The Kitchen Table Consult

It happened last Sunday, right over a cooling cup of coffee at the kitchen table. My neighbor, a brilliant marketing director who can craft a brand strategy in her sleep, was venting about her home internet.

"Don, it's just so... slow sometimes," she said, frustration coloring her voice. "And it's creepy. I was just talking about getting a new garden hose, and now I'm seeing nothing but ads for them. It feels like someone's listening in."

I nodded, letting her finish. It’s a conversation I’ve had a dozen times with friends, family, and even fellow tech pros. We spend thousands on the latest laptops, smart TVs, and mesh Wi-Fi systems, but we connect them all through a digital front door that our Internet Service Provider (ISP) left wide open and pre-configured to watch our every move.

She wasn’t wrong. Her internet probably was slower than it needed to be, and she was absolutely being "listened to"—not by her microphone, but by her data. Her ISP, like most, was using its own Domain Name System (DNS) servers to track every site she visited, compiling a neat little profile to sell to the highest bidder. It’s the default setting, the one 99% of people use without a second thought.

Sitting there, I had one of those moments of clarity you get when you step back from a complex blueprint. We, the tech-savvy "Digizens" of our families and communities, are building our entire digital lives—our work, our entertainment, our kids' education—on a foundation of sand. It was time to pour some new concrete.

The Weekend Project Plan

For those of us who design, build, and maintain enterprise-level systems for a living, the idea of leaving a critical piece of infrastructure on its default, insecure setting is unthinkable. We run penetration tests, we harden servers, we segment networks. So why do we come home and accept a setup that wouldn't pass even the most basic security audit?

Your home network is a production environment. It handles sensitive financial data, private conversations, and, for many of us in the Harrisburg-Lancaster-York corridor, a direct link into our employers' corporate networks. It’s time we started treating it that way. This weekend, we’re going to tackle one of the simplest, highest-impact projects you can do: securing your DNS.

The 'Why': Your Network is a Production Environment

Think of your home as your castle. You have locks on the doors and windows. You have a fence. You don’t just let anyone wander in and see what you’re up to. The Domain Name System (DNS) is the digital equivalent of your address book or the GPS that tells data where to go. When you type www.psu.edu into your browser, DNS is the service that translates that human-friendly name into a machine-friendly IP address like 128.118.25.3.

By default, your "GPS" is provided by your ISP. This is like having your mail delivered by a company that opens, reads, and logs every single letter before it gets to you. They see every site you visit, how long you stay there, and where you go next. This data is incredibly valuable, and they often use it or sell it. Beyond the privacy invasion, their service can be slow, bogged down by millions of other customers. Worst of all, it can be a security risk. If a bad actor compromises an ISP's DNS, they could redirect you from your bank’s website to a convincing phishing site—a technique called DNS hijacking.

We can do better. We can choose our own DNS provider, just like you can choose your own email provider or cloud storage. These third-party services are often faster, more secure, and, most importantly, more private. Here are the three most reputable choices for our project:

1. Cloudflare (1.1.1.1): This is my personal go-to and the one I recommend for most people. Cloudflare's primary pitch is privacy and speed. They have a strict no-logging policy (they don't write your activity to disk) and regularly purge what little transient data they have. It’s also consistently one of the fastest DNS resolvers on the planet.

   • Primary DNS: 1.1.1.1

   • Secondary DNS: 1.0.0.1

2. Google Public DNS (8.8.8.8): The old, reliable workhorse. Google’s DNS is fast, stable, and has been around forever. The trade-off? Well, it's Google. While they anonymize their logs after 24-48 hours, some folks are understandably wary of giving the world's largest advertising company even more insight into their online habits. That said, it is still a massive improvement over your ISP's default.

   • Primary DNS: 8.8.8.8

   • Secondary DNS: 8.8.4.4

3. Quad9 (9.9.9.9): If your primary concern is security, Quad9 is your champion. Funded by non-profits and cybersecurity firms, its mission is to block access to malicious websites. When you try to visit a known phishing or malware domain, Quad9 simply refuses to resolve it, stopping the threat before it ever reaches your computer. It’s like having a security guard at your digital front gate.

