Ditch your ISPs DNS Server for your own security and speed
In Australia, it became mandatory in April 2017 for Australian ISPs and telecommunication companies to collect and store “metadata” about their customers’ communications for a minimum of two years.
Under Federal Government legislation, your internet service provider is required to store the following metadata (i.e. the technical details surrounding your communications):
Your name, address, DOB, email address, billing details, and other identifying information associated with your account
The time, date and duration of your communications
The type of communications (e.g. phone, text, social media, email)
The destination of any communications
The actual content of your communications is not stored, and neither is your web browsing history, just the metadata above. When it comes to internet usage, the scheme only requires ISPs to log the time your modem actually connects to the internet and how much bandwidth you’ve used.
Your physical details come from your account information you give to your provider, so you have no choice in that part. All the destinations you access though, are sent to a DNS (Domain Names System) server to be translated from example.com, to an IP Address (the actual server the website runs on). That is how your ISP knows where you’re going, and if it so chooses, or if the government chooses, this is where they can block you from going any further (or track your internet activity).
More importantly nowadays though, security and speed should be a priority. Most ISPs will have locations in a few cities to try and provide quick access to as many people as possible (usually in capital cities). 1.1.1.1 however, is run by Cloudflare, a company who runs one of, if not the biggest cloud server grid in the world. That means your DNS request to access a website can go a shorter distance before sending you where you want to go, which can equal websites loading slightly quicker. Cloudflare may have the biggest network, but there are also other options from other providers which have nearly as many locations, but many more features. It depends on what you are looking for as a secondary priority behind your privacy, speed or features (check out the options below).
Use DNSSEC or DoT/DoH. Most ISPs don’t.
Another problem with most ISP DNS servers, they are not secure. They send your destinations openly (unencrypted) over the internet. You might use HTTPS/SSL to talk to the website, but the initial destination request sent to your DNS server is unencrypted until your device knows what server it needs to talk to (that’s how SSL works, encrypting your server to client connection). This leaves you open to people (read: government and malicious actors) seeing or altering your destination requests before you get the roadmap to your destination and allows them to point you in another direction (known as a man-in-the-middle attack) or make you hit a brick wall by blocking you entirely. That’s where DNSSEC and DoT/DoH come in. DNSSEC provides DNS verification between you and a server for unencrypted connections, DoT/DoH provides DNS verification between you and a server by encrypting DNS connections.
As a result, it’s highly recommended to use DNS over HTTPS and DNS over TLS (regularly abbreviated to DoH & DoT respectively) if they’re available, as they provide an encrypted connection between your router/device and your DNS server for all your DNS requests, so now every level of you accessing a secure website will be encrypted for your security/privacy (roadmap and your communication). If you use a DoT/DoH DNS service, you don’t need to use DNSSEC as you already know your requests come encrypted/untampered from where they need to. All recommended services below can provide additional features like ad, malware or adult content blocking, just make sure to use DoT/DoH if you can (not all routers support DoT/DoH but all the latest web browsers do, and even your smartphone does).
All of these services will have different setup procedures, so follow the guide they provide.
Mullvad (Free, optional tiers covering blocking Ads, Trackers, Malware, Social Media and Adult/Gambling Content)
Control D (Free and Paid options, with advanced features like ad blocking, malware blocking, family website/time-based restrictions and even Smart DNS)
NextDNS (Limited Free and Unlimited Paid options, with advanced features like ad blocking, malware blocking and family website/time-based restrictions)
Adguard DNS (Limited Free and Unlimited Paid options, with advanced features like ad blocking, malware blocking and family website/time-based restrictions)
Quad9 (Free, Switzerland-based non-profit, optional malware blocking)
Cloudflare (Free, optional malware and adult content blocking)
OpenDNS (Free, optional malware and adult content blocking)
-5000. Google DNS - If you want privacy, don’t use services from a big tech company that makes all it’s money from giving you free services and selling the information you so willingly give up. Cloudflare and Cisco-owned OpenDNS could fall into this category if you wanted to be strict with your privacy, but it’s entirely up to you...