What Is Private DNS? A Plain-Language Guide to Safer Browsing
Every time you open a website, your device asks a question behind the scenes: “What is the numerical address for this name?” That question is a DNS query. So what is private DNS, and why does it matter? It is a service that encrypts those questions so nobody between you and the website can read them. Without it, your lookups travel in the open — and anyone on the network can see every site you check.
This guide explains what private DNS is, how private DNS work, and how to turn it on. We keep it simple: no jargon dumps, just clear answers.
What Is Private DNS?
Private DNS is a service that encrypts the requests your device makes when it looks up a website. The internet’s address book — the system that powers every lookup — is exactly what this setting protects. When you type a web address, your device sends a query to a DNS server, which translates the human-readable name into a numerical IP address your device can actually connect to.
Normally those requests are sent as standard DNS — plain text, readable by anyone in the path. Private DNS changes that. It wraps each lookup in encryption, so the websites you visit stay between you and your chosen provider. In short, this is a security feature that protects one of the oldest and most exposed parts of how you browse.
How Does the DNS Resolution Process Work?
Before you can see how this helps, it helps to understand how a normal lookup happens. Here is the DNS resolution process in plain terms:
You type a web address. Your device sends a query to a DNS resolver, usually run by your internet service provider. The resolver looks up the matching DNS records and, if needed, asks an authoritative DNS server for the answer. DNS translates the name into numerical IP addresses, and your device connects.
This whole DNS resolution happens in milliseconds. The catch: with conventional DNS queries, every step is visible. Your ISP can log which domain names you request, and so can anyone watching the network. There is even reverse DNS, which maps an IP back to a name — more proof of how much these records reveal.
What Is the Difference Between Public and Private DNS?
People often mix up public and private DNS, so let’s separate them.
Public DNS servers are accessible to everyone. They are free, open DNS services run by large providers — Google DNS and Cloudflare are the best-known examples. A public DNS resolves names quickly, but its responses are not encrypted by default.
Private DNS refers to securing your lookups so they cannot be read in transit. It is less about who runs the server and more about how the connection is protected. Many people use a public DNS provider like Cloudflare as their private resolver — the difference is that private DNS mode wraps the connection in encryption.
There is also a second meaning in business networks. This internal DNS setup, sometimes called split-horizon DNS, uses private DNS zones inside a virtual private cloud to map private IP names — a private dedicated DNS that is never exposed to the public internet. For everyday users on a phone or laptop, the encryption meaning is the one that matters.
How Does Private DNS Work?
Private DNS work comes down to two main security protocols:
DNS over TLS (DoT). This sends DNS traffic through a secure channel using Transport Layer Security — the same family of encryption that protects banking sites. It hides each request from prying eyes.
DNS over HTTPS (DoH). This hides DNS data inside regular HTTPS web traffic, so DNS requests look just like ordinary browsing. DoH is harder for outsiders to single out and block.
Either way, the mechanism is the same: both protocols encrypt DNS at the source. Private DNS encrypts DNS queries by sending each lookup through an encrypted tunnel. Your DNS responses come back protected, and each query stays private. A secure resolver handles the request without leaking the hostname you asked for. Encrypting your DNS queries this way replaces the unencrypted DNS queries that anyone could otherwise read. People sometimes call the protected version a private domain name system.
Benefits of Private DNS
So what does private DNS offer in practice? Here are the main benefits of private DNS:
- Better privacy. When your DNS queries are encrypted, your ISP and third-party observers can no longer build a list of every site you visit. Strong DNS privacy keeps that history to yourself.
- More security. Encrypted DNS makes it harder for attackers to tamper with DNS responses or redirect you to fake sites.
- Cleaner browsing. Some providers add DNS filtering to block ads and known malicious domains.
- Consistency across networks. A custom DNS setting follows your device, so every query gets the same secure DNS on Wi-Fi or mobile data.
This DNS feature improves both privacy and security with almost no trade-off. Private DNS keeps the part of your connection that usually gets ignored from leaking quietly in the background. When you use private DNS, you encrypt the one signal that usually slips through — and that is one of the simplest privacy wins available.