   • Primary DNS: 9.9.9.9

   • Secondary DNS: 149.112.112.112

The choice is yours, and there's no wrong answer. Any of these is a monumental step up. For our purposes, I'll use Cloudflare's 1.1.1.1 in the examples below.

The 'How': The Two-Layer Fix

An architect knows you can’t just renovate one room and call the house finished. We need a comprehensive solution. We're going to apply this fix in two layers: first on a single machine to see how it works, and then on the router to protect the entire "castle."

Step 1: The Quick Win (Your Machine)

Changing the DNS on your personal computer is like putting a high-quality new lock on your office door. It’s a great first step and lets you test the waters immediately. This will only affect the one device you configure.

• On Windows 11:

  1. Right-click the Start button and go to Settings.

  2. Navigate to Network & internet and select your connection (e.g., Wi-Fi or Ethernet).

  3. Click on Hardware properties.

  4. Next to DNS server assignment, click the Edit button.

  5. Change the setting from Automatic (DHCP) to Manual.

  6. Turn on the toggle for IPv4.

  7. In the Preferred DNS box, type $1.1.1.1$.

  8. In the Alternate DNS box, type $1.0.0.1$.

  9. Click Save.

• On macOS (Ventura and later):

  1. Open System Settings from the Apple menu.

  2. Click Network in the sidebar.

  3. Select your active network connection (e.g., Wi-Fi) on the right.

  4. Click the Details... button.

  5. Select the DNS tab in the new window.

  6. Click the + button under the DNS Servers list.

  7. Enter $1.1.1.1$.

  8. Click the + button again and enter $1.0.0.1$.

  9. Click OK.

Now, open a web browser. You should notice... well, not much. And that’s a good thing! The internet should feel the same, perhaps a tiny bit snappier. You've successfully proven the concept.

Step 2: The Right Way (Your Router)

Now for the architect's solution. Changing the DNS settings on your router is the foundational fix. This is like changing the master lock on the front gate of the castle. Every single device that connects to your Wi-Fi—your laptop, your partner’s phone, your kids' tablets, your smart TV, your thermostat, even your guests' devices—will now automatically use the secure, private DNS you've chosen. No individual configuration required.

This is the "set it and forget it" solution.

1. Find Your Router's Address: Open a web browser. In the address bar, type the IP address of your router's administration page. This is usually printed on a sticker on the bottom of the router itself. The most common addresses are 192.168.1.1, 192.168.0.1, or 10.0.0.1.

2. Log In: You'll be prompted for a username and password. Again, this is often on the sticker. (If you changed it years ago and forgot it, you're about to have a fun five minutes with Google and a paperclip to reset the device).

3. Locate the DNS Settings: This is the only tricky part, as every manufacturer's interface is slightly different. You are looking for a section related to your internet connection or local network. Common names for this section are:

   • Network Settings

   • Internet or WAN

   • DHCP Server

   • LAN Setup

   Poke around. You're looking for two boxes labeled Primary DNS Server and Secondary DNS Server. They will likely be set to "Obtain Automatically from ISP" or will be grayed out with your ISP's addresses.

4. Enter the New DNS Servers: Change the setting to allow you to manually enter the DNS servers. Input the addresses for the service you chose. For Cloudflare:

   • Primary DNS: 1.1.1.1

   • Secondary DNS: 1.0.0.1

5. Save and Reboot: Click Apply or Save. Your router will almost certainly need to restart to apply the changes. This will take a minute or two, and your internet will go down temporarily. Don't panic; this is normal.

Once it's back online, every device on your network is now protected.

The 'Gotchas': What to Watch For

No project plan is complete without acknowledging potential issues. This is a simple project, but a few things can trip you up.

• The Admin Password: Seriously, this is the #1 hurdle. If you don't know your router's password, you'll need to reset it to the factory defaults, which means you'll also have to re-configure your Wi-Fi name and password. It's a good security practice to change this from the default admin/password anyway.

