The short answer
To change the DNS on your router, log into your router’s admin panel (usually at 192.168.1.1 or 192.168.0.1), navigate to the WAN or Internet settings, and replace the existing DNS server addresses with the ones you want to use. The change applies to every device on your network immediately, without touching individual phones, laptops, or smart TVs.
Why this matters for NZ users specifically
New Zealand’s default DNS situation is worth understanding before you change anything. When you connect through Chorus fibre — whether that’s on a Spark, One NZ, or 2degrees plan — your ISP assigns DNS resolvers automatically via DHCP. Those resolvers are operated by your ISP, which means every domain lookup you make is logged by a company subject to New Zealand’s Telecommunications (Interception Capability and Security) Act 2013 and the broader Five Eyes intelligence-sharing framework. Your ISP can see, in plain text, every domain your household queries, even if the actual page content is encrypted via HTTPS.
The Privacy Act 2020 gives you rights around how your personal information is collected and used, but it does not prevent your ISP from retaining DNS logs for network management purposes. Switching to a third-party resolver — particularly one that supports DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) — moves those logs away from your ISP and, depending on the provider, may eliminate query logging entirely.
Beyond privacy, there are practical performance reasons. ISP-assigned resolvers in New Zealand are not always the fastest. Chorus’s national fibre network is excellent, and Hyperfibre plans now reach 4Gbps symmetrical, but a sluggish DNS resolver adds latency to every new connection your browser opens. A resolver with a Point of Presence (PoP) in Auckland or Sydney will return answers faster than one routing your queries to an overseas data centre. For households streaming TVNZ+, Neon, or Sky Sport Now, that resolver latency compounds across dozens of DNS lookups per page load.
There is also a content-filtering angle. Some families use DNS-level filtering services — such as Cloudflare’s 1.1.1.3 family filter or OpenDNS FamilyShield — to block malware and adult content network-wide. Doing this at the router level means every device, including smart TVs and gaming consoles that don’t support custom DNS themselves, benefits automatically.
What you need before you start
- Your router’s admin IP address (check the label on the back of the device, or run
ipconfigon Windows /ip routeon Linux and look for the default gateway) - Your router’s admin username and password (again, usually on the label — if you’ve never changed it, it’s often admin / admin or admin / password)
- The DNS server addresses you intend to use (see the comparison table below)
- Two minutes and a willingness to reboot the router if something goes wrong
If your router was supplied by your ISP — a Spark Smart Modem, a One NZ-branded Technicolor, or a 2degrees-supplied device — you may find the admin interface is locked down or simplified. In that case, see the section on locked ISP routers below.
Step-by-step: changing DNS on your router
The exact menu labels vary by manufacturer, but the underlying process is the same across ASUS, TP-Link, Netgear, D-Link, Ubiquiti, and the ISP-supplied devices common in New Zealand.
- Connect to your network. You can do this from any device on the network — wired is slightly more reliable for admin tasks, but Wi-Fi works fine.
- Open a browser and navigate to your router’s admin IP. Try
192.168.1.1first. If that returns nothing, try192.168.0.1or10.0.0.1. Spark Smart Modems often use192.168.1.1; some Chorus-supplied ONT setups use192.168.0.1. - Log in. Enter your admin credentials. If you’ve never set a custom password, check the label on the router. If the default credentials don’t work, a factory reset (hold the reset button for 10–30 seconds) will restore them — but note this will also wipe any custom Wi-Fi settings.
- Find the WAN or Internet settings. On TP-Link routers this is under Advanced > Network > Internet. On ASUS it’s under WAN > Internet Connection. On Netgear it’s under Internet > Internet Setup. On D-Link it’s under Setup > Internet.
- Locate the DNS server fields. You’re looking for fields labelled “Primary DNS” and “Secondary DNS”, sometimes under an “Advanced” toggle within the WAN settings. They may currently show your ISP’s addresses or be set to “Automatic” / “Get from ISP”.
- Disable automatic DNS and enter your chosen addresses. Uncheck any “Automatically get DNS” option, then type your primary and secondary DNS addresses into the respective fields.
- Save and apply. The router will usually apply the change without a full reboot, but some firmware versions require one. If prompted, reboot.
- Verify the change worked. On any device connected to the network, visit 1.1.1.1/help (if you set Cloudflare) or use a tool like DNS Leak Test to confirm queries are leaving through your new resolver, not your ISP’s.
Specific notes for ISP-supplied routers in NZ
Spark Smart Modem (Sagemcom or Technicolor variants): Log in at 192.168.1.1. Navigate to Advanced Settings > WAN > DNS Settings. The interface is simplified but DNS fields are accessible without any special unlock.
