How to Use a VPN with Custom DNS

Using custom DNS with a VPN might sound like power-user territory, but it’s actually one of the easiest ways to improve your online privacy and performance. In this guide, you’ll learn what custom DNS is, why you might want to use it, and how to set it up across all Windscribe apps, from desktop to mobile.

What is Custom DNS?

DNS stands for Domain Name System. It’s the thing that turns human-friendly URLs like windscribe.com into machine-friendly IP addresses. Think of it like the phonebook for the internet; it helps your browser find websites by translating names into IP addresses.

But here’s the catch: the folks who hand you the phonebook (your DNS provider) might be taking notes on everything you look up - and sharing that data with advertisers, trackers, or Big Brother.

By default, your internet service provider (ISP) assigns your DNS servers. That DNS can (and often does) log what you’re doing online.

Custom DNS lets you override this and choose resolvers that are faster, more private, or even capable of blocking ads and malware.

DNS 101: What it is, how we handle it, and how to change it.

How DNS Works Across a VPN

When you connect to the internet without a VPN, your device uses DNS servers provided by your internet service provider (ISP) to resolve domain names into IP addresses.

This means every time you visit a website, your ISP can see and log your DNS queries, even if the actual website traffic is encrypted with HTTPS. In some cases, ISPs may redirect you to custom search pages, inject ads, or block access to certain sites using DNS filtering.

When you use a VPN, your DNS traffic is typically routed through the VPN tunnel along with the rest of your internet activity. This prevents your ISP or anyone else on your local network from seeing which websites you're trying to access.

Instead of using your system’s default DNS servers, a good VPN will provide its own private, encrypted DNS servers. This ensures that DNS queries are handled securely and anonymously, without leaking sensitive information or exposing your browsing history

Why Use Custom DNS with a VPN?

Custom DNS is about options. You get to pick what happens after your VPN encrypts the traffic.

Reasons to set one:

  • Avoid ISP DNS logging – Bypass your local snoops entirely.
  • Faster website lookups – Some resolvers are lightning fast.
  • Ad/malware blocking – Filter out garbage at the DNS layer.
  • Censorship dodging – Beat DNS-based content blocks in restricted countries.
  • Custom filters – Choose what gets through and what gets nuked.

Custom DNS with Windscribe: The Basics

You can use custom DNS in all Windscribe apps except the browser extension (because browser extensions can't reroute DNS due to platform limitations — thanks, Chromium). This feature is available to all users, whether you pay us or not.

Let's get into how to configure custom DNS in the Windscribe Apps.

How to Set Custom DNS in Windscribe

Get ready for some easy step-by-step instructions using Custom DNS on the Windscribe apps.

Custom DNS on Windows & macOS

  1. Launch the Windscribe app.
  2. Hit ☰ on the top right (Preferences).
  3. Go click on the plug icon to access the Connection tab.
  4. Scroll to Connected DNS.
In the Connections Section, Scroll to Connected DNS
  1. Select "Custom".
Click "Custom" from the drop down
  1. Plug in your DNS of choice.
      • Example: 1.1.1.1 and 1.0.0.1 (Cloudflare)
      • Or: 76.76.2.0 and 76.76.10.0 (Control D — Windscribe’s custom DNS tool that gives you the ultimate control)
Simply add your preferred DNS and click the green check mark to save
  1. Click the green checkmark to save, reconnect the VPN, and you’re done.

Custom DNS on Android and iOS

  1. Open the Windscribe app.
  2. Tap ☰ on the top left to access your Preferences.
Click on the menu in the top left to get started
  1. Then, click on Connections
Head on over to the "Connections" tab
  1. Then scroll down and select Connected DNS and select "Custom"
Scroll over to "Connected DNS" and hit Custom
  1. Enter your preferred DNS, hit the green checkmark to save, reconnect the VPN and you are all set!
Just input your DNS and click the green checkmark to save

Custom DNS on Linux

These instructions should work for most modern Linux distros: Ubuntu, Debian, Fedora, Arch, etc.

  1. Locate the Windscribe config file. The config file is usually located at:
~/.config/Windscribe/windscribe_cli.conf

If that folder or file doesn’t exist, you may need to run Windscribe at least once or reinstall it using official CLI instructions.

  1. Open the config file in a text editor. Use nano, vim, or whatever you like:
nano ~/.config/Windscribe/windscribe_cli.conf

In the conf file, find ConnectedDNSMode option under [Connection] and change it to Manual . Then, add your DNS resolver to  ConnectedDNSUpstream1 :

Areas to edit for Custom DNS highlighted above

If you want to split your DNS requests, you can add second DNS to ConnectedDNSUpstream2 .

  1. Save the file and exit.

For nano, press CTRL+O, Enter, then CTRL+X

  1. Then, reload your preferences with the following command.
windscribe-cli preferences reload

If you were already connected at the time of change, simply disconnect and reconnect for changes to take effect.

💻
For Linux GUI instructions, check out the Windows/macOS Desktop section for step by step instructions.

Custom DNS on Router (OpenVPN/WireGuard Setup)

  1. Log in to your router’s admin interface.
  2. Navigate to DNS settings.
  3. Manually input your custom DNS IPs.
  4. Disable automatic DNS options (if any).
  5. Save and reboot.

How to Check Your Custom DNS Settings

First, connect to a location in the Windscribe app. After you have connected, open a Command Prompt (Windows) or Terminal (Linux or MacOS) and run an nslookup test against any domain (in this example, we've used twitch.tv) to confirm your custom DNS is working:

Time to test!

