If you’re using Android devices to access the internet, you’re likely using a DNS service to do so. A DNS service is a set of instructions that tells your phone where to find a website or other resource. A DNS service can be insecure, and if it is not configured properly, your device can be vulnerable to attack. To make sure your DNS service is secure, follow these steps:
- Open the Settings app and select Security.
- Under “Security,” select “Privacy.”
- In the Privacy section, select “DNS.”
- In the next section, under “Configure,” enter the following information into the text field: dnssec-level = high (default) If you want more security for your DNS services, set this value to higher levels such as high or medium. For more information on how to set this value see our article on setting up a secure DNS on Android devices .
- Click OK to finish configuring your DNS services.
What Is Private DNS on Android?
DNS is a building block of the modern internet. It acts as a directory or phonebook and helps you reach wherever you want to go on the web.
For example, when you want to visit How-To Geek, you simply type howtogeek.com in the address bar of a web browser. But, unfortunately, your web browser doesn’t know how to get to How-To Geek. That’s where DNS comes into the picture. Your web browser asks the DNS server, typically run by your internet service provider (ISP) or cellular network, which converts the howtogeek.com domain name to an IP address, like 151.101.2.217. With the IP address in hand, your web browser can now connect to your favorite resource for how-to articles.
But traditionally, the DNS queries and their responses were sent without any kind of security or encryption, making them vulnerable to eavesdropping or man-in-the-middle attacks. So, a new DNS protocol—DNS over TLS—was introduced. It creates a secure channel between your web browser and the DNS server and safeguards your DNS traffic from prying eyes and malicious third parties. DNS over TLS isn’t the only secure DNS protocol, DNS over HTTPS is another protocol that is used widely.
Google has brought DNS over TLS support to Android by introducing the Private DNS feature. It’s available in Android 9 (Pie) and higher, and encrypts all DNS traffic on the phone, including from apps.
The feature is enabled by default and uses a secure channel to connect to the DNS server if the server supports it. But if your ISP or cell service provider’s DNS doesn’t have encrypted DNS support, or you are simply not sure about it, you can use a third-party secure DNS server using the Private DNS feature. Here’s how to enable, disable, or use a private DNS provider in Android.
How to Manage the Private DNS Feature in Android
Keep in mind that depending on your Android model, the exact path and labels might vary. The basic process, however, remain the same.
To manage Private DNS options, swipe down from the top of your device to access the notification shade and tap the gear icon. This will take you to device settings. You can also reach the settings page from the apps drawer.
Once you are in the settings, tap “Network & Internet.” Depending on your device, this might have a slightly different name, like “Connections.”
Now tap on “Private DNS” to manage the feature. If you don’t immediately see the “Private DNS” option, you may have to tap on “More Connection Settings” or “Advanced.”
You will get three options: Off, Automatic, and Private DNS provider hostname. You can select “Off” to stop using DNS over TLS, “Automatic” to use encrypted DNS when available, or write the hostname of a private DNS provider to use encrypted DNS from that provider. Remember, rather than DNS server IPs, you need a hostname.
Once done, tap on “Save” to apply the changes.
RELATED: Why You Shouldn’t Use Your ISP’s Default DNS Server
Why You Might Want to Use a Private DNS Provider
As explained above, Android’s Private DNS feature brings DNS over TLS support to the platform. Unfortunately, while its “Automatic” option uses secure DNS when available, you are at the mercy of your ISP or cell service provider to offer encrypted DNS support. Your ISP may not want to do that.
But there is an easy way to check. You can confirm whether your internet provider supports TLS protocol for DNS encryption by using Avast-owned company Tenta’s Browser Privacy Test. It shows if your ISP’s DNS is TLS enabled or not.
If you want to ensure that your phone’s DNS queries remain secure and encrypted, we recommend using Google Public DNS or Cloudflare. You can also check out our guide to choosing a DNS provider with your PC, or see a more comprehensive list of public DNS providers with encryption support on DNS Privacy Project’s website.
RELATED: How to Choose the Best (and Fastest) Alternative DNS Server