• The ISP-Supplied Box: Some modem/router combo units provided by ISPs have a locked-down interface that makes it difficult or impossible to change the DNS. If you run into this, a quick search for "[Your ISP Name] [Router Model] change DNS" will usually tell you if it's possible or if you need to enable a "bridge mode" and use your own router (which, frankly, is a project for another weekend but highly recommended).

• Flush the Cache: Sometimes your computer will hold on to the old DNS information. To force it to update, you can flush its local DNS cache. On Windows, open Command Prompt and type ipconfig /flushdns. On macOS, open Terminal and type sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. Or, much more simply, just restart your computer.

The Neighborhood Watch Effect

"Okay, Don," you might be thinking. "This is a great little home project. I get it. But I'm a DevOps engineer in Harrisburg / a project manager in Lancaster. What does this have to do with my career?"

Everything.

In the age of remote and hybrid work, the line between our home and professional environments has vanished. Your home network is no longer just for Netflix and Spotify; it's an extension of your company's office. A compromised home network—whether through DNS hijacking, malware, or another vector—can be a backdoor into your corporate environment. Protecting your home is a matter of professional responsibility.

But it goes deeper than that. As technology professionals in Central Pennsylvania, we are the informal help desk for our friends, families, and neighbors. We are the ones they call when the "internet is creepy." By taking these small, simple steps, we not only fortify our own digital castles but also create a template for those around us.

This is what being a good "Digizen" is all about. When we improve our own digital literacy and security, we raise the collective knowledge and security posture of our entire community. We make Central PA a harder target for bad actors and a safer place to live and work online. It’s a digital neighborhood watch, and it starts right in our own router settings.

The Central PA Pulse

Keeping a finger on the pulse of our local tech scene is part of being a connected Digizen. Here’s a quick look at what’s happening around our region.

• News: PA Companies Lead on Responsible AI in Healthcare A recent report from News From the States highlights how Pennsylvania-based healthcare companies are getting ahead of the curve on AI regulation. Instead of waiting for federal mandates, firms across the Commonwealth are proactively developing and implementing ethical frameworks for using artificial intelligence in patient care and diagnostics. It’s a great example of our region's leadership in the responsible application of cutting-edge technology.

• News: Women in Tech Breakfast Recap: From Burnout to Breakthrough The Technology Council of Central Pennsylvania recently hosted another successful Women in Tech breakfast. The theme, "From Burnout to Breakthrough," resonated deeply in today's demanding work culture. The recap from TCCP details powerful stories and practical strategies shared by local tech leaders on navigating career exhaustion and transforming it into an opportunity for growth and reinvention. It’s a must-read for anyone looking to build a more sustainable and fulfilling career in our industry.

Project Complete

There. The DNS is locked down, every device in the house is now running through a faster, more private channel, and my digital fortress feels just a little more secure. The internet feels cleaner. I’ve got a new, better answer for the next time someone asks me to "fix the Wi-Fi." All that clicking and configuring for a Saturday has earned me a break. It is tea time.

Na zdravie.

Social Media

Digizenburg Dispatch Community Spaces

Hey Digizens, your insights are what fuel our community! Let's keep the conversation flowing beyond these pages, on the platforms that work best for you. We'd love for you to join us in social media groups on Facebook, LinkedIn, and Reddit – choose the space where you already connect or feel most comfortable. Share your thoughts, ask questions, spark discussions, and connect with fellow Digizens who are just as passionate about navigating and shaping our digital future. Your contributions enrich our collective understanding, so jump in and let your voice be heard on the platform of your choice!

Facebook - Digizenburg Dispatch

LinkedIn - Digizenburg Dispatch

Reddit - Central PA

Social Media Highlights

Digizenburg Events

Our exclusive Google Calendar is the ultimate roadmap for all the can’t-miss events in Central PA! Tailored specifically for the technology and digital professionals among our subscribers, this curated calendar is your gateway to staying connected, informed, and inspired. From dynamic tech meetups and industry conferences to cutting-edge webinars and innovation workshops, our calendar ensures you never miss out on opportunities to network, learn, and grow. Join the Dispatch community and unlock your all-access pass to the digital pulse of Central PA.