Do not use Public DNS in Prod: Change DNS Server in Windows

In this article, we will explore why it is advisable not use Public DNS in Prod: Change DNS Server in Windows. Many of us have experienced the convenience of quickly entering 8.8.8.8 as the DNS when we need to test internet connectivity or can’t recall our ISP’s DNS. Please, see steps to Fixing AIX Veeam agent job startup delay issue, and steps to Ensuring Backup Integrity and Reliable Recovery with SureBackup.

However, failing to switch back to the correct DNS after testing can lead to delays in DNS resolution and create a potential point of failure. When it comes to choosing DNS servers for your production environment, it is essential to make informed decisions that prioritize reliability, security, and performance.

Despite the popularity of public DNS servers like Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1 for personal use, relying on them in a production environment can result in potential issues and compromises.

We shall provide insights into how to change DNS servers in both Windows 10 and Windows 11 to ensure optimal performance and security.

Here are other related guides: How to set up a third-party DNS server on a Linux Server, How to setup a cache-only DNS server, How to activate DNS over TLS in Windows 11, Domain Name System: How to create a DNS record, and A-Z of Domain Name System: All you need to know about DNS.

Understanding DNS Resolution Process

To comprehend the issues related to non-ISP DNS, it’s essential to understand how DNS resolution works. When a computer tries to resolve a domain name, it follows a specific order of resolution attempts. The steps typically involved are as follows:

• Local Windows Host File (Recommended for troubleshooting)
• PC DNS Server list
• Internal DNS server
• Designated Conditional Forwarders
• DNS forwarders
• Root hints (if enabled)

Please, see how to fix HyperV Virtual Machine display taking over the entire screen, and how to fix Domain Name System Protocol: Client Registration Issue.

Why you should not use Public DNS in Production (Problems with Non-ISP DNS)

Using non-ISP DNS servers, such as 8.8.8.8, can lead to several complications:

Local Windows Host File: The local Windows Host File should only be used temporarily for troubleshooting purposes. Failure to revert it to its default setting after resolving the issue can cause ongoing problems.

Incomplete DNS Resolution: Relying solely on non-ISP DNS prevents the resolution of local DNS. This limitation can hinder machines from communicating with Active Directory, resulting in slow logins, policy retrieval issues, and potential domain relationship loss.

Broadcasting Internal Queries: Using non-ISP DNS may broadcast internal DNS queries to the internet. This practice is not recommended and could violate security policies or regulations governing your organization.

Suboptimal DNS Forwarding: DNS forwarders that exclusively point to non-ISP DNS servers utilize the ISP connection to reach external DNS. However, using a local DNS resolution solution, closer to your network, can significantly speed up requests.

Misleading Outage Indicators: If your DNS is set to non-ISP servers like 8.8.8.8, DNS failures may mistakenly appear as ISP outages. This can trigger unnecessary failover actions if failover rules are not dependent on ISP DNS.

Dependency on External Providers: Disabling root hints and relying solely on external DNS providers can render your business vulnerable to external provider outages, directly impacting DNS resolution.

Firewall and Network Traffic Issues: Using non-ISP DNS can misidentify your network as “public” within the Windows firewall, causing it to block network traffic. Similarly, if a domain controller’s DNS points to an external address like 8.8.8.8, it can trigger firewall issues. Temporary fixes like toggling IPv6 will not resolve the problem, emphasizing the need to remove non-ISP DNS settings.

Best Practices for DNS Configuration

To avoid the pitfalls associated with non-ISP DNS, it is recommended to follow these best practices:

Domain Controller/DNS Configuration: Ensure that domain controllers and DNS servers on the local network interface point to another domain controller or DNS interface instead of an external IP.

DNS Forwarders: Configure DNS forwarders in the DNS management console to point to the external DNS servers provided by your ISP. This setup ensures proper external DNS resolution.

Third-Party DNS Filtering: For third-party DNS filtering services like OpenDNS, refer to the product’s documentation for specific configuration instructions. In most cases, using non-ISP DNS or enabling root hints can bypass the protection offered by these services.

