How to find and change the DNS used in Windows 11: methods, commands and tricks

If you've noticed sluggish browsing lately or are worried about who sees which websites you visit, it's worth taking a closer look. Which DNS servers is your PC using? Windows 11. Identify the active DNS, understand what it does, and change it if necessary. It can speed up loading, improve privacy, and even bypass blocks from some carriers.

In this guide I'll tell you all about it in detail: from locate the current DNS with various methods integrated into Windows, including diagnostic tools and a technical look at how queries work. You will find clear steps, commands useful and recommendations so you can choose the configuration that best suits your needs.

What is DNS and why do you care which one you're using?

The DNS (Domain Name System) translates easy-to-remember names like example.com into IP addresses that computers understand. Without DNS, you wouldn't be able to... type domainsYou would have to memorize IPs, which is impractical and prone to errors.

By default, the DNS is provided to you by router via DHCP, which in turn usually points to your ISP's servers. This isn't always ideal: there may be more latency, filters, or less privacy than using public alternatives like Cloudflare or Google.

By choosing other DNS servers you can gain several things: Faster resolution, more privacy, bypass blocks and filtersor even activate security and parental control features if you use specialized services.

Furthermore, today there are DNS that support request encryption (DoH/DoT). Cloudflare (1.1.1.1 and 1.0.0.1) and Google (8.8.8.8 and 8.8.4.4) They are known for their speed and support of modern standards.

How to see which DNS servers Windows 11 uses

Windows 11 offers several ways to check the DNS servers in use. Choose the one that's most convenient for you; they all show you the addresses of your current DNS servers (IPv4 and IPv6):

From the Settings app

This method is quick and visual, ideal if you don't feel like using the console. Open Settings with Windows + I and enters Network and Internet.

• At the top, click on Properties for your network (Wi-Fi or Ethernet). Look for the DNS Servers sectionYou will see the addresses in use.
• For more details, go to Advanced network settings and then to View additional adapter properties. IPv4 and IPv6 DNS are listed if you have them configured.

From the classic Control Panel

If you prefer the traditional panel, follow these steps. Press Windows + R, writes ncpa.cpl and confirm to open the network connections.

• Right-click on your active adapter (Ethernet or Wi-Fi) and choose Status.
• Click on Details and locate the DNS Servers line. There you have the configured addresses.

Using CMD: ipconfig /all

The console is always there when you need it. Open the Symbol of the system (cmd) as administrator and run:

ipconfig /all

In the output, under your active adapter, you will see the DNS Servers section with the addresses. It is a reliable and fast method to leave a textual record.

With PowerShell: Get-DnsClientServerAddress

If you're more comfortable with PowerShell, there's also a native cmdlet. Open PowerShell as administrator and launch:

Get-DnsClientServerAddress

You will obtain, via the interface, the DNS addresses in use for IPv4 and IPv6. This is especially useful on devices with several NICs.

IPAM on Windows Server (professional environments)

In enterprise networks, you can view the DNS records associated with an IP address from IPAM. With administrator privileges on the server:

1. Open Server Manager and go to IPAM.
2. In IP Address Space > IP Address Inventory (IPv4/IPv6), select the IP address of interest.
3. In Details View, click DNS Resource Records. You will see the linked RRs.

Third-party tools (for measuring performance)

If you want to know which one performs best, there are utilities like DNS Benchmark or Namebench that test and rank servers by latency. These tests help you choose the fastest DNS for your location.in addition to valuing stability.

How to change DNS in Windows 11 step by step

There are several ways to manually configure DNS. Here's one, which works the same in Windows 10 and 11. This will help you configure IPv4 and, if applicable, IPv6.:

1. Press Windows + R, type ncpa.cpl and press Enter.
2. Right-click on your network adapter (Ethernet or Wi-Fi) > Properties. In the list, select Internet Protocol version 4 (TCP / IPv4) and press Properties.
3. Select Use the following DNS server addresses.
4. Enter preferred and alternate DNS. Example (Cloudflare): 1.1.1.1 and 1.0.0.1Example (Google): 8.8.8.8 and 8.8.4.4.
5. Accept and repeat the process in Internet Protocol version 6 (TCP/IPv6) if you are using IPv6. You can check if you have IPv6 enabled on sites like testmyipv6.com.