One NZ (Vodafone-era) Technicolor TG789: Log in at 192.168.1.1. Go to Home Network > Interfaces > WAN, then click Configure. DNS fields appear under the IPv4 settings section.
2degrees-supplied routers: Most 2degrees residential customers receive a TP-Link or Huawei device. TP-Link admin is at 192.168.0.1 and follows the standard TP-Link path above.
If your ISP-supplied router genuinely locks out DNS configuration — this is rare in NZ but does happen on some business-grade managed services — the workaround is to put the ISP router into bridge mode and connect your own router behind it, or to set DNS manually on each individual device instead.
Recommended DNS providers: a comparison
The table below covers the resolvers most relevant to NZ users. Latency figures are physics-based estimates: Cloudflare and Google both have PoPs in Auckland, meaning round-trip times from a typical Auckland connection should be under 5ms. For resolvers without local infrastructure, expect queries to route to Sydney (~28ms) or further afield.
| Provider | Primary DNS | Secondary DNS | Logs queries? | DoH / DoT | NZ PoP | Cost |
|---|---|---|---|---|---|---|
| Cloudflare (1.1.1.1) | 1.1.1.1 | 1.0.0.1 | No (24hr purge) | Yes / Yes | Yes (Auckland) | Free |
| Google Public DNS | 8.8.8.8 | 8.8.4.4 | Yes (anonymised) | Yes / Yes | Yes (Auckland) | Free |
| Quad9 | 9.9.9.9 | 149.112.112.112 | No | Yes / Yes | Yes (Auckland) | Free |
| OpenDNS Home | 208.67.222.222 | 208.67.220.220 | Yes | Yes / No | No (Sydney nearest) | Free / NZD ~NZ$27/yr for stats |
| NextDNS | Custom | Custom | Configurable | Yes / Yes | No (Sydney nearest) | Free up to 300k queries/mo; ~NZ$32/yr unlimited |
| Cloudflare Family (1.1.1.3) | 1.1.1.3 | 1.0.0.3 | No (24hr purge) | Yes / Yes | Yes (Auckland) | Free |
Our recommendation for most NZ households: Cloudflare’s 1.1.1.1 for pure speed and privacy, or Quad9 if you want malware-blocking built in without logging. NextDNS is worth the NZ$32/year if you want granular per-device filtering, custom blocklists, and query analytics — it’s effectively a managed DNS firewall for your home network.
DNS vs VPN: understanding the difference
Changing your router’s DNS is not the same as using a VPN, and it’s important NZ users understand the distinction. DNS changes affect only where your domain lookups are resolved — they do not encrypt your traffic, mask your IP address, or route your data through another country. If your goal is to access geo-restricted content from outside New Zealand, or to prevent your ISP from seeing your traffic at the packet level, a DNS change alone will not achieve that.
A VPN encrypts all traffic leaving your router and routes it through a server in another location. Some VPN providers offer Smart DNS as a separate product — this changes only the DNS resolution for geo-detection purposes, without the encryption overhead, which is why it’s faster for streaming but offers no privacy benefit. If you’re evaluating full VPN options for your router, the best VPN guide on vpnguide.nz/ covers router-compatible providers in detail. If cost is a concern, there’s also a free VPN comparison worth reading before committing to a paid plan.
The practical overlap: if you set a VPN on your router, the VPN client typically overrides the DNS settings you configure in the WAN section, using the VPN provider’s own resolvers instead. Check your VPN provider’s documentation to confirm whether your custom DNS settings will be respected or bypassed.
Common mistakes to avoid
- Only changing DNS on one device. If you set custom DNS on your laptop but leave the router on automatic, every other device — your partner’s phone, the smart TV, the printer — still uses your ISP’s resolver. Router-level changes cover everything.
- Forgetting the secondary DNS. If your primary resolver goes down and you haven’t set a secondary, every DNS lookup on your network will fail until the primary recovers. Always fill in both fields.
- Assuming DNS change = privacy. As noted above, DNS-over-HTTPS or DNS-over-TLS is required to actually encrypt the queries in transit. Plain DNS on port 53 is still visible to your ISP even if it’s going to Cloudflare — they just can’t read the response content, but they can see you’re querying a resolver. Most consumer routers do not support DoH/DoT natively; for that level of protection you need a router running firmware like OpenWrt, or a device like a Raspberry Pi running Pi-hole with a DoH upstream.
