Do I have to choose DNS servers?

Do I have to specify DNS servers when configuring my home Mac, my home router, my wireless access points, and various other little devices on my home LAN?

Or is “normal” home user behavior to leave all the configuration boxes in these devices blank?

I always figured I did have to, as there were spaces there to be filled out, and when I set up my home network many years ago it somehow seemed necessary. But now I am picking up clues on the Web that normal behavior is to leave all these blank and let them appear somehow by magic (or maybe DHCP coming down from my ISP).

Note, I did use an optimization program ( that ran tests for many minutes and then told me was the fastest for me, so I may want to overwrite defaults. But my main question is whether specifying them is something I should assume I am supposed to do, or something most people don’t do.


If you leave them on auto, they will use your ISPs DNS. If you use and those are Google’s DNS servers, which may or may not provide better performance/privacy for your purposes.

“leave them on auto” means leave them blank, right?

ETA: Yes, blank = auto.

More strictly, blank / auto will use whichever DNS your ISP has configured their DHCP to provide to your router. It’s probably their own, but not necessarily.

Some folks get real religious about not using their ISP’s DNS because, gasp, the ISP might do something nefarious with it :eek:. Given that they’re transporting 100% of your traffic that always seemed to me like a pretty silly concern. If they wanted to f*** with you DNS would be about #437 on their list of options.

If they were really serious, your ISP could also intercept all traffic from your router to known DNS servers and internally redirect it to theirs. Without you ever being the wiser.

All that’s theoretical mumbo jumbo and wannabe guru internet blather. IMO the best advice is leave it blank. DNS is far from the limiting factor in the performance of ordinary people’s internet usage. And a wrong or obsolete config will leave your internet mostly dead and you scratching your head. For most amateur values of “you”. Fiddling with it is about 99% downside and 1% upside.

I use the google ones. Before that, IIRC, I would set them to the address for my router, typically which, I believe will just then go through your IP.

This isn’t theoretical problem. ISPs have been known to use DNS servers that redirect people to advertising sites when they mistype a domain name. My own ISP was doing that to me for some time (I use the Google DNS now, so I’m not sure if they still do it)

My network appliances typically have spaces for DNS servers, too. For example, my network security cameras, and my network IP clock, and my wireless network extenders. Is this so I can override my overall network behavior for that device in particular for some reason? If I leave them all blank, they will wind up following whatever lead my router is set up for, correct?

Interesting! I often get redirects to ad sites, maybe when I’ve mistyped. I may try blank versus to test this. Thanks!

I found that the Comcast default DNS servers were just failing to respond with annoying frequency, and that switching to Google solved the problem.

Agreed. It’s far from theoretical.

In addition to Google DNS there’s a new player on the scene that’s getting high marks from various sources, Quad9

Here’s one comparison of the major players and Quad9 ranked 2nd overall.

I’m currently using Quad9 on one of my laptops at home and have been pleased with it’s performance.

A lot of ISP’s DNS does do something at least arguably nefarious: Highjacking the NXDOMAIN response you’re supposed get if you type in a nonexistent domain and replacing it with a “helpful” search page. It’s a violation of web standards and can cause vulnerability to cross-scripting attacks.

That, or so you can configure them manually in the event that your network does not have a DHCP setup.

On most machines, you have a choice to either use a DHCP server or to manually configure your IP and DNS servers. Most operating systems have either a check box or a radio button to choose one or the other. Macs are apparently fairly unique in that you just leave them blank to choose DHCP. I’ve never seen any other operating system do it that way.

Almost everyone these days uses DHCP. It’s pretty rare to manually configure a DNS server. I do it in my home because all of the computers and devices in my home are on a private local network and don’t use DHCP. I manually configure everything to use the gateway as their DNS server, and the internet gateway uses DHCP to get its IP and DNS from Comcast.

There’s generally no reason to use anything other than what your ISP provides, except in cases where your ISP is a sneaky bastard and forwards you to advertising and such if the DNS lookup fails (as noted upthread) or if your DNS server is unreliable.

I’ve never had an issue with Comcast’s DNS servers. Must be the DNS servers in your particular area.

I’ve had plenty of other issues with Comcast, and if I had any choice at all I would use a different internet provider, but DNS hasn’t been an issue for me.

Not only this, but Macs, or at least the one I’m working with right now, put DNS addresses into those spaces, but write them in gray. One might take a clue from this that they are being generated automatically, or can’t be changed for whatever reason.


Yup. That’s what mine does. Putting into my Mac settings above the existing ones prevents this.

Wait, wrong, this isn’t it (and I missed the edit window). They were gray because I hadn’t authenticated as an admin.

I did a DNS test recently using the older program DNSBench.exe from Gibson Research. Interesting to confusing results.

One thing I saw reading up about choosing a DNS server is some unexpected complications. Example:

Many companies have servers provided by Akamai. Akamai takes the DNS lookup IP* as indicating where the user is and directs the user to the “nearest” server farm.

If you use a DNS server not in your region, or even country, this can impact the service significantly.

This is considered an error by all but Akamai who considers it a feature. :rolleyes:

  • While using the users’ actual IP address is better, it takes more time to do a lookup of geographic location as opposed to a much smaller table of common DNS servers. Fractions of a second count here.

Verizon does this to me. Annoying but neither deceptive nor harmful. I am unaware of cross-scripting attacks and how this presents a vulnerability.

I would have used this, but it’s for PCs (and Macs running Windows emulators), which leaves me out. Still, I may run it on Mrs. Napier’s PC if she lets me. It appears to be way more informative than Though, namebench gives you the single fastest result, which I guess is all that gets used in the end.

In Australia the government’s crackdown on internet piracy has been implemented via a big expansion for Australia’s anti-piracy website blocking regime. Someone who uses the same ISP as me was recently complaining about all the sites he could no longer access. I was puzzled that I had no such problems until I recalled that years ago I had started using Google’s DNS servers to get around problems that seemed to have me editing my hosts file every few weeks.