What is Recursive DNS?
A DNS server that resolves domain names on behalf of clients by querying the DNS hierarchy, creating a log of every website you visit.
Your recursive DNS resolver is one of the most privacy-sensitive services you use — it sees every domain name you look up.
The Default Problem
- By default, your ISP provides your recursive DNS
- Your ISP logs every domain lookup
- This creates a complete browsing profile even with HTTPS
- ISPs may sell this data or share it with government
Privacy-Focused Alternatives
- Quad9 (9.9.9.9): Non-profit, blocks malware domains, no logging
- NextDNS: Customizable filtering, minimal logging, Swiss-based
- Cloudflare (1.1.1.1): Fast, logs purged after 24 hours
- Mullvad DNS: No logging, available over DoH and DoT
Best Practice
Use DNS-over-HTTPS or DNS-over-TLS to encrypt your DNS queries. Without encryption, even a privacy-focused DNS provider can have your queries intercepted in transit.
Related Terms
DNS over HTTPS
A protocol for performing DNS resolution via the HTTPS protocol. It encrypts DNS queries, preventing ISPs, network administrators, and attackers from seeing which websites you're trying to visit.
DNS over TLS
A protocol that encrypts DNS queries using TLS, preventing ISPs and network observers from seeing which websites you're looking up.
DNS Poisoning
An attack that corrupts a DNS resolver's cache, redirecting users to malicious websites even when they type the correct address.
Have more questions?
Use our guided flow to get the right next privacy step for Recursive DNS.
Open Guided Flow