MODULE 09
Network Hardening
Your router may use your ISP's DNS by default. Review your DNS settings and reduce unnecessary visibility.
The Problem: What Your ISP Sees
WITHOUT PROTECTION
- ISP sees every domain you visit
- ISP DNS logs your entire history
- ISP can sell this data (and does)
- Government can request your logs
- Your IP address is public to every site
- DNS queries can be intercepted
WITH FULL PROTECTION
- VPN encrypts all traffic from ISP
- Privacy DNS stops domain logging
- No-log VPN means no activity record
- Encrypted DNS (DoH/DoT) prevents interception
- IP masked from sites you visit
- Router-level DNS protects all devices at once
Hardening Checklist
Privacy DNS Servers
Replace your ISP's DNS with one of these. Set on your router to protect every device at home.
| PROVIDER | PRIMARY DNS | SECONDARY DNS | LOGS | BLOCKS ADS/TRACKERS | NOTES |
|---|---|---|---|---|---|
| Mullvad | 194.242.2.2 | 194.242.2.3 | NONE | YES | Best overall. Supports DoH ↗ |
| Cloudflare 1.1.1.3 | 1.1.1.3 | 1.0.0.3 | MINIMAL | YES | Blocks malware & adult content. Fast. Setup ↗ |
| NextDNS | Custom | Custom | OPTIONAL | YES (custom) | Fully configurable blocklists. Free tier. Setup ↗ |
| AdGuard DNS | 94.140.14.14 | 94.140.15.15 | MINIMAL | YES | Blocks ads and trackers. Setup ↗ |
| Quad9 | 9.9.9.9 | 149.112.112.112 | NONE | MALWARE ONLY | Non-profit. Blocks malicious domains only. Setup ↗ |
| Google 8.8.8.8 | 8.8.8.8 | 8.8.4.4 | YES | NO | Avoid: logs all queries and uses for profiling |