Reviews, comparisons, and opinions about the latest technology products, services, trends and anything of interest to the thick glasses crowd!
Use a Secure DNS Server
What's a DNS server?
A Domain Name System (DNS) Server translates the an Internet address from a domain name to an IP address, which allows your browser or other Internet client find what you're looking for on the Internet. When a domain name is registered or set to be hosted on a web server, the domain registrar notifies the DNS, triggering updates to DNS servers around the world. A phone book is a common analogy because it performs the same function as a DNS server, but with people's names and their phone numbers. But these days, who uses a phone book?
What's wrong with whatever DNS server I'm using now?
1. Privacy
Many Internet users have no idea what a DNS server is, much less why they should probably change it to use a secure alternative. By default, computers, smart phones and other devices on a network use the DNS server provided by the Internet Service Provider (ISP). Your ISP or mobile carrier is happy to provide a DNS service, because they can track your Internet activity and even use that information to limit your service. If you visit unapproved or illegal websites or use bandwidth on certain services, your ISP can limit or terminate your service. The ISP can sell your DNS activity to advertisers for added revenue. Some ISPs aggregate this information to make it harder to link the traffic to you, but advertisers have many ways to get around aggregation (a topic for another day). Naturally, advertising providers like Google offer DNS servers with wide availability and great performance, all for the "free" price of getting access to your DNS usage.
2. Speed
Making DNS servers available around the world costs money. ISPs and other DNS providers may cut corners by reducing the number and / or limiting hardware of their DNS servers, which can slow the response provided by the DNS server.
3. Security
Since ISPs have a captive audience with default DNS servers, security may not be a primary concern. Unencrypted traffic (which is much easier and less expensive to provide) and poorly maintained DNS servers have increased security risks, including (according to Security Trails writer Sara Jelen):
Domain hijacking, which involves changes in your DNS servers and domain registrar that can direct traffic away from your original servers to different destinations.
DNS flood attack, a type of DDoS attack in which the attacker hits your DNS server in order to overload it, so it can’t continue serving DNS requests.
DNS spoofing, or DNS cache poisoning, which is one of the most common DNS attacks around. By exploiting system vulnerabilities, attackers will try to inject malicious data into your DNS resolvers’ cache. You would then be redirected to another remote server.
DNS hijacking, which involves malware infections used to hijack DNS. Malware hosted on the local computer can alter TCP/IP configurations so they can point to a malicious DNS server, redirecting traffic to a phishing website.
Some DNS servers offer additional security by filtering ads and malicious websites, and / or redirecting mistyped web addresses to the correct website. Filtering at the DNS server makes your browser fingerprint less unique since you won't need to add plugins that can be used to identify you.
Use a Secure DNS Server
To address these issues, Jelen recommends using a secure DNS server. This can be configured on your router so all devices on your network use the secure DNS server, instead of your ISP's. She recommends these free, secure DNS servers, several of which offer filtering and other features:
Related
