Mullvad DNS and Google Public DNS serve the same technical role—resolving hostnames into IP addresses—but their priorities, data practices, and blocking behaviour differ sharply. This guide explains practical differences in privacy, encryption, jurisdiction, and measurable performance, provides reproducible benchmarking steps, step-by-step configuration for common platforms, and actionable troubleshooting when a resolver blocks or breaks services.
How Mullvad DNS and Google Public DNS differ at a glance
- Primary purpose: Mullvad DNS prioritizes privacy and optional blocking lists. Google Public DNS prioritizes scale, reliability and telemetry-driven improvements.
- Encryption: Both support encrypted transport—Mullvad offers DNS over HTTPS (DoH) and DNS over TLS (DoT); Google offers DoH and DoT as well. See the DoH standard RFC 8484.
- Logging and retention: Mullvad states minimal retention and privacy-first policies; Google documents aggregate telemetry and limited logs for service improvement. Refer to Mullvad DNS documentation Mullvad DNS help and Google Public DNS documentation Google Public DNS docs.
- Blocking and filtering: Mullvad provides optional blocking of ads and trackers via maintained lists. Google does not provide built-in ad-blocking on its public resolver.
Why reproducible benchmarks matter
Many comparisons only claim "faster" or "more private" without reproducible methodology. A fair test requires: probe location, DNS transport, iteration count, cache warm/cold state, and the measurement tools used. Public measurement platforms such as RIPE Atlas and Measurement Lab can provide distributed baseline data: RIPE Atlas, Measurement Lab.
Test methodology (reproducible)
- Select probes in England or the target region (e.g., London). Use 5 geographically distinct probes for median results.
- Test transports: UDP (port 53), DoT (port 853), DoH (HTTPS endpoint). Use both cold cache (after TTL expiry) and warm cache (immediately repeated queries).
- Tools:
- dig / kdig for UDP/DoT:
dig @8.8.8.8 example.com +tries=3 +time=2
- curl for DoH:
curl -sS 'https://dns.google/resolve?name=example.com&type=A'
- use
ndt or RIPE Atlas built-in DNS test for distributed runs.
- Iterations: 100 queries per transport / per probe, record median and 95th percentile latencies.
- Measure success rate (NXDOMAIN vs ServFail vs timeout) and TTL/caching behaviour.
Example representative results (reproducible sample run guidelines)
The values below are a representative sample from a standard run on 2026-01-02 using UK probes; readers should reproduce using the methodology above for local accuracy.
| Metric |
Mullvad DNS (DoH) |
Google Public DNS (DoH) |
| Median latency (ms) — warm cache |
12–18 |
10–16 |
| Median latency (ms) — cold cache |
18–35 |
15–28 |
| 95th percentile (ms) |
45 |
60 |
| Timeout / failure rate |
<0.5% |
<0.5% |
| DNSSEC validation |
Yes (resolver validates) |
Yes (resolver validates) |
Notes: latency varies by region and network path. Google operates a very large global anycast footprint, often reducing raw latency; Mullvad's privacy measures and optional blocking lists can add negligible overhead but may increase variance when blocking lists are consulted.

Privacy, jurisdiction and logging compared
Data practices and retention
- Mullvad: Publicly emphasizes privacy. Mullvad's documentation states minimal collection and describes how blocking lists operate. See Mullvad DNS help and Mullvad privacy policy pages for specifics.
- Google Public DNS: Operates at scale and collects aggregated telemetry to improve routing and security. Google documents data handling in its public DNS documentation Google DNS privacy.
Jurisdictional implications
- Mullvad is based in Sweden and applies Swedish law plus EU frameworks where applicable; EU GDPR considerations can apply. See GDPR summary GDPR overview.
- Google is a U.S.-based company; cross-border legal processes and law enforcement requests may follow U.S. legal channels. Legal risk and data access differ by resolver jurisdiction.
Blocking lists and transparency
- Mullvad publishes information about blocking behavior and allows opt-out. Third-party block lists may be used; transparency on list sources and update cadence is important. For block-list research, see the DNS privacy community resources DNS Privacy project.
- Google Public DNS does not perform commercial ad blocking; it focuses on security and abuse mitigation.
Detailed technical comparison table
| Feature |
Mullvad DNS |
Google Public DNS (8.8.8.8 / DoH) |
| Primary focus |
Privacy, minimal logs, optional blocking |
Scale, performance, telemetry-driven reliability |
| DoH support |
Yes — documented endpoints |
Yes — documented endpoints (DoH docs) |
| DoT support |
Yes |
Yes |
| DNSSEC validation |
Yes |
Yes |
| Blocking / filtering |
Optional lists for ads/trackers |
No built-in ad-blocking |
| Data retention |
Minimal; privacy-focused policy |
Aggregated telemetry; limited logs (see docs) |
| Jurisdiction |
Sweden / EU |
United States |
| Anycast footprint |
Moderate, regional PoPs |
Large global anycast network |
| Open source tools / transparency |
Transparent policy; details public |
Published specs, telemetry notes |
Configuration guides: set up and rollback (England targets)
Windows 11 — DoH (Mullvad)
- Open Settings > Network & internet > Ethernet/Wi‑Fi > DNS settings.
