If you use your mobile phone for almost everything and also share your connection with other devices, turning it into a secure access point with custom DNS is one of those settings that make a difference in privacy and controlYou don't need to be a networking guru: by understanding four key concepts and tweaking a couple of settings, you can improve speed, security, and reduce snooping on operators and public WiFi networks.
It is also very common that, when pulling the mobile hotspot To provide internet access to a laptop or tablet, we might wonder if that protection extends to all devices. The answer is nuanced: it depends on how you configure the DNS on Android, iPhone, router or appsSecurity can be applied only to the phone or extended (in part) to connected devices. Let's look at everything calmly and with a practical approach, without unnecessary technicalities.
What is DNS and why should you care?
The DNS, acronym for The Domain Name System works like the internet's contact list.You type a convenient name like "google.com" or "xatakandroid.com", and underneath, your device needs a numerical IP address (for example, 216.58.211.142) to reach the correct server. The DNS server is responsible for translating that name into its corresponding IP address.
Typically, your mobile phone, your router, or the WiFi network you connect to uses the DNS assigned by default by the internet providerIt usually works without you having to do anything, but it has one major drawback: these DNS queries normally travel in clear text and, incidentally, become a goldmine of data about what you visit.
When your phone requests a domain's IP address, that request almost always passes through the provider's DNS servers. Therefore, Your internet provider knows which websites you're trying to open.However, you may not always be able to see the content if you're browsing with HTTPS. Furthermore, DNS servers are used in many countries to block websites: they simply stop resolving certain domains, making it appear to the user that the website is down.
For all these reasons, managing this part of the connection yourself opens the door to improve performance, strengthen privacy, and bypass certain filters or blocksAnd yes, it also helps you turn your mobile phone into a much more secure hotspot than the one it comes with from the factory.
Disadvantages of traditional DNS and real risks
Classical DNS has a fundamental problem: queries are not encrypted or authenticatedThis means that, on a normal connection, anyone who controls the network (an attacker, the owner of the public WiFi, or your ISP) can see which domains you are accessing, manipulate the response, or even redirect you to a fake site.
A typical example is found in many free Wi-Fi networks in hotels, airports, or cafes. When you open any website, instead of going to the site you wanted, a login page or advertisement appears first. This is achieved precisely by modifying the DNS server response to display a different website the one you had asked for.
That same technique, if it falls into the wrong hands, allows for much more serious attacks. A cybercriminal could redirect you to a phishing page that mimics your bank's websiteor to a site that downloads malware, simply by returning a falsified IP address in the DNS response.
Another common use of DNS control is content filtering. The same mechanism can be used to block access to objectionable websites, download services, or specific content, without the user seeing any clear message. The website is not working and gives an error, as if it had disappeared.It is a simple form of technical censorship used both in corporate networks and at the operator level.
Nor should we forget the advertising aspect. When your provider knows in detail the domains you search, they can to create very precise profiles of your habits and use that information to segment ads, sell aggregated data, or apply somewhat aggressive commercial policies.
What are the benefits of changing DNS servers?
Changing the DNS settings on your mobile phone, computer, or router isn't just a geeky whim. By choosing your own server, you can gain in several ways: speed, privacy, security, and unlocking certain contentThe improvements aren't always spectacular, but they are very noticeable in everyday life.
First, there are performance issues. Some public resolvers have highly optimized infrastructure, with many nodes distributed around the world. This means that when querying a website's IP address, The response arrives sooner and the pages start loading fasterYou're not going to switch from ADSL to fiber optic by magic, but you can shave off a few milliseconds of latency that make a noticeable difference when making many queries.
Secondly, many alternative DNS services claim to have stricter privacy policies than those of your carrierCloudflare, for example, states that it does not sell your query data and cleans up logs within a few days, while Quad9 boasts of minimizing the information collected and focusing on security.
The third pillar is protection. Some providers, such as Quad9 or certain OpenDNS and NextDNS profiles, integrate blacklists of domains containing malware, phishing, botnets, or invasive advertisingThus, if you try to access (consciously or not) a dangerous website, the DNS itself blocks the request and prevents the malicious page from loading.
Finally, there's the issue of blocking. Since many governments and carriers apply DNS-level censorship, the moment you switch to A third-party server outside of your control can bypass some of those filtersIt doesn't always work in every case, but for many "mysteriously down" websites, simply using a different name provider is enough.
Recommended DNS servers: speed, privacy, and security
When choosing a DNS provider, there's no single clear winner. It depends on where you live, how much you value privacy, whether you prefer speed or security, and generally on... What compromises are you willing to accept?Even so, there are several very popular and well-regarded services that are worth keeping an eye on.