After changing, clear the system resolver cache to avoid old answers remaining in memory. Open CMD as admin and runs:

ipconfig /flushdns

If for any reason you experience DHCP problems or prefer to renew leases, you can use: ipconfig /renew to force renewal (This affects the IP address and parameters obtained via DHCP, not just the DNS).

Commands and tricks for diagnosing DNS (CMD and PowerShell)

nslookup: the Swiss Army knife of DNS in Windows

nslookup comes standard and is used to validate responses, query specific servers, and view TTL, among other things. To enter interactive mode:

nslookup

Direct name lookup (registry A/YYYY by default). Simple and useful for checking resolution:

nslookup ejemplo.com

Reverse lookup (IP to name): Useful for checking if a PTR exists:

nslookup 162.243.68.201

Query a specific DNS server (for example, Cloudflare): ideal for comparing answers between solvers:

nslookup ejemplo.com 1.1.1.1

Choose record type (MX, NS, SOA, TXT, SRV, etc.). With set q= you can switch between types without exiting:

nslookup
set q=mx
ejemplo.com
set q=ns
ejemplo.com
set q=soa
ejemplo.com

Detailed mode to view headers and TTL of responses. Very useful for detecting outdated cache:

nslookup -debug ejemplo.com

PowerShell: Resolve-DnsName and company

PowerShell offers powerful cmdlets with structured output. The equivalent of nslookup is Resolve-DnsName:

Resolve-DnsName ejemplo.com

Specifying the log type in PowerShell is as simple as adding a parameter. Remember that -Type is case-insensitive:

Resolve-DnsName ejemplo.com -Type MX

For latency/network, the "nice" ping in PowerShell is Test-Connection. Useful for measuring response to a DNS server (e.g., 8.8.8.8):

Test-Connection 8.8.8.8

The route layout is still called the same as in CMD. tracert helps to see where the packets go.:

tracert www.ejemplo.com

ipconfig: view, clear, and log

In addition to /all, there are subcommands that are useful to have on hand. To list the computer's local DNS cache:

ipconfig /displaydns

To clear the cache and ensure that you query the server again after a change. Use it whenever you change your DNS:

ipconfig /flushdns

On domain-joined computers, /registerdns creates or updates your host's A/AAAA record in corporate DNS. Does not affect public DNS servers:

ipconfig /registerdns

A useful .bat when starting Windows

If you need to see your network parameters at each BootYou can program a simple .bat file. Save it in the Startup folder of the Programs menu to run at login:

ipconfig /all
ipconfig /renew
pause

To save it: open Notepad, paste the lines and choose File > Save as “DNS.bat”. Place it in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Enable the view of hidden items if you don't see it). Remember: /renew renews the DHCP lease.

How the DNS resolution process works (recursion, iteration, and caching)

To understand many errors (or differences between answers), it is helpful to know the process. A DNS query includes the FQDN, the record type, and the class (IN on the Internet)..

Some common record types and their numeric identifiers are as follows. They allow the client and server to speak the same language:

Use cases	ID
A	1
YYYY	28
SOA	6
SRV	33

Recursion vs. Iteration

When your computer queries its configured DNS server, it typically requests recursion: The server is responsible for resolving the fully qualified domain name by querying other servers. If it is not known. If recursion is disabled or the client does not request it, a reference is returned and the client can continue the iteration on its own.

The Windows DNS client does not perform recursion itself; will delegate that responsibility to the configured serversTherefore, if you turn off recursion on your server and don't have any useful forwarders, there will be names that won't resolve.

