Is there any benefit to configuring DNS on your browser if it's already configured in your system network settings?

For example, let’s say that in “Mac OS System Settings > Network > Wi-Fi > [Network] > DNS > DNS Servers” you’re already using Cloudflare’s DNS servers, i.e. “1.1.1.1” and “1.0.0.1”.

Is there any benefit to also, in Chrome, going to “Settings > Privacy and security > Security > Use secure DNS” and turning this option on? (After doing this, you then have the option of choosing either “With your current service provider” or “With [Dropdown]”, and in this dropdown “Cloudflare 1.1.1.1” is an option.) Here’s some background on this from Cloudflare.

It feels duplicative to do both, but maybe I’m missing something.

It’s not just your browser that uses DNS. Many software updaters, including the Mac App Store, mail software, contacts, calendars, etc, and potentially all sorts of other tools.

Then there is your router’s DNS setting, too. I think if everything is left at defaults, your browser defers to your Mac which defers to your router which defers to your ISP. Your ISP will have their own DNS.

1 Like

Thanks, guys! So it sounds like if the computer/localnetwork (or router) is set up to connect to Cloudflare DNS servers, then there’s no need to also set this up in the browser?

I see. But what if you’re doing DoH via “Mac OS System Settings > Network > Wi-Fi > [Network] > DNS > DNS Servers,” and not directly on the router? In that case are you protected?

If you’re going to use private/encrypted DNS in your browser on laptop, you should be aware that some networks block it for security reasons and that may cause some issues for you.

1 Like

I cannot think of one , unless you’re in a country that uses DNS to block to unapproved content. China might do this.

My understanding is DNS over HTTP can bypass these blocks, and make it difficult for the authorities to detect that you’re bypassing their blocks and prevent them from interfering with your Internet access, at least where DNS is concerned.

Personally, I run local DNS servers that query the root DNS servers directly for external zones. For Internal zones ( .lan .home ) DNS requests are handled Internally.

1 Like