One of the veterans is Google Public DNS. Its IPv4 addresses are 8.8.8.8 and 8.8.4.4For IPv6, it offers 2001:4860:4860::8888 and 2001:4860:4860::8844. These are free, fast, and very stable resolvers, and they also support encryption using DNS-over-TLS and DNS-over-HTTPS with the hostname. dns. google, which is used in Android's private DNS mode.
Another major player is Cloudflare with its famous 1.1.1.1For IPv4, 1.1.1.1 and 1.0.0.1 are used, and for Android with private DNS, the host is usually 1dot1dot1dot1.cloudflare-dns.com or similar options like one.one.one.one. Cloudflare places special emphasis on privacy and assures that purge the records in a short period of timeFurthermore, it often tops speed rankings such as DNSPerf.
If security is a major concern, Quad9 is another very interesting option. Its most well-known IP address is 9.9.9.9 And for Android private DNS, the typical host is dns.quad9.netThis project specializes in blocking access to domains containing malware, phishing, and other risks, thereby It acts as a security filter at the name resolution level., even before the website loads in the browser.
Configurable services like OpenDNS (owned by Cisco) or NextDNS also come into play. These allow you to adjust content filtering profiles, parental controls, ad blocking, and detailed activity logging. With them, you can design custom policies, for example, to limit access on children's devices or in work environments.
Before making a decision, it's worth trying several providers and checking their performance from your location. Which is faster between Cloudflare and Google?. tools like DNSPerf compares latency and availability of different DNS servers from many parts of the world, which serves as a guide to choose the one that best suits your region.
Secure DNS: DoH, DoT, DNSCrypt and Private DNS
When we talk about secure DNS, we're actually referring to how queries travel between your device and the server. Instead of going in plain text, newer protocols like DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) encrypt DNS traffic so that no one in between can easily snoop, modify, or block the answers.
DNS-over-HTTPS encapsulates requests within normal HTTPS connections, typically using port 443. This makes it it becomes more difficult for a provider or censor to distinguish DNS traffic of the rest of web browsing, so it's much harder to block it without taking down half the internet in the process.
DNS-over-TLS, on the other hand, encrypts queries using the TLS protocol, similar to HTTPS but specifically designed for DNS. It's the method Android uses by default when you talk about... Private DNS in modern versions of the systemThat is why it is considered the most direct option at the system level.
DNSCrypt is another approach that also adds encryption and authentication to requests, although in practice it has been somewhat overshadowed by DoH and DoT. Even so, there are services and clients that support it, especially among advanced users. They set up their own resolvers or protected networks.
In Android 9 and later versions, the private DNS option should have been called “Secure DNS” instead, because What you're doing is forcing the queries to be sent encrypted. to a server that supports DoT. You're not setting up your own DNS at home, but choosing a provider that offers this type of secure access.
Secure DNS and VPN: allies, not substitutes
It's easy to get confused: enabling encrypted DNS greatly improves the situation, but it's not the same as using a VPN. With secure DNS, Only name queries are protectedThe rest of the traffic (websites, videos, downloads) will continue to depend on whether the page uses HTTPS and other factors.
A VPN, on the other hand, creates an encrypted tunnel between your device and a remote server. Everything that leaves your phone (or almost everything, if it's properly configured) travels through the VPN. encapsulated and encrypted all the way to the VPN serveralso changing the outgoing IP address seen by websites and services.
There are commercial VPN services that already include their own protected DNS, so when you connect, you not only change your IP address, but also You prevent DNS leaks to your operator.Others allow you to choose whether you want to use the provider's DNS, third-party DNS, or even your own home server.
Ideally, if you're seriously concerned about privacy and security, you should combine both: activate a Secure DNS at the system level And, when needed, connect to a VPN that manages the resolutions. However, it's advisable to check your VPN's documentation, as some apps may ignore Android's private DNS settings. use their own default resolvers.
In any case, if you're just starting out, setting up encrypted DNS is already a huge leap forward compared to the traditional scenario. Then, if you want to go a step further, you can Add the VPN layer to shield all trafficespecially on public networks or when traveling.
How to change DNS on your Android phone
On Android, the way to customize DNS settings depends heavily on the version your phone is running. From Android 9 (Pie) onwards, we have the option to Private DNS, which applies to the entire system and works with mobile data and WiFiWhereas in older versions you can only adjust the DNS settings on each WiFi network separately.
Furthermore, each manufacturer invents its own names for the menus. What appears as "Network & Internet" on a Pixel phone might be called "Connections" or "Connection Settings" on a Samsung. Even so, The general logic and steps are very similar in most models.
