How to Change DNS Settings on Your Router

DNS (Domain Name System) is the service that translates website names into IP addresses. When you type google.com into your browser, a DNS server looks up the corresponding IP address so your device knows where to connect. Your router sends all DNS queries to your ISP’s servers by default, but you can change this to use faster, more private, or more secure alternatives.

Switching DNS at the router level affects every device on your network in one step. No individual device configuration needed.

Compare DNS Providers

DNS provider selection matters because speed, privacy, and features vary significantly between options. Here are the four most popular public DNS services and what each one offers.

Cloudflare DNS (1.1.1.1 and 1.0.0.1) is consistently the fastest public DNS resolver in independent benchmarks. Cloudflare commits to deleting all DNS logs within 24 hours and publishes annual third-party audits to verify this. The service is free and supports DNS over HTTPS and DNS over TLS for encrypted lookups. For families, Cloudflare offers 1.1.1.2 (malware blocking) and 1.1.1.3 (malware plus adult content blocking).

Google Public DNS (8.8.8.8 and 8.8.4.4) is the most widely used public DNS service in the world. Response times are excellent globally. Google logs full IP addresses for 24-48 hours for debugging purposes. The service is reliable with virtually zero downtime. Google supports DNS over HTTPS and DNS over TLS.

Quad9 (9.9.9.9 and 149.112.112.112) focuses on security by automatically blocking DNS lookups for known malicious domains. When a device on your network tries to reach a phishing site or malware server, Quad9 returns no result, preventing the connection. Quad9 is operated by a nonprofit foundation based in Switzerland and does not log user IP addresses. It supports DNS over HTTPS and DNS over TLS.

OpenDNS (208.67.222.222 and 208.67.220.220) is owned by Cisco and offers customizable content filtering. Create a free account at opendns.com to choose which categories of websites to block (adult content, gambling, social media). OpenDNS FamilyShield (208.67.222.123) blocks adult content by default with no account needed. This makes it popular for parental controls at the network level.

For most home users, Cloudflare offers the best combination of speed and privacy. For households with children, OpenDNS FamilyShield or Cloudflare for Families provides content filtering without extra software.

Change DNS on TP-Link Routers

TP-Link routers place DNS settings in the network configuration section. Log in to your router admin panel at 192.168.0.1 or tplinkwifi.net using your admin credentials.

Go to Advanced, then Network, then Internet (or WAN on older firmware). Look for a section labeled DNS Address or DNS Server. You may need to uncheck “Get Dynamically from ISP” first to enable manual DNS entry.

Enter your preferred primary DNS in the first field and the secondary DNS in the second field. For Cloudflare, enter 1.1.1.1 as primary and 1.0.0.1 as secondary. Click Save.

Some TP-Link models have a separate DHCP DNS setting under Network, DHCP Server. This controls which DNS servers the router tells devices to use. If both WAN DNS and DHCP DNS settings exist, change both to ensure consistent behavior.

Restart the router for the change to take full effect. All connected devices will start using the new DNS servers after they renew their DHCP lease.

Change DNS on ASUS Routers

ASUS routers with ASUSWRT firmware provide DNS settings in the WAN configuration. Log in at 192.168.1.1 or router.asus.com. Click WAN in the left sidebar. Scroll down to the WAN DNS Setting section.

Set Connect to DNS Server automatically to No. Two fields appear for DNS Server 1 and DNS Server 2. Enter your preferred provider addresses. For Google DNS, enter 8.8.8.8 and 8.8.4.4. Click Apply.

ASUS routers also offer DNS settings under LAN, DHCP Server. The field labeled DNS Server controls what the router tells client devices. Setting DNS in both WAN and LAN sections ensures the router itself and all connected devices use your chosen DNS provider.

ASUSWRT-Merlin firmware (a popular third-party enhancement) adds DNS over TLS support directly on the router. Under WAN, enable DNS Privacy Protocol and set it to DNS over TLS. Enter the DNS provider’s TLS hostname (for Cloudflare: 1dot1dot1dot1.cloudflare-dns.com). This encrypts all DNS traffic leaving your network.

Change DNS on Netgear and Linksys Routers

Netgear and Linksys routers follow a similar pattern for DNS configuration. On Netgear, log in at 192.168.1.1 or routerlogin.net. Go to Internet (under Basic) or Advanced, Setup, Internet Setup. Find the DNS Address fields. Select “Use These DNS Servers” and enter your preferred addresses. Click Apply.