Also, see Domain Name System Protocol: Client Registration Issue, and the “connection was denied because the user is not authorized for remote Login: Enable Remote Desktop Connection on Windows 11 for non-administrators or selected users.

How to Change DNS Server in Windows 10 and 11

Changing DNS servers on Windows 10 and 11 can be a useful way to optimize your network connectivity or enhance privacy and security.

We will explore different methods to change DNS servers on Windows, including Command Prompt, PowerShell, Settings, and Control Panel. Whether you prefer using command-line tools or a graphical interface, we’ve got you covered!

Change DNS Server in Windows using Command Prompt

If you’re comfortable with the Command Prompt, follow these steps to change DNS servers on Windows 10 and 11:

Open the Start menu and search for “Command Prompt,” right-click the top result, and select “Run as administrator.”

Type the command “ipconfig /all” and press Enter to view your current networking configuration.

Under the network adapter section, note the adapter’s name and the current DNS server addresses.

To set a new DNS server address, use the command as shown below:

netsh interface ip set dns name=[adapter name] static [DNS server address]

Replace [adapter name] with your adapter’s name and [DNS server address] with the address of the desired DNS server.

If you want to set an alternate DNS server address, use the command as shown below:

netsh interface ip add dns name=[adapter name] [alternate DNS server address] index=2

Again, replace the placeholders accordingly. Use the command “ipconfig /all” to confirm the new DNS configuration.

Here is how to fix “DNS Bad key 9017: The Cluster Name registration failed of one or more associated DNS names“, and Domain Name System Protocol: Client Registration Issue

Changing DNS Servers using PowerShell

PowerShell provides an alternative method for changing DNS servers on Windows 11. Follow these steps:

Open the Start menu and search for “PowerShell,” right-click the result, and select “Run as administrator.”

Enter the command “Get-NetIPConfiguration” and press Enter to view your current network configuration.

Note the InterfaceIndex and DNSServer information displayed.

To assign a primary DNS server address, use the command s shown below:

Set-DnsClientServerAddress -InterfaceIndex [InterfaceIndex] -ServerAddresses [primary DNS server address]

Replace [InterfaceIndex] with the corresponding index number and [primary DNS server address] with the desired address.

If you need to set a secondary DNS server address, use the same command but add a comma and append the second address.

Set-DnsClientServerAddress -InterfaceIndex [InterfaceIndex] -ServerAddresses [primary DNS server address], [secondary DNS server address]

After executing the commands, test the new configuration.

Changing DNS Servers using Settings

If you prefer a more user-friendly approach, you can change DNS servers using the Settings app. Follow these steps:

Press the “Windows + I” key together to open the Settings app and click on “Network & Internet.”

If you’re using an Ethernet connection, click on the “Ethernet” tab. For Wi-Fi, click on the connection properties option to access DNS settings.

Under the “DNS server assignment” section, click the “Edit” button.

Select the “Manual” option from the drop-down menu. Turn on the IPv4 toggle switch.

Specify the IP address of the preferred DNS server under the “Preferred DNS” section.

Specify the secondary DNS address under the “Alternate DNS” section. Click the “Save” button to apply the new DNS configuration.

Changing DNS Servers using Control Panel:

Although Control Panel is gradually being phased out, it is still possible to change DNS settings using this method. Follow these steps:

Press the “Windows + R” key together to open Run, type “ncpa.cpl” and hit Enter.

In the Network Connections, right-click on the network adapter and choose “Properties.”

Select “Internet Protocol Version 4 (TCP/IPv4)” and click the “Properties” button.

Under the “Use the following DNS server addresses” section, specify the preferred DNS server address.

Specify an alternate DNS server address. Click “OK” and then “Close” to save the changes.

Conclusion

Properly configuring DNS settings is crucial to avoid delays in resolution, security policy violations, and network disruptions.

By understanding the limitations of non-ISP DNS and following best practices, you can ensure smooth DNS operations, maintain network security, and prevent unnecessary complications in your IT infrastructure.

I hope you found this article useful on “Do not use Public DNS in Prod: Change DNS Server in Windows”. Please let me know in the comment section if you have any questions.