DNS is basically the address book of the internet – it is was associates IP addresses to the plain-english website address you know. So when you go to www.reddit.com, your computer will query a DNS server to learn what IP address the Reddit servers use, and _that_ is what allows you to connect to the website.

For an ELI5 analogy, if you want to send a letter to Bob Smith, you can’t just write “Bob Smith” on the envelope and expect the post office to know what to do – you’d look up Bob Smith in the phonebook (lol, dating myself here) and get Bob’s address, which you write on the envelope. **That** is what tells the post office what to do with the letter.

While the master DNS is run by a non-profit entity, most ISPs will cache DNS entries locally to speed things up. This means that when you go to a website, you are probably querying your ISPs DNS to get the IP address first.

This means that your ISP has a record of every website you visit. They don’t know what you did there (HTTPS protects against snooping) but they do know where you went. Since they know _your_ IP address as well, they have a full list of every website you go to thanks to DNS queries. This can be used for targeted advertising, best case, and actively monitoring your behavior, worst case.

Using a service like Quad9 means that you _don’t_ go to your ISPs DNS, which means they don’t have DNS query records (though they can still track you other ways).

It also protects against what are known as “man in the middle” attacks. Since DNS is the master address book, if you control said address book you can direct web traffic to any IP address you like. This means that when going to www.reddit.com, you _could_ be directed to a spoofed website that attempts to harvest your login credentials instead of Reddit proper.

Now, this is less of a concern for two reasons:

– Your ISP is not going to be sending you to spoofed websites. A random public wifi might, but you can trust your ISP in this regard.

– Spoofed websites won’t pass HTTPS checks, so your browser will warn you that the website is likely fradulent.

Less of a concern, but still worth mentioning.

DNS, or Domain Name System, is kinda like a phone book. You can go in and find the address of a website that you want to visit just by knowing its name/domain.

For example, “google.com” isn’t a real address, but rather a name we gave to the address to make it easy to remember the website.

When you want to go to Google, your browser goes and asks a DNS server for Google’s address and loads the website using that address.

Just like looking up a business’s phone number and calling them.

Quad9 is a DNS provider who advertise privacy and security if you switch. However, the privacy argument is moot.

Because DNS works by having you ask for addresses, any DNS provider can store that information. Changing your DNS just changes who has access to that info.

Quad9 says their DNS is private because you’re not using your ISP’s DNS (which may or may not be logging/or selling your data).

For additional privacy and security, there are many ways to send your DNS queries encrypted to Quad9 in various devices so they cannot be logged/tampered with by your ISP or any network in between you and Quad9:
[https://support.quad9.net/hc/en-us/sections/360008303792-Personal-Computer-Configuration-with-Encryption](https://support.quad9.net/hc/en-us/sections/360008303792-Personal-Computer-Configuration-with-Encryption)

[https://support.quad9.net/hc/en-us/sections/360009687872-Mobile-Device-Configuration](https://support.quad9.net/hc/en-us/sections/360009687872-Mobile-Device-Configuration)

[https://support.quad9.net/hc/en-us/sections/360009580732-Other-Device-Configuration-](https://support.quad9.net/hc/en-us/sections/360009580732-Other-Device-Configuration-)