Choose Safe DNS for Your Computer

October 27, 2025

Choose Safe DNS for Your Computer

DNS or Domain Name System is critical for all software and computers worldwide.

In spite of this, DNS can be very insecure as delivered with most computers, including yours!

To review, DNS provides name ("google.com") to number ("192.178.50.46") lookup. It is used every time your computer refers to a website, and probably dozens to hundreds of additional times that are not visible to you, because websites contain references to other websites.

There are four steps in presenting a web page using a DNS lookup:

• You type in a web address, like chatgpt.com or google.com
• Your browser requests the IP address by doing a lookup to resolve the name to number translation (what is "chatgpt.com"?)
• When your browser has the IP address, it opens a connection to that address ("192.178.50.46", or "104.18.32.47")
• The resulting web page often contains dozens of other web addresses like googlebot.com or googletagmanager.com or linkedin.com or facebook.com. You get the idea.
• Those addresses are also resolved to bring in elements of the page, track your usage, present an advertisement, or provide a picture.

For the most part, the DNS resolution is handled by your Internet Service Provider (ISP). This is the default for most people.

But here is the problem:

The Problem with the standard DNS

The domain names have no regulation or control. Anybody, and that means hackers, criminal groups and ordinary people and businesses can register a name. Nobody can tell "just by looking" whether a name is legit.

And hackers can register a name in minutes. Add a new domain name (crimeware.totallylegit.website.com) hosting some malevolent software delivered with an ad on a page, and bingo your PC is hacked.

Why is this important? Because the hackers don't want to be traced so they use a temporary domain name that works as long as their criminal campaign is active. Then drop it all after they've succeeded in an attack.

Examples of DNS

Here is an example of how to do complete a domain lookup. In Windows Search type in "cmd" and get a Command box.

    C:\Users>nslookup ibm.com

    Non-authoritative answer:
    Name:    ibm.com
    Addresses:  2600:1403:c400:1389::3831
          2600:1403:c400:1386::3831
          23.205.138.225


    C:\Users>nslookup ibm.fr

    Non-authoritative answer:
    Name:    ibm.fr
    Address:  199.46.34.76

As you can see, IBM has different addresses for the ".com" site and the French ("ibm.fr") site.

What is Safe DNS?

A safer form of DNS is published by CloudFlare, a company with world-wide infrastructure and a very good reputation.

They scan for evil and hacker websites that are associated with DNS names. And they omit those DNS names from the DNS lookup service they provide. Criminal or malevolent websites won't load. It's just that easy.

(To be clear, they have competition from Quad9, OpenDNS (Cisco), and several others.)

    C:\Users>netsh interface ip show config
    ....(lengthy output, typically showing "Wi-Fi" has "DNS Servers configured..."

If you want to change with a command line, open PowerShell "As Administrator", and type in the following. This assumes you are using "Wi-Fi" for your network connection. See the listing above in case it is "Ethernet" or "Ethernet-1".

    PS C:\WINDOWS\system32> set-dnsclientserveraddress -interfacealias Wi-Fi -serveraddresses ("1.1.1.2","1.0.0.2")
    PS C:\WINDOWS\system32> get-dnsclientserver address
    ....(a page of output showing which interface has these DNS servers configured...)

If you don't like command-line, use the Windows Search box to find Network and see "View Network Connections".

Click on "Wi-Fi" or "Local Area Connection", whichever is active, and see

Check your results with

    C:\Users>nslookup ibm.fr
    Server:  security.cloudflare-dns.com
    Address:  1.1.1.2

    Non-authoritative answer:
    Name:    ibm.fr
    Address:  199.46.34.76

That is all.

For More Information