There is a rather useful document on DNS from 123-Reg called DNS Management Guide, which is well worth a read if you are new to DNS for internet domains.
You can use DNS servers as a way of filtering content on your network. Clearly this can be bypassed with a VPN but as basic home filtering and protection it is a reasonable option. One such service is Norton ConnectSafe.
One of the drawbacks of traditional DNS is that it is done in "plaintext", which is another way of saying it is not encrypted and hence a security/privacy leak. This is where DNS over HTTPS comes in, both Firefox and Windows have started to introduce this.
ipconfig /all
- show all the config for networking, including DNS information
nslookup www.example.com
- this will use the default DNS servers to lookup the IP address of the specified domain name, in this case www.example.com
nslookup www.example.com 1.1.1.1
- this will use the specified DNS server, 1.1.1.1 (which is Cloudflare) to lookup the IP address of the specified domain name, in this case www.example.com
Resolve-DnsName -Name www.example.com -Type A -Server 1.1.1.1
- this is a PowerShell alternative to nslookup
There are a few ways to get DNS information on macOS, as well as ways to check if DNS lookup is working, these commands should help.
scutil --dns
- will print out all the DNS configuration, where "resolver #1" should tell you the default DNS servers being used
system_profiler SPNetworkDataType
- this is comprehensive network configuration by includes DNS information
nslookup www.example.com
- this will use the default DNS servers to lookup the IP address of the specified domain name, in this case www.example.com
nslookup www.example.com 1.1.1.1
- this will use the specified DNS server, 1.1.1.1 (which is Cloudflare) to lookup the IP address of the specified domain name, in this case www.example.com
A good way to test whether your DNS resolution is working or not is with the following commands:curl -I 1.1.1.1
- this should return an HTTP 301, but it shows you can get to that IP addresscurl -I one.one.one.one
- this should also return a 301, but it needs to resolve a domain name to work
There are better tests, but this is quick and easy. See curl for an explanation of the curl command.