One can also configure your DNS Resolution in your local machine; not just in your router. This has a few benefit.
It’s router agnostic. If you were to use a laptop in a public wifi or anywhere else, your machine would still route your traffic to your desired DNS nameservers and not that of the wifi’s ISP.
Secondly, if you were to use a VPN, it adds that extra layer protection from DNS leakage. DNS Leakage happens when your DNS queries goes through undesired DNS nameservers – ISP’s to name a few – before having your requested traffic tunneled through your Virtual Private Network (VPN). That defeats the whole purpose of having a VPN. What you want is to route all traffic, both the content requested and the DNS queries, through your VPN.
On Debian-based distros, make sure that systemd-resolved & resolvconf is installed.
$ sudo apt install systemd-resolved resolvconf -y
Enable, start the services systemd-resolved and check:
$ sudo systemctl enable systemd-resolved
$ sudo systemctl start systemd-resolved
$ sudo systemctl status systemd-resolved
Edit the systemd-resolved configuration:
$ sudo nano /etc/systemd/resolved.conf
Add or modify these lines, then save:
[Resolve]
DNS=8.8.8.8
FallbackDNS=8.8.4.4
DNSStubListener=no
Side-note, the above resolves to DNS nameservers belonging to Google’s. CloudFlare’s 1.1.1.1 & 1.0.0.1. A quick google search yields many more public DNS nameservers you can choose.
Restart systemd-resolved:
$ sudo systemctl restart systemd-resolved
Now, configure NetworkManager to use systemd-resolved:
$ sudo nano /etc/NetworkManager/NetworkManager.conf
Add or modify the following:
[main]
dns=systemd-resolved
Restart NetworkManager & create a symlink for resolv.conf:
$ sudo systemctl restart NetworkManager
$ sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
Done. Do a quick google search on testing DNS Leakage. They all should return you your desired public DNS nameservers & not of your ISP’s.