How (and why) to change your DNS server

How (and why) to change your DNS server

👨‍💻

You probably have a basic picture of how web browsing works. You type pcmag.com into the address bar, your browser requests that page from a web host, and PCMag sends you a ton of useful information. But it is not that simple. Another player is involved, and understanding this fact can help you protect your security and privacy – and even speed up your browsing.

Here’s the thing: the servers that route your Internet requests don’t understand domain names like pcmag.com. They only understand digital IP addresses like 52.201.108.115, or longer digital addresses than the modern IPv6 system. (For longer, I mean Much Long. Here’s a sample IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.)

What do DNS servers do?

So the machines only talk about numbers, but people want to use memorable domain names like girlgeniusonline.com or zappa.com. To solve this predicament, the Domain Name System, or DNS, translates familiar domain names into numeric IP addresses.

Your home network usually relies on the DNS server provided by your ISP. After your browser sends a domain name to the server, the server goes through a rather complex interaction with other servers to return the corresponding IP address, after thoroughly checking and verifying it. If it’s a frequently used domain, the DNS server may have this information cached, for faster access. Now that interaction is down to numbers, machines can handle getting the pages you want to see.

DNS difficulties

As you can see, Domain Name System is essential for all your internet activities. Any system issues can have ripple effects on your experience.

For starters, if your ISP’s DNS servers are slow, or not properly configured for caching, they can effectively slow down your connection. This is especially true when loading a page that pulls in content from many different areas, such as advertisers and affiliates. Switching to DNS servers optimized for efficiency can speed up browsing, both at home and in a business environment.

Speaking of business setup, some companies offer DNS services with business-friendly add-ons. For example, they can filter malicious websites at the DNS level, so that pages never reach an employee’s browser. They can also filter porn and other sites that are not suitable for work. In a similar way, DNS-based parental control systems help parents control children’s access to age-inappropriate content, on every device.

You mentioned that your DNS server caches common requests, so it can respond quickly, without having to query other components of the domain name system. Your PC or Mac also has a local DNS cache, and if the cache gets corrupted, you might have trouble visiting certain sites. Here’s an issue that doesn’t require switching DNS servers – all you have to do is flush the local DNS cache.

Unless you’re using a VPN (Virtual Private Network), your ISP’s DNS servers see every domain you request. You can’t really get away from it – if you want something from the internet, you can’t avoid talking about it someone Just what you want. Your ISP knows where you go on the web, and they probably don’t care.

However, some ISPs have found a way to monetize their DNS service. When you hit a wrong domain, that doesn’t have an actual IP address, they turn your browser into a search and ad page preloaded with a search term derived from the domain name. For example, the image below shows the results of an attempt to visit the non-existent funnycatpikture.com.

This may seem like no problem. What does it matter if your ISP displays ads? But it is important in terms of privacy. It started with a private back and forth between your browser and the DNS server. Your ISP has broken this privacy bubble by submitting a copy of your request to a search engine, where it ends up in your search history. Some people worry about search privacy, which is why there are no-log search sites like DuckDuckGo and StartPage.

DNS under attack

You are probably familiar with the concept of phishing. The infamous webmasters have created a fraudulent website that looks just like PayPal, your bank, or even a gaming or dating site. They break up links to the fake website using spam, malicious ads, or other technologies. Any unlucky internet user who logs in without noticing the fraud has given valuable login credentials to the bad guys. These credentials are usually used by scammers to log you into the real site, so you don’t realize that something has happened.

The only thing that gives these scams away is the address bar. Close monitoring of the address bar is one way to avoid phishing scams. Some of them are terrible, like the page purportedly, for example, LinkedIn, but has a completely unrelated domain like bestastroukusa.com. Others work even harder to trick you, with slightly different names like microsfot.com, or extremely long URLs that mask the actual domain. But no matter how they try, they can’t fool a surfer on the Internet.

This is where cache poisoning comes in. In this type of attack, hackers infiltrate incorrect information in the domain name system, usually by tampering with the cache. The user types a valid domain name, the corrupted DNS returns the IP address of a fraudulent site, and the address bar displays the correct name. Unless the miscreants do a poor job of mimicking the target site, there is no clear evidence that they have cheated.

A similar attack called DNS hijacking occurs on your local computer. Malware running on the system accesses your TCP/IP settings and simply redirects you to a DNS server controlled by hackers. Of course this only works if the malware in question can bypass your antivirus, but there are still a few people who haven’t received a message about using antivirus software on every computer.

What is the best DNS server?

