NetworkQuick win5 minall

Encrypted DNS

Risk

The risk

Why this matters

DNS queries are plaintext by default. Even with HTTPS, your ISP sees every domain you resolve. HTTPS encrypts the content of your connection, but the destination leaks through DNS — like sending a sealed letter with the address visible.

Recommended tools

What to use

Quad9Free

Swiss non-profit DNS with threat blocking. No logging.

Mullvad DNSFree

Privacy-first DNS from a trusted VPN provider. No logging.

NextDNSFree

Customizable private DNS with blocklists and analytics. Free tier.

AdGuard DNSOSSFree

Ad-blocking DNS. AdGuard Home is open-source for self-hosting.

Control DFree

Customizable DNS with filtering and proxy features.

Setup guide

How to set it up

1
On your device: Settings → Network → DNS → set to Quad9 (9.9.9.9) or Mullvad DNS
2
In Firefox: Settings → Privacy → Enable DNS over HTTPS → select Quad9 or custom

Verify

Check your setup

Run an automated check from your browser to see if this practice is active.