- Not testing after the change. DNS caching means your devices may continue using old resolver responses for minutes or hours. Run
ipconfig /flushdnson Windows orsudo dscacheutil -flushcacheon macOS after making the change, then verify with a DNS leak test. - Using a resolver geographically distant from NZ. Some guides recommend obscure “privacy-focused” resolvers hosted in Europe. From New Zealand, those queries travel ~270ms each way. For a household on a Hyperfibre 2Gbps line, this is a noticeable regression in browsing feel. Stick to resolvers with Auckland or Sydney infrastructure.
- Overlooking IPv6 DNS. If your ISP provides IPv6 (Chorus’s fibre network does, and most Spark and One NZ plans pass it through), you need to set IPv6 DNS addresses as well. Cloudflare’s IPv6 addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001. Leaving IPv6 DNS on automatic while setting IPv4 manually creates a split configuration where some queries still go through your ISP.
FAQ
Will changing my router’s DNS make my internet faster?
It can, but the gains are modest and depend on your current resolver. On a Chorus fibre connection in Auckland, switching from a slow ISP resolver to Cloudflare or Google — both of which have Auckland PoPs — can reduce DNS lookup times from 20–40ms to under 5ms. That won’t change your download speed, but it can make browsing feel snappier because each new connection your browser opens requires a DNS lookup first. On a Hyperfibre line where your throughput is already excellent, DNS latency is often the remaining bottleneck for page load times.
Is it legal to change DNS in New Zealand?
Yes, entirely. There is no provision in the Telecommunications Act, the Privacy Act 2020, or any other New Zealand legislation that restricts which DNS resolver a consumer uses. Your ISP’s terms of service do not prohibit it either — you are simply choosing where your domain queries are resolved, which is a standard network configuration option.
Will this affect my ability to stream TVNZ+, Neon, or Sky Sport Now?
No. These services determine your location primarily by your IP address, not your DNS resolver. Changing to Cloudflare or Google DNS will not make TVNZ+ think you’re overseas, nor will it grant access to overseas content libraries. For that you would need a VPN or a Smart DNS service that proxies your traffic through a server in the target country.
My router was supplied by Spark / One NZ / 2degrees. Can I still change the DNS?
In most cases, yes. ISP-supplied routers in New Zealand generally allow DNS configuration through the standard admin interface, even if other settings are locked. The exception is some business-managed services where the ISP retains full control of the CPE. If you find the DNS fields are greyed out or absent, the workaround is to configure DNS manually on each device, or to place your own router behind the ISP device in double-NAT or bridge mode.
What’s the difference between changing DNS on the router versus on individual devices?
Router-level DNS applies to every device on your network automatically, including smart TVs, gaming consoles, IoT devices, and guests on your Wi-Fi — anything that gets its network settings via DHCP from the router. Device-level DNS only affects that one device, and you have to repeat the process for every device you own. For most households, the router is the right place to make the change. The exception is if you want different DNS settings for different devices — for example, a stricter filtering profile on a child’s tablet — in which case device-level configuration gives you that granularity.
Does changing DNS on my router affect a VPN I’m running?
It depends on where the VPN is running. If you’re running a VPN client on your router itself, the VPN will typically override your WAN DNS settings and use its own resolvers to prevent DNS leaks. If you’re running a VPN app on an individual device, that device’s DNS will be handled by the VPN client, while other devices on the network continue using whatever DNS the router is configured with. Always run a DNS leak test after setting up any VPN to confirm your queries aren’t bypassing the tunnel.
How do I know if my DNS change actually worked?
The most reliable method is to visit 1.1.1.1/help in a browser (if you set Cloudflare) — it will confirm whether your queries are reaching Cloudflare’s resolver. Alternatively, use a site like dnsleaktest.com and run the extended test. The results will show which resolver is handling your queries and where it’s located. If you still see your ISP’s resolver listed, flush your DNS cache on the device you’re testing from and try again. On Windows: open Command Prompt and run ipconfig /flushdns. On macOS: run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder in Terminal.
Bottom line
Changing the DNS on your router is one of the most straightforward network changes you can make, and for New Zealand households it delivers real benefits: faster lookups from resolvers with local infrastructure, reduced ISP visibility into your browsing habits, and optional network-wide content filtering without touching individual devices. The process takes under five minutes on any mainstream router, including the ISP-supplied modems common on Spark, One NZ, and 2degrees fibre plans. For most users, Cloudflare’s 1.1.1.1 is the right default — it has an Auckland PoP, a credible no-logging policy, and costs nothing. If you want more control, NextDNS at around NZ$32 per year adds per-device filtering and query analytics that go well beyond what any free resolver offers. What a DNS change will not do is replace a VPN: if your goal is traffic encryption, IP masking, or bypassing geo-restrictions on international streaming libraries, that requires a separate solution.
