Since the dial-up era, ISPs have bundled routers and modems with every new connection. The ISP’s technician shows up to install the hardware, fills in your account details, and leaves. At no point does anyone mention the settings that you can access and change.
Buried inside the router’s admin interface are several network settings that often look overwhelming. And that’s why the DNS server option remains untouched, pointing to the ISP’s servers.
Every time you type a URL, your device quietly translates it into a specific IP address to connect to. All that happens behind the scenes in milliseconds and on all devices on your network. Unless you’ve manually changed settings, a record of every DNS query lands directly on your ISP’s servers.
5 router settings most people never touch that fixed my network problems
Lesser-known fixes for well-known problems
Records of your browsing habits are ISPs’ goldmine
It matters whether you share the data
Modern ISPs can provide you with an internet connection in a couple of hours or a day. But the onboarding process doesn’t mention the option to opt in or out of DNS data. Every time your phone, laptop, computer, portable device, smart TV, or smartwatch uses the internet, it all passes through the DNS first.
Additionally, the ISP’s hardware often locks down several settings. Some ISPs don’t even enable DNS over HTTPS (DoH) or DNS over TLS (DoT) on their DNS servers, leaving those queries to travel unencrypted and can be intercepted.
The laws governing whether ISPs need your explicit consent before collecting and monetizing DNS data vary significantly by region. That said, many ISPs have been documented selling anonymized browsing data to data brokers, data aggregators, advertisers, and other third parties. The researchers demonstrated that the so-called anonymized data is still re-identifiable.
In the end, DNS traffic is a product for ISPs. That’s why they remain silent, because you’re generating DNS traffic for free every day and sending it straight to their servers.
Wrapping helpful search pages with ads
Plastering ads wherever possible
Has it ever happened to you that mistyping a URL redirected you to a search page full of sponsored links and suggested searches? That’s DNS hijacking, where your ISP intercepts a failed DNS lookup and points your browser to a page full of ads instead of showing a proper error. To an average user, it appears to be a helpful page with suggestions.
In some countries, ISPs block access to specific websites at the DNS level entirely — as a parental control feature, for network filtering, or to comply with court-ordered blocks. Even if you try to punch in the names of such sites, the browser only returns an error.
The ISPs get paid for those ads, which are often targeted. Recollect how you saw random ads for products that you don’t even use or aren’t relevant to you? It’s just a glimpse of how the ISP’s infrastructure partially shapes your browsing experience.
That said, the third-party DNS service providers don’t do any such things. They show a clear, discernible error if a website doesn’t open.
Switch DNS to improve browsing experience and privacy
Pick one that's fast, reliable, and secure
You aren’t stuck with ISPs’ DNS addresses forever. Switching to a public DNS service provider from your router’s interface barely takes a couple of minutes. The best part is that those DNS service options are excellent and completely free.
Cloudflare (1.1.1.1/1.0.0.1) offers a fast public DNS service and maintains a strict no-logging policy. Using Google’s Public DNS (8.8.8.8 / 8.8.4.4) service is quite reliable and fast. But you’re sharing your online behavior data with Google rather than your ISP, so remember that.
For privacy-focused DNS usage, Quad9’s (9.9.9.9) service automatically blocks malicious domains and is run by a non-profit organization. That said, it is a little slower than the other two due to filtering and blocking. There’s a free-tier NextDNS (45.90.28.167 / 45.90.28.167) service for those who want granular control like per-device filtering, a configurable dashboard, and detailed query logs that you own.
Whichever you pick, look for the one that supports DNS encryption through DoH or DoT. These protocols encrypt your DNS traffic from your devices to the servers, so even your ISP can’t see the details inside.
If you’re comfortable with a bit of effort, you can go further to self-host your DNS service. Many begin with Pi-hole, a free, open-source DNS server, on a modest Raspberry Pi or any Linux machine. Or you can try out other self-hosted DNS servers. It’s a bit of a rabbit hole that runs deep, but it is certainly a rewarding one.
Here's how your ISP and the entire internet know that you're using a VPN
A VPN might help protect your privacy, but everyone knows you're using one.
Why do ISPs stay quiet about all of this
ISPs don’t openly advertise that faster, more reliable, and secure public DNS services exist. They’re interested in your online browsing behavior and network traffic patterns. When you switch DNS on your router, its pipeline breaks.
Also, when your internet goes down, their technicians have a hard time troubleshooting things remotely if they can’t see what DNS services your router uses. While you can easily set a public DNS address on your phone, computer, or other devices, you’d rather make that switch on your router for a network-wide effect. Or better, self-host a local DNS.
Your ISP filled in those two text boxes quietly or omitted them entirely, without asking. Now you know why — and what you can do about it.