DNS attacks and problems occur when DNS is not a priority for your ISP. Getting away from these issues can be as simple as switching to a service that makes DNS security and privacy a priority.

Google Public DNS has been available for nearly 10 years, with easy-to-remember IP addresses 8.8.8.8 and 8.8.4.4. Google promises a secure DNS connection, reinforced against attacks, as well as speed advantages.

Founded in 2005, OpenDNS has been making secure DNS for even longer. It doesn’t have memorable IP addresses like Google’s, but it does offer a wide variety of services. In addition to DNS servers focused on privacy and security, it offers what it calls FamilyShield servers, which filter inappropriate content. The company also offers a premium parental control system that gives parents more granular control over the filtering. Its parent company, Cisco, supplies organizations with Cisco Umbrella, which includes security and corporate DNS services.

Cloudflare might be the biggest internet company you’ve ever heard of. With a wide range of servers around the world, it provides Internet security for websites and protection against distributed denial of service attacks, among other services. Last year, Cloudflare made secure DNS available, on the very memorable IP addresses 1.1.1.1 and 1.0.0.1. Recently, the company embarked on a plan for its 1.1.1.1 mobile app to replace VPN protection.

There are other free, public, security-centric DNS services, but you can’t go wrong with these three. In practice, the field may shrink. Last year, Symantec shut down its Norton ConnectSafe service, directing users instead to OpenDNS.

How do I change my router’s DNS server?

As far as turning your router into a fast and secure DNS server, I have good news and bad news. The good news is that if you make a change in your router settings, it will affect every connected device. Not just computers and smartphones, consider video doorbells, smart garage doors, and even internet toasters. The bad news is that the exact technique for changing a router’s DNS settings varies by router.

Recommended by our editors

To get started, search the web by appending “Change DNS” to your router’s make and model. If you’re lucky, you’ll find a clear set of instructions. Go to the desired setting and enter the primary and alternate DNS addresses for your chosen service. You may need to restart the router for the change to take effect.

While working through the steps of this article, I got an unpleasant surprise. It turns out that my ISP’s router, which provides me with my internet, TV, and phone, doesn’t allow me to change the DNS settings. Apparently, a real network wizard can make the change using Telnet to log into the router, which nominally supports Telnet. I think the ISP wants to secure revenue from those ads and search pages.

How do I change my laptop’s DNS server?

Now all the devices on your home network are using a fast and secure DNS, but you likely have some that don’t stay on the home network. When your laptop or smartphone connects to the free Wi-Fi in this sleazy internet café, you also use whatever DNS server the owner chooses as the default server. Who needs cache poisoning when you have complete DNS control?

That’s why you should change the local DNS settings on your mobile devices. How you do it varies by platform. On Windows 10:

• Click the Windows button,
• select gear settings,
• Click Network and Internet,
• Click on Change adapter options,
• Right click on the Wi-Fi connection and choose Properties,
• Select Internet Protocol Version 4 and click the Properties button,
• Click on the item called Use the following DNS server addresses,
• Enter the two addresses,
• Click OK, and if necessary,
• Repeat the process for Internet Protocol version 6.

Yes, these are quite a few steps, but you can do it!

If you’re using a macOS laptop:

• Select Preferences from the Apple menu,
• Run the network application,
• Highlight Wi-Fi Connection and click the Advanced button,
• Click on the DNS tab,
• Use the plus button to add IPv4 and IPv6 DNS addresses, and
• Use the minus sign button to remove any existing addresses.

For your mobile devices, Android versions prior to 9 (Pie) and all iOS versions do not support a global change of your DNS preferences. You must access and make the change any time you connect to a new Wi-Fi network, and you cannot touch the cellular network’s DNS settings. It is true that on both platforms, you can purchase an app to automate this change, if you wish. But if you are going to buy an app, I suggest you simply run the VPN on those devices. Doing so funnels your DNS requests through the VPN company’s servers, which in most cases are more secure than what you get from your ISP.

From now on, Cloudflare 1.1.1.1 looks like an interesting DNS resolver for mobile devices, and it’s free. There is an upcoming improvement called Warp that will make it more like a VPN. When the VPN enhanced app reaches the public version, we will put it through its paces and let you know.

So, here’s the rundown. DNS servers translate human-friendly domain names into hardware-friendly IP addresses. It is possible that you are using the DNS server provided by your ISP, the quality of which is unknown. Switching to a third-party DNS service can speed up your Internet activity and protect against DNS-based phishing attacks.

Like what you read?

sign for security monitoring A newsletter of our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your acceptance of our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

[ad_1]
Don’t forget to share this post with friends !