Network Windows

Why you should not use Public DNS in Production: Change DNS Server in Windows

Matthewby
Leave a Comment on Why you should not use Public DNS in Production: Change DNS Server in Windows
Featured image_DNS Server settings

Many of us have experienced the convenience of quickly entering 8.8.8.8 as the DNS when we need to test internet connectivity or can’t recall our ISP’s DNS. However, failing to switch back to the correct DNS after testing can lead to delays in DNS resolution and create a potential point of failure. When it comes to choosing DNS servers for your production environment, it is essential to make informed decisions that prioritize reliability, security, and performance. Despite the popularity of public DNS servers like Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1 for personal use, relying on them in a production environment can result in potential issues and compromises. In this article, we will explore the reasons why you should not use Public DNS in Production: Change DNS Server in Windows.

We shall provide insights into how to change DNS servers in both Windows 10 and Windows 11 to ensure optimal performance and security. Here are other related guides: How to set up a third-party DNS server on a Linux Server, How to setup a cache-only DNS server, How to activate DNS over TLS in Windows 11, Domain Name System: How to create a DNS record, and A-Z of Domain Name System: All you need to know about DNS.

Understanding DNS Resolution Process

To comprehend the issues related to non-ISP DNS, it’s essential to understand how DNS resolution works. When a computer tries to resolve a domain name, it follows a specific order of resolution attempts. The steps typically involved are as follows:

  • Local Windows Host File (Recommended for troubleshooting)
  • PC DNS Server list
  • Internal DNS server
  • Designated Conditional Forwarders
  • DNS forwarders
  • Root hints (if enabled)

Why you should not use Public DNS in Production (Problems with Non-ISP DNS)

Using non-ISP DNS servers, such as 8.8.8.8, can lead to several complications:

Local Windows Host File: The local Windows Host File should only be used temporarily for troubleshooting purposes. Failure to revert it to its default setting after resolving the issue can cause ongoing problems.

Incomplete DNS Resolution: Relying solely on non-ISP DNS prevents the resolution of local DNS. This limitation can hinder machines from communicating with Active Directory, resulting in slow logins, policy retrieval issues, and potential domain relationship loss.

Broadcasting Internal Queries: Using non-ISP DNS may broadcast internal DNS queries to the internet. This practice is not recommended and could violate security policies or regulations governing your organization.

Suboptimal DNS Forwarding: DNS forwarders that exclusively point to non-ISP DNS servers utilize the ISP connection to reach external DNS. However, using a local DNS resolution solution, closer to your network, can significantly speed up requests.

Misleading Outage Indicators: If your DNS is set to non-ISP servers like 8.8.8.8, DNS failures may mistakenly appear as ISP outages. This can trigger unnecessary failover actions if failover rules are not dependent on ISP DNS.

Dependency on External Providers: Disabling root hints and relying solely on external DNS providers can render your business vulnerable to external provider outages, directly impacting DNS resolution.

Firewall and Network Traffic Issues: Using non-ISP DNS can misidentify your network as “public” within the Windows firewall, causing it to block network traffic. Similarly, if a domain controller’s DNS points to an external address like 8.8.8.8, it can trigger firewall issues. Temporary fixes like toggling IPv6 will not resolve the problem, emphasizing the need to remove non-ISP DNS settings.

Best Practices for DNS Configuration

To avoid the pitfalls associated with non-ISP DNS, it is recommended to follow these best practices:

Domain Controller/DNS Configuration: Ensure that domain controllers and DNS servers on the local network interface point to another domain controller or DNS interface instead of an external IP.

DNS Forwarders: Configure DNS forwarders in the DNS management console to point to the external DNS servers provided by your ISP. This setup ensures proper external DNS resolution.

Third-Party DNS Filtering: For third-party DNS filtering services like OpenDNS, refer to the product’s documentation for specific configuration instructions. In most cases, using non-ISP DNS or enabling root hints can bypass the protection offered by these services.

How to Change DNS Server in Windows 10 and 11

Changing DNS servers on Windows 10 and 11 can be a useful way to optimize your network connectivity or enhance privacy and security. We will explore different methods to change DNS servers on Windows, including Command Prompt, PowerShell, Settings, and Control Panel. Whether you prefer using command-line tools or a graphical interface, we’ve got you covered!

