VPNs offer a variety of network tools that help keep your traffic obfuscated. Although it’s usually reserved for only the best VPNs, some come with their own DNS servers. These servers translate user-friendly domain names into the IP addresses that computers use to communicate.
They aren’t standard practice for a VPN provider to offer because DNS requests aren’t covered under your VPN connection by default. However, if you stick to your default settings, you’re sending unencrypted website requests that your ISP will be able to read.
Now, while there are a few benefits to using a VPN provider’s DNS servers to encrypt your website requests, there’s also a few arguments for using your own one instead.
Read on and I’ll break down exactly what using your own DNS server gets you, as well as sticking points you might face, and ultimately whether or not you should use one.
Pros of using your own DNS
Improved speed and performance
When VPN providers handle your DNS traffic, they’re doing it through their own servers. These are going to be fast, but even the fastest VPNs aren't going to beat dedicated large-scale DNS providers like Cloudflare or Google.
Every new resolution takes a little bit of time, and while well-configured DNS can be near instant your worst DNS response time could be around 100ms.
That extra 0.1 of a second is slightly annoying when you’re waiting for a website to load, but the real issue is that lag adds up quickly if you’re running DNS request-heavy applications.
Greater control and customization
VPN providers tend to keep their DNS servers strictly configured. While there’s a few providers, such as Windscribe, that allow you to select between pre-set lists of banned sites, you won’t get anywhere near the same level of customization that you’ll get from running your own DNS server.
This allows you to block any content you want, but also means you can easily unblock any content that you decide is benign.
With most VPN providers, you take the whole blocklist or you forgo any ability to filter ad networks and malicious websites.
Access to georestricted content
Managing your own DNS servers means your own SmartDNS service, which you can configure at will.
While the best VPN providers are usually very good at maintaining access to geolocked content, there will inevitably be times when you end up encountering something you’re locked out of.
You can usually report stuff like this to your VPN’s support team, but if you’re comfortable with doing some VPS setup you can configure your own DNS server far quicker than they can respond.
Failover and redundancy
If a VPN provider’s DNS experiences downtime or is unreliable, switching to your own DNS can serve as a backup until they come back.
This ensures that you’ve always got a way to route DNS requests without compromising your privacy. You can even set up communication via DNS over TLS to make sure your requests are encrypted.
Cons of using your own DNS
Compromised privacy
One of the main reasons to buy into a VPN is for data security. When you split your DNS traffic and VPN traffic between two different entities, you’re increasing the chances of some of it being exposed.
Most VPN providers that do offer DNS use private encrypted servers which offer the same privacy and security guarantees as their main VPN network. If you’re using a third-party service that hasn’t been audited, you could be exposing your URL requests to surveillance from everyone from advertisers to governments.
Potential for DNS leaks
The real issue with using your own DNS with a VPN is the data you’re potentially leaking. Unless the connection you have to the DNS servers is encrypted, your DNS requests are sent back and forth in plaintext.
Anyone else sitting on the same network as you (such as your ISP) can record those requests and get a total idea of the websites you visit, even if all of your actual website traffic is encrypted.
Configuration complexity
Setting up your own DNS from scratch instead of using one bundled with a VPN is a lot more work.
It’s not terribly hard to load a new third-party DNS server into your network settings, but it’s definitely some amount of effort to set up your own custom DNS server from scratch. Misconfiguration could lead to issues like DNS leaks, degraded performance, or even loss of internet access.
You’ll also have to do more work to integrate malware blocking and phishing protection from other DNS lists, whereas VPN DNS servers do this automatically.
Should you use your own DNS with a VPN?
There are definite advantages to running your own DNS server with a VPN, but it all comes down to where your time is best spent. The DNS server that comes with your VPN is easy to set up, doesn’t require maintenance, and is pre-configured to give you the most private settings possible. If all you’re concerned about is privacy, it’s probably best to just leave the DNS settings to whatever your VPN provider recommends.
However, if you’ve already got some networking skills and you aren’t afraid of a little bit of admin work, running your own DNS server is a great way to verify that all of your traffic is being handled exactly the way you want. That’s especially true if you want to be able to quickly change your streaming settings.
While it’s not quite as difficult as running a whole VPN network, you should be aware that if you’re running a DNS server over a VPS you’ll end up having to think about the same sort of privacy issues: Is your hosting provider trustworthy with your data? Will your upstream DNS requests from a single IP uniquely identify you? Have you implemented encryption features properly? If these all sound like too much of a headache to think about, you should stick to using a VPN provider’s DNS.
