Domain Name System (DNS)

DNS (Domain Name System) is a system that translates human-readable domain names (e.g., example.com) into numerical IP addresses (e.g., 192.0.2.1) for computers to communicate with each other on the internet.

CONTENT

WHAT IS DNS

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Its primary function is to translate human-readable domain names into numerical identifiers associated with networking equipment, enabling devices to be located and connected worldwide.

The Domain Name System (DNS) is a critical infrastructure component that enables humans to access online resources using easy-to-remember domain names, while devices communicate using IP addresses. Its distributed database and hierarchical structure ensure efficient and reliable resolution of domain names to IP addresses.

source: internet

HOW IT WORKS

Imagine a phone book where you can search for a requested person and retrieve their phone number. Similarly, DNS serves as a phone book for the Internet, translating domain names (e.g., example.com) into IP addresses (e.g., 192.0.2.1). This allows devices to communicate with each other and access online resources.

STEP-BY-STEP

1. Domain Name: A user types a domain name into their web browser.

2. DNS Resolver: The browser’s DNS resolver sends a query to a DNS server, asking for the IP address associated with the domain name.

3. Authoritative DNS Server: The DNS server checks its database (zone file) and responds with the IP address if it’s authoritative for that domain. If not, it forwards the query to another DNS server.

4. Recursive DNS Resolver: The DNS server that received the query performs recursive resolution, querying other DNS servers until it finds the authoritative server or the IP address.

5. IP Address: The browser receives the IP address and uses it to establish a connection with the requested website or service.

KEY CHARACTERISTICS

Hierarchical: DNS uses a hierarchical structure, with top-level domains (TLDs) like .com and .org, and subdomains like example.com.

Distributed: DNS data is stored across multiple servers, ensuring reliability and scalability.

Translation: DNS translates domain names into IP addresses, enabling devices to communicate with each other.

source: internet

DNS PRIVACY CONSIDERATIONS

The Domain Name System (DNS) plays a crucial role in facilitating internet communication, but it also raises privacy concerns. Here’s a breakdown of the issues and measures to address them:

Concerns:

1. Lack of Confidentiality: DNS transactions are typically sent in plaintext, allowing operators of DNS resolvers and name servers to log queries and responses. This can be used to track users’ online activities, compromising their privacy.

2. Data Integrity and Authenticity: Plain DNS does not provide data integrity and authenticity, making it vulnerable to tampering and spoofing.

3. ISP Surveillance: Internet Service Providers (ISPs) can monitor and log DNS queries, potentially revealing users’ browsing habits and online activities.

Solutions:

1. DNS over TLS (DoT): A standards-track protocol that encrypts DNS traffic using Transport Layer Security (TLS). This provides confidentiality and integrity for DNS queries and responses.

2. DNS over HTTPS (DoH): Another standards-track protocol that sends DNS queries and responses over HTTPS, using the same encryption as web browsing. This provides additional confidentiality and integrity.

3. DNSSEC (Domain Name System Security Extensions): A set of extensions that adds digital signatures to DNS data, ensuring authenticity and integrity of DNS information.

4. Private DNS Resolvers: Some providers, like Cloudflare, offer private DNS resolvers that do not log user data and use encryption to protect queries and responses.

5. OpenNIC: An alternate DNS network run by volunteers, offering DNS neutrality and customizable logging policies.

Best Practices:

1. Use a private DNS resolver: Choose a provider that prioritizes user privacy and does not log data.

2. Enable DoT or DoH: Use encrypted DNS protocols to protect your queries and responses.

3. Implement DNSSEC: Ensure authenticity and integrity of DNS data by using DNSSEC.

4. Monitor your DNS provider’s policies: Review and understand your DNS provider’s logging and data retention policies.

By understanding the concerns and implementing these solutions, you can better protect your online privacy and ensure a more secure internet experience.

source: internet

SELECTING A DNS SERVICE

When selecting a Domain Name System (DNS) provider, consider the following factors to optimize your internet speed, security, and control:

1. Speed:

Look for DNS providers with a global network of servers, ensuring faster resolution times and reduced latency.

Check the provider’s Anycast routing, which directs traffic to the nearest server for optimal performance.

2. Security:

Opt for DNS providers with built-in security features, such as:

3. Control:

Choose a DNS provider that allows you to customize settings, such as:

4. Reliability:

Research the provider’s uptime and availability, looking for:

5. Scalability:

Select a DNS provider that can handle your traffic volume and growth, considering:

6. Cost:

Weigh the costs of different DNS providers, considering:

7. Ease of use:

Choose a DNS provider with a user-friendly interface and clear documentation, making it easy to:

By considering these factors and options, you can choose a DNS provider that meets your specific needs and improves your overall internet experience.

source: internet

CHANGING YOUR DNS SETTINGS:

Remember to restart your network connection or reboot your system after making changes to DNS settings.