How to Enable Private DNS on Android
Good news: private DNS on Android is built in. The private DNS feature arrived with Android 9, so most modern phones already have it. Here is how to enable private DNS:
- Open Settings on your Android device.
- Go to Network & internet (the wording varies slightly by brand).
- Tap Private DNS in the DNS settings.
- Choose Private DNS provider hostname.
- Enter your provider’s hostname — for example,
1dot1dot1dot1.cloudflare-dns.comfor Cloudflare ordns.googlefor Google DNS. - Save.
That’s it. Android now routes lookups through your chosen private DNS server using DNS over TLS. To switch back to the default DNS, return to the same menu and pick Automatic.
If you want to create a custom DNS profile on other systems, the steps differ, but the idea is the same: configure the device to use a third-party DNS service that supports encryption. Whether your network hands out an IPv4 address or IPv6, the setup works on virtually any connection. What private DNS offers here is portability — one secure profile across every network you join.
Private DNS vs VPN: Do You Need Both?
A common question: if private DNS encrypts my lookups, do I still need the broader tool? They solve overlapping but different problems.
Encrypted lookups protect only your private DNS traffic — the address-book step. The broader tool encrypts all of your internet traffic and also hides your IP address by routing your connection through a private network. If you want to keep your information private from start to finish, the two work well together — and a good service often handles DNS privacy for you automatically, so you don’t risk a leak.
If you’re curious about leaks, our guide on how to prevent a WebRTC IP leak covers a related way your real IP can slip out, and how to hide your IP address explains the bigger picture.
Stay Private from Lookup to Load with Planet VPN
Encrypted DNS is a smart first step. But it only covers your DNS data — the rest of your traffic still travels in the open. Planet VPN encrypts your whole connection, handles DNS privacy for you, and keeps your real IP address out of sight, so there’s no gap between the lookup and the load.
The free plan gives you core protection at no cost, with 6 locations and no registration. Want faster speeds and more locations? Premium adds 60+ locations and streaming support.
Use Planet VPN for private, encrypted browsing — download the app or compare free and Premium plans to get started.
Frequently Asked Questions (FAQs)
Should private DNS be on or off?
For most people, private DNS should be on. It encrypts your lookups at no real cost to speed, so you get extra privacy and security with no downside in daily use. The main time to turn it off is when a specific network — such as a workplace or school Wi-Fi — requires its own DNS settings to work, or when you’re troubleshooting a connection problem.
What happens if DNS is off?
DNS itself can’t really be “off” — your device needs it to turn domain names into IP addresses, so without any DNS, websites simply won’t load. What people usually mean is turning private DNS off. In that case, your device falls back to standard, unencrypted DNS. Sites still work, but your lookups are no longer protected, so your ISP and others on the network can see which sites you check.
Is a private DNS safe to use?
Yes. Private DNS is safe and is designed specifically to make your browsing safer. By securing DNS traffic, it stops outsiders from reading or tampering with your lookups. The one thing to check is your provider — pick a reputable name like Cloudflare or Google, since they can see the domains you request even though no one else can.
What will happen if we turn off private DNS?
If you turn off private DNS, your device switches back to default DNS, which is unencrypted. Your internet will keep working normally — you won’t notice a difference in browsing. The change is invisible day to day, but behind the scenes your requests are no longer protected, so your ISP and anyone on the same network can log the domain names you visit.
Has my DNS been hacked?
Signs of a hijacked lookup service include being redirected to unfamiliar or fake websites, frequent unexpected pop-ups, or pages that don’t match the address you typed. If you suspect tampering, switch to a trusted provider, clear your DNS cache, and run a malware scan. Using secure DNS makes this kind of attack much harder to pull off. Our guide on checking if your connection is working can also help you confirm everything is protected.
Is it good to turn off DNS?
You can’t usefully turn off DNS entirely — it’s a core part of how the internet works. Turning off private DNS is occasionally useful for troubleshooting or to connect to a network with strict settings. But for everyday browsing, leaving encrypted lookups on is the better choice, because it keeps your queries private with no real trade-off.