\nHowever, address substitution in DNS responses can have positive practical uses, for example, for parental control services \u2013 loading a stub page if there\u2019s an attempt to visit \u201cundesirable\u201d sites. However, this technology isn\u2019t very precise, and blocks sites in their entirety \u2013 for example, the whole of youtube.com rather than specific \u201cbad\u201d pages. Therefore, it\u2019s not used in Kaspersky Safe Kids<\/a>.<\/p>\n But you don\u2019t have to use your ISP\u2019s DNS server. There are public DNS servers with good reputations, such as those from Cloudflare (1.1.1.1) or Google (8.8.8.8), which you can specify in your internet settings and get rid of some of the problems described above.<\/p>\n There are also DNS servers with additional functions \u2013 such as blocking access to ad servers. They remove ads in both the browser and other applications. To do this, simply specify the address of the appropriate \u201cfiltering\u201d DNS server<\/a> in the Wi-Fi settings of your computer or smartphone.<\/p>\n Unfortunately, simply changing the DNS address to 1.1.1.1 or 8.8.8.8 doesn\u2019t solve privacy issues. An ISP or an intruder controlling the network can snoop on DNS queries, interfere with them, or block access to a third-party DNS.\n<\/p>\n \nLarge corporations and enthusiasts may run their own DNS server and apply any query rules they want to it. In a strict sense, Private DNS<\/strong> is not a high-privacy server \u2013 just a private, non-public server. In practice, Private DNS is often run on secure DNS protocols. The Private DNS setting in Android 9 and higher, for example, should be called Secure DNS to convey its essence more accurately.<\/p>\n Secure DNS<\/strong> is several competing protocols that differ from ordinary DNS by having encryption. These are DNS over HTTPS<\/strong> (DoH<\/strong>), DNS over TLS<\/strong> (DoT<\/strong>), and DNSCrypt<\/strong>. They differ in communication protocols and ports through which DNS requests are passed. There are still debates about which is better and which is worse. However, sometimes ISPs block access to a third-party DNS, in which case the DoH protocol has the best chance since it\u2019s more difficult to filter. But it\u2019s not necessary to go into the finer points of Secure DNS. The main thing is that your smartphone, computer or browser supports at least one of these protocols, and has a DNS server that can be used with it.<\/p>\n There\u2019s no shortage of free secure servers \u2013 major ISPs (Cloudflare, Google, etc.) support public DNS (1.1.1.1, 8.8.8.8), which you can connect to via both unsecured DNS and DoH\/DoT. So your job comes down to enabling this secure access.\n<\/p>\n \nSecure DNS and VPN are complementary technologies. Even if you\u2019ve enabled a VPN, site name requests may go through an unencrypted DNS channel, and then all of the above risks remain. Some commercial VPN services include their encrypted DNS in the default connection profile, or offer to enable their VPN and third-party secure DNS simultaneously through an app. But this isn\u2019t common practice so it\u2019s worth rereading the information from your VPN provider, or asking technical support. If secure DNS is not offered, it can be enabled in addition to the VPN (see the instructions below).\n<\/p>\n \nHere\u2019s the easiest way to enable secure DNS on Android (9 and above): go to Settings<\/em>, select More connections<\/em> or Advanced<\/em>, and find the Private DNS<\/em> subsection there. Specify the server desired, and the configuration is complete. A slightly mysterious nuance is that Android doesn\u2019t accept numeric addresses in this section, so you\u2019ll need to check the domain name of the desired DNS server with the provider (for example, 1dot1dot1dot1.cloudflare-dns.com<\/strong>).<\/p>\n Setting up Secure DNS on Android<\/p><\/div>\n Apple devices have had DoH\/DoT support since iOS 14 and macOS 11. However, there\u2019s no built-in setting to enable these protocols, so you need one of the many third-party tools from the App Store that can activate your preferred secure server. You can find them by searching for \u201cSecure DNS\u201d. Experienced users can install required configuration profiles<\/a> manually or create them themselves.<\/p>\n Windows 10 has had DoH support since version 19628 (from 2020), and you can enable it through these instructions<\/a> on the Microsoft website.<\/p>\n Setting up Secure DNS in Windows 10<\/p><\/div>\n Chrome and Firefox browsers can make DNS queries over an encrypted channel, irrespective of OS-level support.<\/p>\nPrivate DNS and Secure DNS<\/h2>\n
Already got a VPN?<\/h2>\n
Enable secure DNS<\/h2>\n
![\"Setting](\"https:\/\/usa.kaspersky.com\/blog\/files\/2023\/02\/secure-dns-private-dns-benefits-01.png\")
<\/a>![\"Setting](\"https:\/\/usa.kaspersky.com\/blog\/files\/2023\/02\/secure-dns-private-dns-benefits-02-EN.png\")
<\/a>
![\"Setting](\"https:\/\/usa.kaspersky.com\/blog\/files\/2023\/02\/secure-dns-private-dns-benefits-03-EN.png\")
<\/a>![\"Setting](\"https:\/\/usa.kaspersky.com\/blog\/files\/2023\/02\/secure-dns-private-dns-benefits-04-EN.png\")
<\/a>![\"Checking](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2023\/02\/17221632\/secure-dns-private-dns-benefits-05-KPremium.png\")
<\/a>