In the case of recent Samsung Galaxy devices, for example, the path is usually Settings > Connections > More connection settings > Private DNSOn other Android devices, the usual way is to go to Settings > Network & Internet (or similar) > Advanced > Private DNS. Once there, you'll see several options to select.
If you choose "Automatic", the system attempts to use encrypted DNS with the server provided by the network, but if it is not available, silently returns to the traditional modeTo force a specific provider, select "Private DNS provider hostname" and enter the correct domain.
Keep in mind one important detail: in the private DNS section, Android It does not accept numeric addresses like 1.1.1.1 or 8.8.8.8You should always enter the hostname provided by your provider, such as dns.google, one.one.one.one, or 1dot1dot1dot1.cloudflare-dns.com, depending on the service you want to use.
Configure private DNS on Android 9 and later versions
If your smartphone runs Android 9 or higher, you're in luck because you can set a single, secure DNS provider for your entire system. This setting This applies to both WiFi and mobile data.and therefore also impacts the hotspot you create from the same device.
The general steps to enable private DNS on modern Android devices are very similar, although the exact path may vary slightly depending on the brand. On most phones, simply go to Settings > Network & Internet (or Connections) > Private DNSand choose the option to specify a provider by hostname.
Once inside the private DNS screen, select "Private DNS provider hostname" and enter, for example, dns. google If you want to use Google Public DNS with encryption, or one.one.one.one for the Cloudflare service. After tapping Save, the mobile will check the connection and, if everything is working correctly, will start using that secure DNS.
If you make a mistake typing the domain or the server stops responding, you'll notice that suddenly No websites load even if you have network coverage or WiFi.This is normal: without name resolution, the internet seems down. To fix it, go back to your private DNS settings and change the mode to "Automatic" or "Off" to restore browsing using your ISP's DNS servers.
In some cases, certain VPN apps or utilities that modify the DNS settings can interfere with this feature. Android 10 and later handles these interactions much better, but it's still a good idea to check afterward with an online verification tool to see what's happening. DNS is actually using your device when you connect.
Change DNS on Android 8 and earlier, network by network
If your phone is still running Android 8 or earlier, the global private DNS option won't be available. On these devices, the only solution is Manually modify the DNS settings on each WiFi network. whichever you connect to, which means repeating the process for home, work, etc.
The process usually begins by connecting to your desired Wi-Fi network and going to Settings > Wi-Fi or Settings > Network & Internet > Wi-Fi. Once you see the list of networks, tap or press and hold the one you're using and select the option to Modify network or advanced optionswhich is where the DNS setting is hidden.
In the advanced settings, you'll see an "IP Configuration" field or something similar, which will be set to "DHCP" by default. Changing it to "Static" unlocks the IP address, gateway, and, importantly, DNS 1 and DNS 2where you can write the servers you want to use.
In DNS 1 and DNS 2 you can enter, for example, 8.8.8.8 and 8.8.4.4 for Googleor 1.1.1.1 and 1.0.0.1 if you prefer Cloudflare. Then save the changes, the phone will reconnect to the network, and from that moment on, resolutions for that Wi-Fi will go through the DNS servers you entered.
If at any point the network starts to fail or you want to return to the router's settings, simply go back to that screen and change the IP address back to "DHCP". With that, The name servers provided by the access point are automatically restored. and you stop depending on what you had written by hand.
Turn your mobile into a secure hotspot with custom DNS
Now comes the interesting part: what happens when you activate tethering or a personal hotspot on your mobile phone? The idea is that, if the phone uses a secure DNS at the system level, Devices connected to your hotspot inherit that protectionThe reality, however, is somewhat more complex and depends on how the system manages the distribution of DNS by DHCP.
By default, when you turn your mobile phone into a WiFi hotspot, it acts as a kind of small routerIt assigns private IP addresses to connected devices (laptop, tablet, console, etc.) and tells them which DNS servers should they use to resolve domainsNormally, these DNS servers are the ones that the mobile phone itself receives from the operator's network.
If you've configured private DNS on Android, the queries made by the phone itself will be encrypted. However, that doesn't automatically mean that Devices connecting to your hotspot should also use that same secure DNS.Many models still advertise the operator's server to customers, so only the mobile phone is protected.
This means that if you want consistent DNS protection across all devices that rely on your tethering, you may very well need to Configure DNS manually on each client device (laptops, tablets, etc.). At least that way you ensure they're not using a server you don't control.
Another, slightly more advanced option is to set up your own encrypted DNS server at home (for example, with AdGuard Home or a resolver with DoH/DoT) and connect to it from your mobile device. The problem is that for it to work outside your local network, you usually need to... Exposing that server to the internet through open portswhich introduces additional risks if it is not very well insured.
