5 Encrypted DNS Services to Use on iOS and macOS

In the past I’ve written about good VPN services to use, and now it’s time to talk about DNS. Short for Domain Name System, DNS is commonly referred to as the “phone book” of the internet. It helps connect web browsers with web servers by translating addresses like into www.macobserver.com. Here are five encrypted DNS services that I recommend.

There are several different ways to use a DNS server. One is to manually go into network settings on each and configure the Wi-Fi. The second way is to download an app, and the third way is to go into your router settings and configure it there. You can typically access your router settings by typing in a web browser.

Configuration for iOS 13 and Previous

You can manually change your DNS server on iOS by going to Settings > Wi-Fi. Tap on the blue “i” icon next to your Wi-Fi network, then scroll down and tap Configure DNS. On macOS you’ll find this by going to System Preferences > Network > Advanced > DNS.

Your ISP will automatically set you up with its own DNS servers. But many, if not all, ISPs collect your browsing history and sell it to advertisers. This is why we want to use private DNS services.

Using a DNS app is helpful on iPhones and iPads because if you connect to multiple Wi-Fi networks, you’ll have to configure all of them. Plus, you can’t configure DNS on a cellular connection. But DNS apps set up a fake VPN profile, which means you’ll have that DNS no matter which network you connect to.

To manually configure them, use the addresses for the primary and secondary servers. Type the primary server first and the secondary server second. Unless your network supports IPv6, you can stick with the IPv4 servers. Make sure that both the primary and secondary servers are both the same protocol.

Using private DNS servers on iOS and macOS
How to manually configure. Left: iOS. Right: macOS

Configuration For iOS 14

Apple introduced native DNS with iOS 14. This means that DNS apps no longer have to create the fake VPN profile. Instead, by going to Settings > VPN & Network > DNS, you can directly enter the DNS servers and they will remain connected over Wi-Fi and cellular.

DNS Services

1. Cloudflare

Cloudflare released its public DNS in 2018. The company says its WARP technology makes it faster than other DNS services. Cloudflare also says it doesn’t keep logs or share your data with advertisers.

  • Primary Server:
  • Secondary Server:

Download on the App Store. There is no Mac app so you’ll have to manually configure.

2. AdGuard

AdGuard has a DNS service in addition to an adblocker. The DNS service can automatically filter out ads, malicious websites, tracking, and phishing. It also has separate servers for family protection that blocks adult content. It supports DNSCrypt, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols.


  • Primary Server:
  • Secondary Server:

Family Protection

  • Primary Server:
  • Secondary Server:

Download on the App Store.

Download on the Mac App Store.

3. LibreDNS

This is a German DNS service run by LibreOps, an organization that contributes to other free, open source technologies.


4. OpenDNS

OpenDNS is a service that Cisco acquired in 2015.

  • Primary Server:
  • Secondary Server:

5. NextDNS

This is the service that I currently use, and I really like it. It’s the most configurable of all these services. There are a wide variety of block lists to choose from. AdGuard’s blocklist is also available here, as well as other popular lists like EasyList. You can add multiple blocklists.

Final Note

I mentioned that DNS apps on iOS and iPadOS set up a fake VPN profile on iOS 13 and before. It’s fake because it doesn’t route your traffic through other servers, it’s just But if you use an actual VPN app, make sure the protocol it uses is IKEv2 (if it gives you a choice). This way, you can use both the VPN app and the DNS app at the same time.

4 thoughts on “5 Encrypted DNS Services to Use on iOS and macOS

    1. You can use both at the same time under certain circumstances. For example, I use Private Internet Access and it lets you manually switch the protocol it uses, like OpenVPN, IKEv2, IPSEC. I noticed that I can only use both simultaneously if I set PIA to IKEv2.

  • For years and years, OpenDNS was THE go-to for great, helpful, safe DNS. I noticed a few years ago that it became part of CISCO and I notice you didn’t mention it now. I wondered if it changed and went downhill and whether I should continue using it.. Are there reasons it’s not mentioned here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.