How to enable secure private DNS on Android

0
395

[ad_1]

Primakov / Shutterstock.com

Almost everything you do on the Internet starts with a DNS query, so having secure communication with a DNS provider is essential. This is where Android’s private DNS feature comes into play.

What is private DNS on Android?

DNS is a basic component of the modern Internet. It acts like a directory or phone book and helps you get where you want to go on the web.

For example, when you want to visit How-To Geek, just type howtogeek.com in the address bar of a web browser. But unfortunately, your web browser doesn’t know how to get to How-To Geek. That’s where DNS comes into the picture. Your web browser asks the DNS server, usually managed by your Internet Service Provider (ISP) or cellular network, which converts the howtogeek.com domain name to an IP address, such as 151.101.2.217. With the IP address in hand, your web browser can now connect to your favorite resource for how-to articles.

But traditionally, DNS queries and their responses were sent without any form of security or encryption, making them vulnerable to eavesdropping or man-in-the-middle attacks. So, a new DNS protocol, DNS over TLS, was introduced. It creates a secure channel between your web browser and the DNS server and protects your DNS traffic from prying eyes and malicious third parties. DNS over TLS is not the only secure DNS protocol, DNS over HTTPS is another widely used protocol.

Google has brought DNS over TLS support to Android by introducing the Private DNS feature. It’s available on Android 9 (Pie) and higher, and it encrypts all DNS traffic on the phone, even from apps.

The feature is enabled by default and uses a secure channel to connect to the DNS server if the server supports it. But if your ISP or cellular provider’s DNS doesn’t support encrypted DNS, or you’re just not sure, you can use a third-party secure DNS server using the private DNS feature. Here’s how to enable, disable, or use a private DNS provider on Android.

How to Manage the Private DNS Feature on Android

Please note that depending on your Android model, the exact path and labels may vary. The basic process, however, remains the same.

To manage private DNS options, swipe down from the top of your device to access the notification shade and tap the gear icon. This will take you to device settings. You can also access the settings page from the app drawer.

android notification shadow

Once you are in the settings, tap on “Network and Internet”. Depending on your device, this may have a slightly different name, such as “Connections”.

Settings app on Android

Now tap on “Private DNS” to manage the feature. If you don’t immediately see the “Private DNS” option, you may need to tap “More connection settings” or “Advanced.”

Private DNS feature in Settings

You will get three options: Off, Automatic, and Private DNS Provider Hostname. You can select “Off” to stop using DNS over TLS, “Auto” to use encrypted DNS when available, or type the hostname of a private DNS provider to use that provider’s encrypted DNS. Remember, instead of DNS server IP addresses, you need a hostname.

Private DNS Options

Once done, tap “Save” to apply the changes.

RELATED: Why you shouldn’t use your ISP’s default DNS server

Why You Might Want to Use a Private DNS Provider

As explained above, Android’s Private DNS feature brings DNS over TLS support to the platform. Unfortunately, while your “Automatic” option uses secure DNS when available, you are at the mercy of your ISP or cellular service provider to offer encrypted DNS support. Your ISP may not want to do that.

But there is an easy way to check. You can confirm whether your ISP supports the TLS protocol for DNS encryption by using the Tenta Browser Privacy Test, a company owned by Avast, which shows whether your ISP’s DNS is TLS-enabled or not.

If you want to ensure that your phone’s DNS queries remain secure and encrypted, we recommend using Google or Cloudflare Public DNS. You can also check out our guide to choosing a DNS provider with your PC, or see a more complete list of public DNS providers with encryption support on the DNS Privacy Project website.

RELATED: How to choose the best (and fastest) alternative DNS server

[ad_2]