4 Reasons Why Using Third-Party DNS Servers Is More Secure
Most of you will be well-versed in the common ways to improve your computer’s online security . You can install a highly-rated anti-virus suite , use a password manager, change your operating system’s privacy settings , and a whole lot more.
However, there are also less familiar ways to give your security a boost. One such method is to change your DNS provider.
Why is changing your DNS a good idea? What security benefits does it bring? Keep reading to find out.
What Is DNS?
Before explaining why changing your DNS is a good idea, let’s clarify what DNS is. If you’re already familiar with the term, feel free to skip this section.
DNS stands for Domain Name System. You can think of it as the phone book of the internet. It’s the technology that translates the easily-memorable URL of a website (www.[name].com) into a numerical IP address. IP addresses are how devices, computers, and services are located on a network.
Your ISP will automatically route your traffic through its own DNS servers , but there are lots of third-party offerings to choose from. From a security standpoint, the third-party options are often much better than an ISP’s DNS servers.
DNS technology is predominantly vulnerable to two main attack vectors: spoofing attacks and denial-of-service (DoS) attacks.
Spoof attacks have the aim of redirecting you from legitimate to malicious websites. They lead to cache poisoning; corrupted data is introduced to a DNS resolver’s cache and you’ll repeatedly be directed to an incorrect IP address.
The media frequently covers DoS attacks and the public has a better understanding of them. Hackers use them to directly vast amounts of traffic to a website using a forged source IP address. The site in question typically becomes inaccessible.
DNSSEC is the de facto solution to these threats — but providers have not implemented it universally. At the time of writing, most ISPs do not offer DNSSEC on their DNS servers. Lots of third-party ones, including Google and OpenDNS, do provide it.
The technology effectively means your machine cannot be caught up in spoof attacks or DoS attacks; signatures become impossible to forge without access to private keys and resolvers will reject any responses that contain incorrect keys.
Third-party DNS servers have also started introducing DNS-over-HTTPS technology.
Most DNS queries are sent using either a UDP or TCP connection without encryption. Obviously, this has security implications: you’ll be vulnerable to eavesdropping, spoofing, and tampering, among other things. You’re particularly at risk if you frequently get responses from recursive DNS resolvers.
DNS-over-HTTPS allows DNS queries to be resolved using an encrypted HTTPS connection instead. It works in conjunction with DNSSEC to give users authenticated end-to-end DNS lookups. As such, the security between a client and a recursive resolver is greatly enhanced.
Google’s DNS servers have been using the technology since April 2016.
3. Phishing Protection
You should be familiar with phishing scams . In short, they are cyber-criminals attempt to make you give up highly-sensitive information. Typically, an email or website will pose as a legitimate business and ask you to enter your bank details, address, or other personal data.
Some third-party DNS servers — including OpenDNS — offer phishing protection. While it’s true that most modern browsers now include built-in phishing protection, the OpenDNS feature is useful if you have to use an old browser on an office network or you’re running Windows XP and cannot use a browser beyond Internet Explorer 6.
Be warned, features such as phishing protection are a trade-off: the more extra services your DNS includes, the slower it will run.
4. Parental Controls
The native parental control features in Windows have come a long way since the launch of Windows 10, while the offering on Mac has always been reasonably strong.
However, both operating systems’ tools are dependent on managing the controls on a user-by-user basis. If your child happens to start using your machine on an adult account, they might accidentally stumble across salacious content.
Some DNS servers offer a solution to the paradox. For example, OpenDNS allows you to configure blacklisted and whitelisted sites from its website. You can even block entire categories of sites — useful for keeping your kids off social media when they should be doing their homework.
Best of all, OpenDNS lets you set the parental controls at a network level: it will protect all your phones, laptops, tablets, and games consoles.
How to Change Your DNS
How you change your DNS server depends on which operating system you’re using. I’m only going to detail the process for Windows and Mac (there are too many Linux variants to cover them all). You can also change the DNS settings on your router, but again, the permutations are too numerous to cover here.
If you’re running Windows , you need to head to the Network and Sharing Center to make the changes. Right-click on your Wi-Fi icon in the toolbar and select Open Network and Sharing Center. Next, click on the name of your Wi-Fi network.
On the new window, click Properties.
Highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Finally, mark the checkbox next to Use the Following DNS Server Addresses and enter your provider of choice. If you want to add more than two, click Advanced.
The process is different if you use a Mac .
To begin, open the Apple menu and click on System Preferences.
Next, head to Network > Advanced > DNS.
Lastly, click the + icon under the left-hand column and enter your new DNS server address.
Have Your Changed Your DNS Provider?
After reading the article, I hope you have a clear understanding of what a DNS server is, what benefits you can enjoy by changing it, and how to change it.
Now it’s your turn to offer some input. I’d love to know which DNS provider you use. Why did you select it over its competitors? What features does it offer?
As always, you can leave your stories and opinions in the comments section below.
Image Credit: MOHD BAHIRI BIN IBRAHIM via Shutterstock.com