One of the most important systems that makes the Internet easy to use has absolutely no security in its current form. This means that your Internet service provider (and some others) can easily see every website that you visit. (Since you have “nothing to hide” this should not be a problem, right?)
DNS or the Domain Name System is the networking protocol that finds websites and resources on the Internet using familiar names such as Google.com, Amazon.com, and WyzGuysCybersecurity.com. It does that by converting the domain name in a typical web site request to the IP address of the server where the website is installed. Google is 220.127.116.11. Amazon is 18.104.22.168. WyzGuys is 22.214.171.124. You can see this in action by opening a CMD window (type cmd in the start menu search box) and enter nslookup google.com, then press Enter.
DNS, like other early Internet protocols such as email, was invented in a time when the thought of keeping this information secure from prying eyes was not considered an issue. These days spying and surveillance are out of hand, with everyone from the government and your ISP to Internet marketing firms and e-commerce sites, to the corner coffee bar keeping tabs on your Internet travels.
If you are like me, you have nothing to hide but you still would like to keep your business to yourself. You use one of our recommended private browsing options and have your browser delete your browsing history. But since all of your DNS queries are unencrypted, it is not difficult for someone with access to reconstruct your path through the Internet.
Maybe you are wondering about DNSSEC. Isn’t that some type of DNS security? DNSSEC was designed to protect applications from using forged or manipulated DNS data. DNSSEC responses are authenticated but not encrypted, and prevents DNS spoofing and website redirection. DNSSEC doesn’t provide any privacy or confidentiality. So no help for us there.
There are recent developments that will allow us to encrypt our DNS requests and recover a bit more of our lost privacy. In the last couple of days I read an article by Dennis Anon on Privacy.net about using Cloudflare DNS to secure your DNS queries, and another article on Sophos Naked Security about Mozilla’s beta test of Cloudflare’s DNS-over-HTTPS service to do the same thing in the Firefox browser. If this is something you want to pursue, you have a couple options:
- Use the Cloudflare public DNS server (126.96.36.199 and 188.8.131.52) in your computer’s network configuration. There is a great illustrated tutorial in Dennis’ article that shows you how.
- Use Firefox DoH Shield beta test as your web browser. This will be released in final form in Firefox 62.
- Use a VPN any time you are on the Internet. This serves to encrypt everything, including DNS queries, and may be your best overall solution.
In the last 30 years as computers and the Internet have developed, we have, as a species, really given up nearly all of our privacy. Our information is everywhere, and we have no control over who has it or what they do with it. But there is a movement back in the direction of recovering at least some of our privacy. Efforts such as the European GDPR standards are an example. DNS over HTTPS is another.