DNS the "address book" of the Internet

Written By Rogier Willems

DNS stands for Domain Name System. Think of it as the "address book" of the Internet: your browsers and apps use it to translate domain names that make no sense to them into IP addresses that they can understand.

When you use the default DNS server that is automatically set by your Internet Service Provider, every time your browser or app sends a DNS request, it will be logged by your internet provider and used for marketing purposes.

Dedicated DNS services

In recent years, the industry has become aware of the power and risks associated with DNS, and various companies have built their own DNS servers that can increase your privacy by encrypting all DNS requests. Furthermore, they can block ads, trackers, malware, phishing websites, etc. They can also provide "Family protection" by blocking websites with adult content and enforcing the "Safe search" option in browsers that provide it. "Non-filtering" provides a secure and reliable connection but doesn't block anything.

DNSCrypt

Instead of a regular client-server interaction protocol, DNS encryption allows you to use a specific encrypted protocol that will encrypt all DNS requests. This protects you from possible request interception and subsequent eavesdropping and/or alteration.

DNSSEC

Dedicated DNS providers support DNSSEC technology, which allows you to verify the authenticity of the stored DNS records with a digital signature. It provides protection against current and potential attacks on DNS queries and responses aiming to forge them or change their content, and at the same time, it fends off other online threats.

NextDNS

I have evaluated a number of DNS service providers and ended up liking NextDNS the best because of its relative ease of implementation and control.

Another service named Adguard offers additional options to block ads using a plugin in the web browser but is, in my opinion, more suitable for those who want to have more options and tinker with the various settings.

Protecting your entire network:

Besides installing an app on your devices or installing a "profile" on your Mac, it's much better to implement this on your network router like on the Synology routers that I have installed at many of my clients.

Contact me if you have any questions or need help implementing a DNS service.

Rogier Willems
Mac Genius dedicated to Apple Macintosh since 1999.
https://www.macexpert805.com
Next

Pass-the-Cookie Attack