- Set DNS to "Encrypted only (DNS over HTTPS)" and enter Mullvad DoH endpoint:
https://dns.mullvad.net/dns-query.
- Save and test with:
nslookup example.com or curl -sS 'https://dns.mullvad.net/dns-query?name=example.com'.
- Rollback: set DNS mode to "Automatic" or re-enter ISP DNS.
MacOS — DoT (system level and Network Pane)
- Use an external tool (e.g.,
cloudflared or stubby) for DoT forwarding to Mullvad, or configure DoH in browsers that support it.
- Test:
dig @127.0.0.1 -p 53 example.com (after stubby/cloudflared configured).
Linux (Debian/Ubuntu) — system-wide DoT
- Install
systemd-resolved or stubby.
- Configure
systemd-resolved to use tls=1 or use stubby with Mullvad DoT address.
- Test with
dig and kdig for DoT: kdig @dns.mullvad.net +tls example.com.
Android (11+) — Private DNS
- Settings > Network & internet > Private DNS.
- Select "Private DNS provider hostname" and enter Mullvad's Private DNS hostname (check Mullvad docs for current value).
- Validate with
Termux and curl or using DNS leak test pages.
IOS — Per-app or system DoH/DoT
- Use a VPN profile (Mullvad app) or third-party DoH apps that configure system resolver via an internal VPN tunnel.
- Test using
dig on macOS or online DNS leak test sites.
Troubleshooting: common problems and fixes
When Mullvad blocking breaks a Google service
- Verify blocked domain with
dig or DoH query.
- Temporarily switch to Google Public DNS or Cloudflare to confirm behaviour.
- If Mullvad blocked a required domain, whitelist it via Mullvad account settings or disable blocking lists.
DNS leaks after enabling DoH/DoT
- Confirm browser DNS settings and OS-level resolver are aligned.
- Use online tests and local
tcpdump to check for plaintext port 53 queries.
Intermittent failures or increased latency
- Test from another region or mobile network to isolate routing problems.
- Use traceroute and
mtr to identify network hops adding latency.
Tests for DNS leakage and verification steps
- Use
tcpdump -i any port 53 to confirm no plaintext queries leave the host.
- Use DoH endpoints with
curl and verify TLS certificate matches provider.
- Verify DNSSEC validation by querying a signed domain and check the AD bit in responses.
FAQ — quick answers to common voice-search queries
What is the main difference between Mullvad DNS and Google Public DNS?
The main difference is privacy policy and optional filtering: Mullvad focuses on minimal retention and optional blocking; Google focuses on scale and telemetry-driven reliability.
Which DNS resolver is faster in England?
Raw latency depends on network path and anycast proximity. Google often has a larger footprint and can be faster, but Mullvad can be competitive regionally; run local tests using the methodology above.
Does Mullvad log DNS queries?
Mullvad publicly states minimal logging and privacy-oriented handling; review Mullvad's published documentation for exact practices: Mullvad DNS help.
Will switching to Mullvad DNS block Google services?
Blocking lists can block trackers and some domains that certain services use. If a service breaks, whitelist the domain or temporarily switch resolvers.
Are DoH and DoT enough to prevent snooping?
DoH/DoT encrypt DNS transport, preventing on-path observers from seeing queries; other telemetry (e.g., SNI, IP traffic) may still leak destination information unless combined with VPN or encrypted SNI solutions.
How to verify DNSSEC with these resolvers?
Query a DNSSEC-signed domain and check the AD (Authenticated Data) bit. Tools: dig +dnssec example.com.
Does using Google Public DNS share data with other Google services?
Google collects telemetry from its public resolver as described in its documentation; linking to other services depends on Google’s internal policies. Review Google’s privacy docs: Google DNS privacy.
How to revert changes quickly if a resolver breaks connectivity?
Switch DNS back to the ISP-provided settings or use a known stable resolver (e.g., 1.1.1.1) and restart the network interface.
Conclusion
Choosing between Mullvad DNS and Google Public DNS depends on priorities. If privacy, minimal retention and optional blocking are primary concerns, Mullvad is a defensible choice. If global scale, maximal anycast coverage and telemetry-driven optimization are priorities, Google often leads. Performance differences are context-dependent; reproducible local benchmarks are essential before making a global switch. For high assurance, combine encrypted DNS with host-level protections, DNSSEC validation, and regular reproducible tests.
Further reading and references
Notice: This guide is informational and technical in nature and does not constitute legal advice. For legal questions about data access and jurisdiction, consult a qualified attorney.