malware are blocked au­to­mat­i­cal­ly - Collects personal data - High safety standards - High speed
Un­cen­soredDNS 91.239.100.100 89.233.43.71 - No logging and saving of personal data - High speed in Europe - Un­cen­sored internet access
Clean­Brows­ing DNS Depends on the desired filter Depends on the desired filter - No tracking or logging of data - Choice between different modes - Enables blocking of adult content, among other things
Note

If you now want to change your DNS server, you should first work out whether you want the switch to apply to all devices in your network or only for in­di­vid­ual computers. For the latter, you can simply set up a new DNS server in the Windows settings. If you want all devices to use a different DNS server, it makes sense to perform the change at the router. Whether it involves in­di­vid­ual PCs or your entire network, it’s im­per­a­tive that you choose a secure DNS server to ensure you are best protected against DNS attacks like DNS hijacking.

Go to Main Menu