DNS search index and suffixes

If you query a name with a single label (for example, "intranet"), Windows can try adding configured DNS suffixes until it resolves. This is called a suffix search list and it is applied from the first to the last. If there is no specific list, the team's primary suffix is ​​used and, if name return is enabled, one level is "returned".

Cached information and TTL

Servers and clients cache responses (positive and negative) during There indicated by the TTL. The minimum TTL usually comes from the SOA registration of the zone (often 3600 seconds, an hour), although this can be adjusted per registry entry. Restarting the DNS service clears the server cache.

Typical responses from a DNS server

• AuthoritativeThe server responds authoritatively to that name.
• Positive: includes the requested RR or a set of RRs that fits.
• Reference: provides records that help to continue asking (when there is no recursion).
• Negative: the name does not exist or there is no RR of the order type.

If a response does not fit in a UDP packet, the server can switch to TCP 53 with the client. This ensures you receive the complete answer. even if it's big.

How to solve a server step by step (summary)

When a recursive server receives a query it doesn't know, it pulls root suggestions (root hints) to go down the name tree until you find the authoritative server. At each hop, it can cache information. to speed up future queries.

Waiting times and query order in the Windows client

Windows adaptively adjusts wait times based on the performance of previous queries. starting with shorter windows (25–1000 ms) in the first waitFurthermore, if you configure multiple DNS servers and multiple adapters, the client follows a staggered order:

1. Send the query to the first DNS of the preferred adapter and wait approximately 1 second.
2. If there is no response, it sends to the first DNS of the remaining adapters considered and waits ~2 seconds.
3. If there is still no response, send to all DNS servers of all adapters considered and wait ~2 seconds.
4. Repeat the sending process, extending the wait to ~4 seconds.
5. Extend the wait to ~8 seconds if there is still no response.
6. If no one responds in ~8 seconds, it returns a timeout; Mark as temporarily non-responsive to the problematic DNS of the affected adapter (~30 s).
7. If a negative response is received from a server, Discard the other servers on that adapter for that search.
8. If a positive result is received, The search ends, it caches, and it responds to the process.

The client reorders the servers according to their historical speed. This is how it prioritizes the most reliable ones over time. You can delve deeper into how to adjust the network adapter priority if you need to control the order of the query.

Server recursion parameters

On Windows servers, by default the recursion retry interval is ~3 seconds and the total recursion wait time is ~8 seconds. Only adjust these values ​​if you are working with slow WAN links.If you disable recursion, you cannot use forwarders on that same server.

Choosing DNS servers: performance, privacy, and features

The best choice depends on your carrier and your location. Ideally, measurements should be taken using tools such as Namebench or DNS Benchmark. and from there, decide.

• Cloudflare: 1.1.1.1 · 1.0.0.1 (speed and DoH/DoT).
• Google: 8.8.8.8 · 8.8.4.4 (very widespread and consistent). Google DNS Guide
• OpenDNS (Cisco) with filtering and security options. Complete guide to OpenDNS

If you don't change anything, you're usually using the operator's DNS (via router/DHCP). They usually provide good latency within their networkbut they may not have the same privacy policies or advanced options as other services.

CMD vs PowerShell: Which to use for DNS?

CMD is a classic, single-line shell and is still handy for quick commands like ipconfig or nslookup. PowerShell offers richer cmdlets and advanced scripting. (Resolve-DnsName, Test-Connection…), in addition to autocomplete and structured output.

For quick tasks, CMD is straightforward and sufficient; for automation and data extraction, PowerShell shines. The good news is that they both live together without any problems.So use the one that best fits each task.

With all of the above, you can now locate your current DNS servers, explore alternatives, safely change them, and use commands and utilities to verify that everything is working correctly. If, after adjusting these settings, you suspect caching or slow routing issues, use [the appropriate commands/utilities]. flushdns, nslookup -debug y tracert to isolate the exact point of the problem and solve it without going around in circles.