What About Browser Extensions?

Can’t do it. Extensions live in a sandbox — and that sandbox doesn’t let us touch DNS. For full DNS control, use our desktop or mobile apps.

Top Custom DNS Picks

  • Cloudflare (1.1.1.1) – Fast, privacy-first
  • Google (8.8.8.8) – Speedy, but... Google
  • Quad9 (9.9.9.9) – Blocks malicious domains
  • Control D (76.76.2.0) – Fully customizable and built by us

TL;DR – DNS & Windscribe

Feature: Default DNS
Windscribe Default: Windscribe-owned, RAM-only, encrypted
Customizable?
Notes: Private, no logs, runs on Windscribe infrastructure
Feature: Custom DNS
Windscribe Default: ❌ (off by default)
Customizable?
Notes: User can override with preferred DNS servers
Feature: Split DNS
Windscribe Default: ❌ (off by default)
Customizable?
Notes: Supported on desktop apps to split your DNS routing
Feature: Extension DNS
Windscribe Default:
Customizable?
Notes: Browser limitations prevent DNS customization

Custom DNS + VPN: Wrap Up

Using custom DNS with Windscribe lets you go beyond the basics. Our default DNS is already private, encrypted and full of features — but if you want to go rogue and use something else, we’re cool with that too.

So go ahead: set your DNS and surf like nobody’s watching. Because with Windscribe, they’re not.

Want a VPN with DNS options that don’t suck? You’ve already found it.

Need total DNS control across every device you own, including smart fridges? Check out Control D. It's like Windscribe's overachieving sibling: fully customizable DNS with blocklists, schedules, profiles, and a free tier to try.

Frequently Asked Questions: Using Custom DNS with a VPN

Should I use a custom DNS with a VPN?

It depends on your needs, but in most cases, yes, using a custom DNS with a VPN can enhance your privacy, performance, and control.

If your VPN provider (like Windscribe) already uses private, encrypted DNS servers by default, you’re starting from a good place. But setting your own DNS can offer added benefits, such as:

  • Faster DNS resolution with performance-optimized providers like Cloudflare or Google
  • Ad and tracker blocking with services like Control D or AdGuard DNS
  • Custom filtering to block unwanted content categories (malware, adult sites, etc.)
  • Bypassing regional censorship or ISP-based DNS manipulation

Just make sure you choose a trustworthy DNS provider. There’s no point in ditching your ISP’s snooping if you hand your DNS queries to another data-hungry company.

Is it Safe to Use Custom DNS with a VPN?

Yes. Using a custom DNS with a VPN is generally safe, and in some cases, it can actually make your connection more secure.

When you use a reputable VPN like Windscribe, your DNS queries are already encrypted and routed through the VPN tunnel to our private, no-log DNS servers. But if you choose to set a custom DNS, that resolver will now handle your DNS lookups instead.

As long as you're using a trusted DNS provider (like Cloudflare, Quad9, or Control D), this setup is safe. Your DNS traffic still travels through the encrypted VPN tunnel, so your ISP or local network can't see it. Just avoid using unknown or suspicious DNS servers, as they could log your activity or redirect your traffic.

In short: custom DNS plus VPN is safe; as long as the DNS provider isn’t sketchy.

What DNS Does Windscribe Use by Default?

If you’re connected to Windscribe and you haven’t touched the DNS settings, here’s what happens:

  • We use our own encrypted DNS servers, not your ISP’s.
  • They run on our RAM-only infrastructure, meaning nothing is stored, logged, or saved.
  • DNS requests are routed through the VPN tunnel, just like the rest of your traffic.

So even if you don’t configure a custom DNS, you're already using a privacy-first resolver; controlled by us, not by some rando in a data center in Delaware.

Our custom DNS, called R.O.B.E.R.T, even allows you to block ads, trackers and more with the quick toggle setting. Learn more about it here.

But hey, maybe you want more control. That’s where custom DNS comes in.

What Is Split DNS?

Worried about storing all your DNS queries in one basket? Windscribe’s Split DNS Feature allows you to input multiple DNS servers and, you guessed it, split your DNS queries between them. Split DNS is only available on our desktop apps.

Can I use ad-blocking DNS with Windscribe?

Yes. Windscribe supports custom DNS resolvers, which means you can use ad-blocking DNS providers like Control D, NextDNS, or AdGuard DNS to filter out ads, trackers, malware, or entire categories of content.

Just plug in their DNS IPs in the custom DNS section of the Windscribe app, and you’re good to go.

Does custom DNS work with split tunneling?

Yes. Regardless of whether Split Tunneling is enabled and which mode you are using, when connected to Windscribe, the in-app Custom DNS server is used system-wide. Apps excluded from the VPN tunnel will still have their DNS requests served by the Custom DNS server.

Apps excluded from the VPN will continue using your system’s default DNS settings. So make sure you configure things accordingly.

What happens if I enter invalid DNS servers?

If the custom DNS servers you enter are unreachable or misconfigured, your device may fail to resolve domain names: meaning websites won’t load.

Windscribe won’t automatically fall back to default DNS in this case, so double-check the IPs before saving them. A typo in 1.1.1.1 could lead to a very quiet internet.

Is custom DNS available on all Windscribe apps?

Almost. Custom DNS is supported in all Windscribe apps except the browser extensions. This includes Windows, macOS, Linux, Android, iOS, and even router setups using our configs.

Browser extensions can’t support custom DNS due to limitations in how browsers handle DNS resolution.