On Linksys routers, log in at 192.168.1.1 or myrouter.local. For Smart Wi-Fi firmware, click Connectivity in the left panel, then the Internet Settings tab. Edit the connection, change DNS to manual, and enter the addresses. Click Apply.

For both brands, verify the change took effect by running a DNS leak test from a device on the network. Visit dnsleaktest.com and run the extended test. The results should show your chosen DNS provider, not your ISP.

Set Up Per-Device vs Router-Level DNS

DNS changes at the router level affect every device that relies on the router for its DNS settings. This covers most devices by default, but you can mix approaches depending on your needs.

Router-level DNS is the set-and-forget approach. Change it once and every device benefits. Smart TVs, IoT devices, game consoles, and guest devices all use the router’s DNS automatically. This is the best approach for security-focused DNS (Quad9) because it protects devices that cannot run their own security software.

Per-device DNS overrides the router’s setting for a specific device. On Windows, go to Settings, Network, Wi-Fi, Hardware Properties, DNS Server Assignment, and switch to Manual. On macOS, go to System Settings, Network, Wi-Fi, Details, DNS, and add your DNS addresses. On iPhone, go to Settings, Wi-Fi, tap the (i) icon, Configure DNS, Manual. On Android, go to Settings, Network, Private DNS.

A practical strategy is to set Quad9 (9.9.9.9) on the router for network-wide malware blocking, then set Cloudflare (1.1.1.1) on your personal devices for maximum speed. Guest devices and IoT gadgets get Quad9 protection automatically while your laptop and phone get the fastest resolution.

Per-device DNS settings also allow you to test different providers without affecting the whole network. Change DNS on one device, browse for a few days, and switch the router over if you are satisfied.

Configure DNS over HTTPS for Encrypted Lookups

DNS over HTTPS (DoH) encrypts DNS queries so they cannot be read or modified in transit. Without DoH, your ISP can see every domain name you look up, even if the website itself uses HTTPS. DoH wraps DNS queries inside HTTPS encryption, making them invisible to middlemen.

Most consumer routers do not support DoH natively. The exceptions are ASUS routers running ASUSWRT-Merlin firmware (which supports DNS over TLS, a similar protocol) and routers running OpenWrt or pfSense.

For most people, the easiest path to encrypted DNS is through the browser. Chrome: go to Settings, Privacy and Security, Security, scroll to “Use secure DNS,” toggle it on, and select your provider. Firefox: go to Settings, Privacy & Security, scroll to DNS over HTTPS, and enable it with your preferred provider. Edge: go to Settings, Privacy, Security, and enable secure DNS.

Browser-based DoH encrypts DNS queries from that browser only. Other applications on the same device and other devices on the network still use unencrypted DNS through the router.

For full network coverage, consider a Pi-hole or similar DNS appliance that supports DNS over HTTPS. Install it on a Raspberry Pi or spare computer, configure it as a DoH client, and point your router’s DHCP settings to use the Pi-hole as the network DNS server. Every device on the network then gets encrypted DNS resolution.

Troubleshoot DNS Issues After Changing Settings

DNS changes occasionally cause problems. Here are the most common issues and how to resolve them.

Websites stop loading after changing DNS. You may have entered the wrong address. Double-check the numbers. A single digit off means the DNS queries go nowhere. Revert to your ISP’s DNS (set the router back to automatic) to confirm this is the cause.

Some websites load slowly or not at all. Flush the DNS cache on your device. On Windows, open Command Prompt and run ipconfig /flushdns. On macOS, open Terminal and run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. On Chrome, visit chrome://net-internals/#dns and click “Clear host cache.”

DNS leak test shows ISP DNS despite changing settings. The device may have DNS settings configured locally that override the router. Check the device’s network settings for manual DNS entries. Also check if a VPN is overriding DNS with its own servers.

Quad9 blocks a website you need to access. Quad9 occasionally blocks legitimate domains that share infrastructure with malicious sites. Switch to Cloudflare or Google DNS temporarily, or use per-device DNS on the device that needs access while keeping Quad9 on the router for everything else.

Smart TV or streaming device does not respect router DNS. Some devices (notably Google Chromecast and certain Samsung TVs) hardcode Google DNS (8.8.8.8) and ignore the router’s DNS settings. To force these devices through your chosen DNS, you can create a firewall rule on advanced routers that redirects all traffic on port 53 to your preferred DNS server. This requires a router running custom firmware like OpenWrt or DD-WRT.