How to Change DNS Settings on Mac

Step-by-step guide to changing DNS on macOS Sequoia, Sonoma, and Ventura. Covers Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9, and how to verify the change worked.

dns macos networking privacy sequoia

Your internet connection uses your ISP’s DNS servers by default. You never chose them, you probably don’t know their addresses, and they may be slower, less private, or less secure than the alternatives. Changing DNS on Mac takes about two minutes and can make a noticeable difference.

Why you’d change your DNS server

Speed. Your ISP’s DNS servers are often not optimized. Cloudflare and Google operate DNS infrastructure at massive scale specifically designed for low latency. In many regions, switching to a public DNS resolver results in faster page load times, because the DNS step of connecting to a website resolves faster.

Privacy. Your DNS provider can see every domain you visit. Your ISP’s DNS logs are yours to keep or sell, depending on their privacy policy and local regulations. Cloudflare’s 1.1.1.1 explicitly does not log query IP addresses and has that commitment audited by a third party.

Security. Quad9 (9.9.9.9) cross-references DNS queries against threat intelligence feeds. If you try to visit a known malware or phishing domain, Quad9 blocks the query before your browser ever connects.

Parental controls. Cloudflare’s 1.1.1.3 blocks adult content at the DNS level. Google has a similar filtered option. This is not perfect protection, but it works without installing anything on the device.

Geo-restricted content. Some DNS providers have faster paths to content delivery networks. A few specialized DNS services (like NextDNS) also offer features for managing access. Changing DNS alone does not give you VPN-level access, but it can improve routing in certain situations.

How DNS actually works

When you type a domain name into your browser, your Mac asks a DNS server what IP address corresponds to that name. Normally this request goes to your ISP’s server. If you change the DNS setting, it goes to your chosen server instead.

The change is system-wide by default, affecting all apps and browsers. DNS configuration lives in Network settings, not in any browser.

Which DNS server to use

Three public DNS options cover most use cases:

Cloudflare 1.1.1.1 — Generally the fastest globally, with a privacy-first policy. Primary: 1.1.1.1, Secondary: 1.0.0.1. If you want the malware-blocking variant, use 1.1.1.2 (primary) and 1.0.0.2 (secondary). Adult content filtering: 1.1.1.3 / 1.0.0.3.

Google 8.8.8.8 — Reliable and fast, backed by Google’s infrastructure. Primary: 8.8.8.8, Secondary: 8.8.4.4. No content filtering. Google does log queries with your IP, though it claims to anonymize them after 48 hours.

Quad9 9.9.9.9 — Focused on security. Primary: 9.9.9.9, Secondary: 149.112.112.112. Blocks domains known to serve malware and phishing based on threat intelligence feeds. Good default choice if you want passive protection without thinking about it.

All three are free and require no account. For most people, Cloudflare 1.1.1.1 or Quad9 9.9.9.9 are the best starting points.

How to change DNS on macOS (Sequoia and Sonoma)

Apple renamed System Preferences to System Settings in macOS Ventura (13). If you are on Ventura, Sonoma (14), or Sequoia (15), follow these steps:

  1. Open System Settings (from the Apple menu or Dock).
  2. Click Network in the sidebar.
  3. Select your active network connection. If you are on Wi-Fi, click Wi-Fi. If you are wired, click Ethernet.
  4. Click the Details button next to your connected network.
  5. Click the DNS tab.
  6. In the DNS Servers list, click the + button to add a new server. Type the primary address (e.g., 1.1.1.1) and press Return.
  7. Click + again and add the secondary address (e.g., 1.0.0.1).
  8. If you want to remove the existing ISP-assigned DNS entries, select each one and click the button.
  9. Click OK, then click Apply.

The change takes effect immediately for new connections. Existing browser tabs may still use cached DNS results for a moment.

How to change DNS on macOS Monterey or earlier

If you are still running Monterey (12) or Big Sur (11), System Preferences is the path:

  1. Open System Preferences.
  2. Click Network.
  3. Select your active network connection in the left sidebar.
  4. Click Advanced.
  5. Click the DNS tab.
  6. Use the + and buttons to add or remove DNS servers.
  7. Click OK, then Apply.

Same result, just a different path to get there.

Changing DNS for a specific network only

The settings above apply to a single network connection. If you want different DNS on your home Wi-Fi versus coffee shop Wi-Fi, configure each network separately. macOS remembers per-network settings.

If you want a single DNS configuration that follows your Mac everywhere, regardless of network, consider a tool like NextDNS or a local DNS resolver that runs as a background service. That is more involved than a basic DNS change.

How to verify the DNS change worked

After saving the new settings, confirm the change actually took effect.

Using Terminal:

dig example.com

Look at the SERVER: line in the output. It should show your new DNS server’s address. If you set 1.1.1.1, you should see something like SERVER: 1.1.1.1#53.

Alternatively:

nslookup example.com

The first line of output shows the server used: Server: 1.1.1.1.

Using NetUtil:

After making the change, you can verify it worked by opening NetUtil and running a DNS lookup. If the response comes from your new resolver, the change is live. NetUtil shows the responding server in the results, so you can confirm at a glance without learning any Terminal syntax.

If the server still shows your ISP’s address:

Try turning Wi-Fi off and back on, or disconnecting and reconnecting Ethernet. macOS sometimes holds onto a DHCP-provided DNS address until the connection refreshes. You can also flush the DNS cache with:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

Then run the dig check again.

What DNS changing does not do

DNS is not a VPN. Changing your DNS server does not:

  • Hide your IP address from websites
  • encrypt your browsing traffic
  • Let you access services geo-blocked at the IP level

For encrypted DNS (so your ISP cannot see even which DNS server you are querying), you need DNS over HTTPS (DoH) or DNS over TLS (DoT). macOS does not have a built-in setting for this. You would need a tool like NextDNS’s app or a local proxy.

For privacy from IP tracking, you need a VPN or Tor. DNS alone handles a narrow part of the picture.

Reverting to the default

If something breaks after changing DNS, or you just want to go back, return to the DNS settings and delete the servers you added. With an empty list, macOS falls back to whatever DNS addresses your router provides via DHCP, which is usually your ISP’s servers.

You can also click and drag entries in the DNS list to reorder them. The first server in the list is queried first; the second is the fallback if the first doesn’t respond.

A quick performance note

If you are comparing DNS performance across providers, the tool dnsperf can benchmark query times. For a less technical check, the macOS app DNS Benchmark (from GRC) runs timed queries against many servers and ranks them by latency from your location. What is fastest in one region may not be fastest in another.

For most users, Cloudflare 1.1.1.1 tests well globally. The difference between top-tier providers is usually under 20ms, which is not perceptible in everyday browsing but can add up on pages that load many assets from many domains.