Change DNS Server in Windows using Command Prompt

If you’re comfortable with the Command Prompt, follow these steps to change DNS servers on Windows 10 and 11:

Open the Start menu and search for “Command Prompt,” right-click the top result, and select “Run as administrator.”

Open Command Prompt
Open Command Prompt

Type the command “ipconfig /all” and press Enter to view your current networking configuration.

Command to view ip configurations
Command to view ip configurations

Under the network adapter section, note the adapter’s name and the current DNS server addresses.

To set a new DNS server address, use the command as shown below:

netsh interface ip set dns name=[adapter name] static [DNS server address]

Replace [adapter name] with your adapter’s name and [DNS server address] with the address of the desired DNS server.

Change DNS Server
Change DNS Server

If you want to set an alternate DNS server address, use the command as shown below: 

netsh interface ip add dns name=[adapter name] [alternate DNS server address] index=2
Change Alternative DNS Server
Change Alternative DNS Server

Again, replace the placeholders accordingly. Use the command “ipconfig /all” to confirm the new DNS configuration.

Changing DNS Servers using PowerShell

PowerShell provides an alternative method for changing DNS servers on Windows 11. Follow these steps:

Open the Start menu and search for “PowerShell,” right-click the result, and select “Run as administrator.”

Open Powershell
Open Powershell

Enter the command “Get-NetIPConfiguration” and press Enter to view your current network configuration.

View IP configuration in PowerShell
View IP configuration in PowerShell

Note the InterfaceIndex and DNSServer information displayed.

To assign a primary DNS server address, use the command s shown below:

Set-DnsClientServerAddress -InterfaceIndex [InterfaceIndex] -ServerAddresses [primary DNS server address]

Replace [InterfaceIndex] with the corresponding index number and [primary DNS server address] with the desired address.

If you need to set a secondary DNS server address, use the same command but add a comma and append the second address.

Set-DnsClientServerAddress -InterfaceIndex [InterfaceIndex] -ServerAddresses [primary DNS server address], [secondary DNS server address]
Change DNS server and Alternative DNS server
Change DNS server and Alternative DNS server

After executing the commands, test the new configuration.

Changing DNS Servers using Settings

If you prefer a more user-friendly approach, you can change DNS servers using the Settings app. Follow these steps:

Press the “Windows + I” key together to open the Settings app and click on “Network & Internet.”

Network and Internet Settings
Network and Internet Settings

If you’re using an Ethernet connection, click on the “Ethernet” tab. For Wi-Fi, click on the connection properties option to access DNS settings.

Under the “DNS server assignment” section, click the “Edit” button.

Change DNS server settings.
Change DNS server settings

Select the “Manual” option from the drop-down menu. Turn on the IPv4 toggle switch.

Edit network DNS Server settings
Edit network DNS Server settings

Specify the IP address of the preferred DNS server under the “Preferred DNS” section.

Edit network DNS
Edit network DNS

Specify the secondary DNS address under the “Alternate DNS” section. Click the “Save” button to apply the new DNS configuration.

Changing DNS Servers using Control Panel:

Although Control Panel is gradually being phased out, it is still possible to change DNS settings using this method. Follow these steps:

Press the “Windows + R” key together to open Run, type “ncpa.cpl” and hit Enter.

Run utility
Run utility

In the Network Connections, right-click on the network adapter and choose “Properties.”

Network Connections
Network Connections

Select “Internet Protocol Version 4 (TCP/IPv4)” and click the “Properties” button.

Wifi Properties
Wifi Properties

Under the “Use the following DNS server addresses” section, specify the preferred DNS server address.

Set the DNS server IP
Set the DNS server IP

Specify an alternate DNS server address. Click “OK” and then “Close” to save the changes.

Conclusion

Properly configuring DNS settings is crucial to avoid delays in resolution, security policy violations, and network disruptions. By understanding the limitations of non-ISP DNS and following best practices, you can ensure smooth DNS operations, maintain network security, and prevent unnecessary complications in your IT infrastructure.

I hope you found this article useful on why you should not use Public DNS in Production: Change DNS Server in Windows. Please let me know in the comment section if you have any questions.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x