Use AdGuard Home and Home DNS with your Android
If you already have a home DNS server set up with AdGuard Home or another solution, the simplest thing to do is usually to configure it on your home router so that All devices connected via WiFi or cable should use that DNS without any further adjustments.This is how you filter ads, malware, and other junk at the local network level.
The problem arises when you leave home and want to continue using that protection with your mobile phone, and, incidentally, that The devices that draw power from your hotspot will also benefit.There are several strategies, each with its pros and cons, and it's worth knowing at what point it's worth complicating your life.
One possibility is to give public access to your AdGuard Home using DNS-over-HTTPS or DNS-over-TLS, so you can configure that address as a private DNS on Android, wherever you are. This requires opening ports on your router and using valid certificates and serious security measuresBecause you're basically making your service accessible from the internet.
Another, more balanced option is to combine your home server with your own VPN (WireGuard, OpenVPN, etc.). This way, your mobile device connects to your VPN when you're away, and all traffic... including DNS queries, it goes through your home network and AdGuard HomeIt's more setup work, but you save yourself from exposing the resolver directly.
If all this sounds like too much "overkill" for your needs, the most practical solution is probably to use AdGuard Home at home through your router, and then switch to it when you're out and about. Configure a secure public DNS on your Android device. (Cloudflare, Quad9, Google…). For many users, it's the perfect balance between convenience and protection.
Does the mobile DNS also protect connected devices?
A very common question is whether simply activating DNS protection on your mobile phone is enough to... all devices connected to your internet share will be automatically coveredThe short answer is that, in most cases, not entirely.
As many systems are designed today, the phone acts as an improvised router when you share data, but the network parameters it distributes (including DNS) are usually those that the phone itself receives from the mobile network, not necessarily those of the private DNS you have configured for it.
As a result, your smartphone can browse with encrypted and filtered queries, while the laptop is connected to your hotspot. It keeps querying the operator's DNS servers as if nothing is wrong.From the ISP's point of view, you would barely notice any difference compared to connecting directly.
The surest way to ensure complete protection is to configure custom DNS on each client device. For example, on Windows, macOS, or Linux, you can access the network settings and manually specify the name servers that you want to use, regardless of what the mobile tells them via DHCP.
On iPhone or iPad, you can also adjust the DNS settings for each Wi-Fi network by going to Settings > Wi-Fi, tapping the "i" next to the network you're using (even if it's the Android hotspot), and changing the option to Configure DNS to "Manual" to write the addresses you prefer. It's a bit tedious, but it ensures that all traffic from those devices passes through the resolvers you control.
How to change DNS on iPhone and other devices
If you use an iPhone or iPad in addition to Android, you can also improve its DNS privacy, although the approach is slightly different. iOS doesn't have a built-in system-wide "Private DNS" setting; instead, It is configured via WiFi network or through specific profiles and apps..
The basic method involves going to Settings > Wi-Fi, tapping the "i" icon of the network you are connected to, and scrolling down to the section «Configure DNS»There you change the option from "Automatic" to "Manual", delete the existing servers and add your own DNS, such as 1.1.1.1 and 1.0.0.1 or 8.8.8.8 and 8.8.4.4.
Please note that this setting only applies to the specific network you configure it on. If you switch Wi-Fi networks, You will have to repeat the process For that new network. For mobile data and for more advanced control of encrypted DNS on iOS, there are apps in the App Store that install profiles with DoH or DoT, as well as tools for advanced users that manage custom configuration profiles.
On Windows, macOS, and Linux computers, the idea is similar: you go into the network adapter properties (WiFi or Ethernet) and replace the automatic DNS servers you want to useIn Windows, this is done from the "Network & Internet" section or the Network and Sharing Center; on Mac, from System Preferences > Network > Advanced > DNS; and in many Linux distributions, from Network Manager or by editing files such as /etc/resolv.conf.
A very powerful alternative, if you don't want to do it device by device, is to modify the DNS at the router level. By accessing your router's web interface, there's usually a WAN or Internet section where you can specify Primary and secondary DNS for the entire local networkBy saving and restarting, all devices that obtain their IP address via DHCP will inherit those resolvers without you having to touch anything else.
Ultimately, the more consistent your DNS settings are across your devices, the easier it will be to control what gets filtered, what gets logged, and What level of privacy and security are you actually getting?.
DNS is much more than just a name translator: it's a key component of your internet connection that can speed up website loading, prevent attacks, bypass blocks, and limit how much information you share with third parties. By configuring secure and personalized DNS settings on your Android phone, and complementing this with adjustments on your iPhone, computers, and routers, you can ensure that both your daily browsing and your mobile hotspot work in your favor, not the other way around, maintaining a better balance between speed, freedom, and security without unnecessary complications.
