In China, generally using the several domestic DNS servers I provided is fine. If you are overseas, it is recommended to choose overseas public DNS servers. Additionally, after testing, 114DNS, Baidu DNS, and Tencent DNS can be used in most overseas regions, while AliDNS has poor connectivity in many overseas regions.
- 114DNS (114.114.114.114)
- Pros: Fast response speed, high stability
- Cons: No ad filtering function
- Baidu DNS (180.76.76.76)
- Pros: Intelligent resolution, fast access speed
- Cons: Occasional resolution delays
- Tencent DNS (119.29.29.29)
- Pros: Supports DNSSEC, high security
- Cons: Slow response in some regions
- AliDNS (223.5.5.5)
- Pros: Available in some overseas regions
- Cons: Unstable connectivity in some domestic regions
- Google Public DNS (8.8.8.8)
- Wide global coverage, fast resolution speed
- Cloudflare DNS (1.1.1.1)
- Strong privacy protection, short response time
- OpenDNS (208.67.222.222)
- Provides parental control features
DoT and DoH are both methods of encrypting DNS. The difference lies in the protocols and ports they use. Both are types of domain name resolution security extension protocols.
DoT stands for DNS over TLS, which uses TLS to transmit the DNS protocol.
DoH stands for DNS over HTTPS, which uses HTTPS to transmit the DNS protocol.
The principles of both protocols are the same. They encrypt the DNS messages between the user and the DNS server to prevent eavesdropping by intermediate users and leakage of domain name query privacy. Relatively speaking, DoH is more versatile.
- Regular users: It is recommended to use 114DNS or Tencent DNS to balance speed and security
- Privacy-sensitive users: It is recommended to use Cloudflare DNS + DoH encryption
- Enterprise users: You can consider building your own DNS server or using OpenDNS enterprise edition
- Overseas users: Prioritize Google Public DNS or Cloudflare DNS
Q: Why does the internet speed sometimes slow down after changing DNS?
A: It may be that the DNS server is far away or has a high load. It is recommended to test multiple DNS servers and choose the optimal solution.
Q: Does encrypted DNS affect internet speed?
A: There will be a slight impact, but the difference is not obvious with modern device performance.
Q: How to test DNS resolution speed?
A: You can use the dig command or online DNS speed test tools for comparison.
Local DNS caching can speed up domain name resolution, but sometimes it can cause the resolution results not to be updated in time. Ways to clear the cache:
- Windows: Run
ipconfig /flushdns in the command prompt - macOS/Linux: Run
sudo dscacheutil -flushcache or sudo systemd-resolve --flush-caches
DNS pollution refers to the malicious tampering of DNS resolution results. Solutions:
- Use encrypted DNS (such as DoT/DoH)
- Choose trusted DNS servers
Configuring multiple DNS servers (primary/backup mode) on routers or devices can improve reliability. For example:
- Regularly update DNS server addresses to ensure optimal performance
- Enable encrypted DNS (DoT/DoH) whenever possible to protect privacy
- Monitor DNS query logs for suspicious activities
- Use DNS filtering services to block malicious domains
- Implement DNS redundancy with multiple providers
- Choose geographically closer DNS servers for faster response times
- Test different DNS servers under various network conditions
- Consider using DNS load balancing for high-traffic websites
- Implement DNS caching at both client and server levels
- Use CDN services that provide integrated DNS solutions
Common DNS issues and how to resolve them:
- Slow DNS resolution: Test with different DNS servers, check network connectivity
- DNS lookup failures: Verify DNS server addresses, check firewall settings
- Incorrect DNS results: Clear DNS cache, check for DNS hijacking
- Intermittent DNS issues: Monitor server uptime, implement failover mechanisms
For businesses and organizations:
- Consider hosting your own authoritative DNS servers for better control
- Implement DNS security extensions (DNSSEC) to prevent spoofing
- Use split-horizon DNS for internal and external resolution
- Monitor DNS query volumes and response times
- Plan for DNS scalability as your infrastructure grows