How to enable secure private DNS on Android

Android robot figure.
Primakov /

Almost everything you do on the Internet starts with a DNS query, so it’s important to have secure communication with a DNS provider. This is where Android’s Private DNS feature comes into play.

What is Private DNS on Android?

DNS is a building block in the modern internet. It acts as a phone book or phone book and helps you get anywhere you want on the web.

For example, when you want to visit How-To Geek, just type in the address bar of a web browser. Unfortunately, your web browser does not know how to get to How-To Geek. This is where DNS comes into play. Your web browser asks for the DNS server, which is typically operated by your ISP or mobile network, which converts domain name for an IP address, e.g. With the IP address in hand, your web browser can now connect to your favorite resource for how-to articles.

But traditionally, the DNS queries and their responses were sent without any kind of security or encryption, making them vulnerable to eavesdropping or man-in-the-middle attacks. So a new DNS protocol – DNS over TLS – was introduced. It creates a secure channel between your web browser and the DNS server and protects your DNS traffic from prying eyes and malicious third parties. DNS over TLS is not the only secure DNS protocol, DNS over HTTPS is another widely used protocol.

Google has brought DNS over TLS support to Android by introducing the Private DNS feature. It is available in Android 9 (Pie) and newer and encrypts all DNS traffic on the phone, including from apps.

The feature is enabled by default and uses a secure channel to connect to the DNS server if the server supports it. However, if your ISP or mobile service provider’s DNS does not have encrypted DNS support, or you are simply not sure, you can use a third-party secure DNS server using the Private DNS feature. How to enable, disable or use a private DNS provider in Android.

How to manage the private DNS feature in Android

Keep in mind that depending on your Android model, the exact path and labels may vary. However, the basic process remains the same.

To manage Private DNS settings, swipe down from the top of your device to access the notification screen and tap the gear icon. This will take you to device settings. You can also access the settings page from the apps drawer.

Android message shadow

Once in the settings, tap “Network and Internet”. Depending on your device, this may have a slightly different name, e.g. “Connections”.

Settings app on Android

Now press “Private DNS” to manage the function. If you do not immediately see the “Private DNS” option, you may need to tap “More connection options” or “Advanced.”

Private DNS function in Settings

You get three options: Off, Automatic and Private DNS provider hostname. You can select “Off” to stop using DNS over TLS, “Automatic” to use encrypted DNS when available, or enter the host name of a private DNS provider to use encrypted DNS from that provider. Remember that you will need a hostname instead of DNS server IPs.

Private DNS options

When done, press “Save” to apply the changes.

RELATED: Why you should not use your ISP’s default DNS server

Why you might want to use a private DNS provider

As explained above, Android’s Private DNS feature brings DNS over TLS support to the platform. Unfortunately, while its “Automatic” option uses secure DNS when available, you are at the mercy of your ISP or mobile provider to offer encrypted DNS support. Your ISP may not want to do that.

But there is an easy way to control. You can verify that your ISP supports TLS protocol for DNS encryption by using Avast-owned company Tentas Browser Privacy Test. It shows whether your ISP’s DNS is TLS enabled or not.

To ensure that your phone’s DNS queries remain secure and encrypted, we recommend using Google Public DNS or Cloudflare. You can also check out our DNS provider selection guide with your PC, or see a more comprehensive list of public DNS providers with encryption support on the DNS Privacy Projects website.

RELATED: How to choose the best (and fastest) alternative DNS server