Linux

Most modern Linux distributions come with Network Manager, a GUI tool for managing network connections. To access DNS settings:

Open the Network Manager (usually found in the system tray or under Applications > Internet). Click on the Network/wired/wireless connection icon, then select “Edit Connections.” Choose the connection you want to modify, click “Edit,” and then navigate to the “IPv4” or “IPv6” settings tab. You can enter your custom DNS servers there.

Some Linux distributions may have slightly different GUI tools or interfaces for managing network connections and DNS settings. These instructions should provide a general guideline, but you may need to consult your distribution’s specific documentation for more detailed instructions.

Mac

  1. Go to System Preferences > Network > Advanced > DNS.
  2. Enter the DNS server addresses provided by your chosen provider.

Windows

  1. Go to Network Connections > Properties > Internet Protocol Version 4 (TCP/IP v4) > Properties.
  2. Enter the DNS server addresses provided by your chosen provider.

RELIABLE DNS PROVIDERS / RESOLVERS

The listed providers / resolvers below are good, public and free to use.

DNS-over-HTTPS is the adress you need, if you use DoH feature in your web browser.

ADGuard DNS

Default:

AdGuard DNS will block ads and trackers.

DNS-over-HTTPS:

https://dns.adguard-dns.com/dns-query

IPv4:

94.140.14.14

94.140.15.15

IPv6:

2a10:50c0::ad1:ff

2a10:50c0::ad2:ff

Non-filtering:

AdGuard DNS will not block ads, trackers, or any other DNS requests.

DNS-over-HTTPS:

https://unfiltered.adguard-dns.com/dns-query

IPv4:

94.140.14.140

94.140.14.141

IPv6:

2a10:50c0::1:ff

2a10:50c0::2:ff

Family protection:

AdGuard DNS will block ads, trackers, adult content, and enable Safe Search and Safe Mode, where possible.

DNS-over-HTTPS

https://family.adguard-dns.com/dns-query

IPv4:

94.140.14.15

94.140.15.16

IPv6:

2a10:50c0::bad1:ff

2a10:50c0::bad2:ff

DNS0

Default:

DNS‑over‑HTTPS, DNS‑over‑TLS, DNS‑over‑QUIC, DNS‑over‑HTTP/3, DDR Encrypted Upgrade

DNS0 blocks sites considered malware, phishing, spam, spyware, deceptive, bitcoin mining, botnet, and others, giving users control over their browsing behavior. DNS0 does not store personally identifiable information.

DNS-over-HTTPS:

https://dns0.eu

IPv4:

193.110.81.0

185.253.5.0

IPv6:

2a0f:fc80::

2a0f:fc81::

Zero:

Massively increase the catch rate for malicious domains — especially in their brutal early hours — by combining human-vetted threat intelligence with advanced heuristics that automatically identify high-risk patterns.

Block: Newly Registered Domains (NRD), Newly Active Domains (NAD), Domain Generation Algorithms (DGA), IDN Homographs, Typosquatting, DNS Rebinding, Dynamic DNS (DDNS), Cryptojacking, Parked Domains, High-risk Top-level Domains (TLD).

DNS-over-HTTPS:

https://zero.dns0.eu/

IPv4:

193.110.81.9

185.253.5.9

IPv6:

2a0f:fc80::9

2a0f:fc81::9

Kids:

Make any device or network safe to use for children in just a few seconds. By filtering out content from the Internet that is not suitable for children, you can provide a safe online environment for kids at home, at school and on the go.

Block: Porn or other adult websites, explicit search results, mature videos on YouTube, dating websites or apps, mixed-content websites, piracy, ads.

DNS-over-HTTPS

https://kids.dns0.eu/

IPv4:

193.110.81.1

185.253.5.1

IPv6:

2a0f:fc80::1

2a0f:fc81::1

Mullvad

Base:

Block: Ads, Trackers, Malware.

DNS-over-HTTPS:

https://base.dns.mullvad.net/dns-query

IPv4:

194.242.2.4

IPv6:

2a07:e340::4

Family:

Block: Ads, Trackers, Malware, Adult, Gambling.

DNS-over-HTTPS:

https://family.dns.mullvad.net/dns-query

IPv4:

194.242.2.6

IPv6:

2a07:e340::6

All:

Block: Ads, Trackers, Malware, Adult, Gambling, Social media.

DNS-over-HTTPS

https://all.dns.mullvad.net/dns-query

IPv4:

194.242.2.9

IPv6:

2a07:e340::9

Quad9

Recommended:

Malware Blocking, DNSSEC Validation (this is the most typical configuration).

DNS-over-HTTPS:

https://dns.quad9.net/dns-query

IPv4:

9.9.9.9

149.112.112.112

IPv6:

2620:fe::fe

2620:fe::9

Unsecured:

No Malware blocking, no DNSSEC validation (for experts only!)

DNS-over-HTTPS:

https://dns10.quad9.net/dns-query

IPv4:

9.9.9.10

149.112.112.10

IPv6:

2620:fe::10

2620:fe::fe:10