The DNS (Domain Name System) is one of the most significant internet services in use, allowing us to browse webpages send emails, run apps on our smartphone.
What is a DNS server ?
The Domain Name System (DNS) is like a phonebook, but for the internet. It is a framework which translates domain names, like gcity.cc, into the IP addresses necessary for devices to load those internet page. It is used for displaying web pages, but not only… it is also used in your mobile apps for instance.
Risks related to DNS
If you aren’t using a VPN when browsing the internet, your DNS requests can be easily observed. The first who observes site you visit and every app you use is your ISP (Internet Service Provider). But not only… As you DNS connections is not encrypted (most of the time, it also means any third party in the middle of your traffic can see your online behaviour and the websites you’re connecting to. Moreover, any government agency.
Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.
Following attacks exist with un-secure DNS:
- Domain hijacking, which involves changes in your DNS servers and domain registrar that can direct traffic away from your original servers to different destinations.
- DNS flood attack, a type of DDoS attack in which the attacker hits your DNS server in order to overload it, so it can’t continue serving DNS requests.
- DNS spoofing, or DNS cache poisoning, which is one of the most common DNS attacks around. By exploiting system vulnerabilities, attackers will try to inject malicious data into your DNS resolvers’ cache. You would then be redirected to another remote server.
- DNS hijacking, which involves malware infections used to hijack DNS. Malware hosted on the local computer can alter TCP/IP configurations so they can point to a malicious DNS server, redirecting traffic to a phishing website.
Top 5 free DNS
Top ranking is (starting by the best):
- CloudFlare DNS (no-log policy)
- DNS Watch (no-log policy)
- Quad9 (malware filtering)
- OpenDNS (adult content filtering)
- Google Public DNS
CloudFlare DNS / 22.214.171.124
The benefits of using Cloudflare are:
- No logging DNS traffic, no saving IP – privacy first
- Very very fast
- Easy setup
Primary and secondary DNS servers: 126.96.36.199 188.8.131.52
Primary and secondary DNS servers through IPv6: 2606:4700:4700::1111 2606:4700:4700::1001
How to set up on Android: DNS Cloudflare hostname setup on Android.
More info: https://184.108.40.206/dns/
DNSWatch / 220.127.116.11
So the main benefits of DNSWatch are:
- No logging DNS traffic, no saving IP
- No restricted content
Since they are a privacy-focused provider, and a small company which doesn’t offer any security intelligence analysis, any protection against phishing, malware or attacks will need to be addressed by you.
Primary and secondary DNS servers: 18.104.22.168 22.214.171.124
Primary and secondary DNS servers through IPv6: 2001:1608:10:25::1c04:b12f 2001:1608:10:25::9249:d69b
How to set up on Android: DNS DNSWatch hostname setup on Android.
More info: https://dns.watch
Quad9 / 126.96.36.199
We love Quad9 filtering protection, but, sadly, we don’t like their log retention policy.
- Blocks malicious domains
- No ‘no-log’ policy (Quad9 is committed to keeping users’ privacy, but they do keep logs on some activity)
- Easy setup
Primary and secondary DNS servers: 188.8.131.52 184.108.40.206
Primary and secondary DNS servers through IPv6: 2620:fe::fe 2620:fe::9
How to set up on Android: DNS Quad9 hostname setup on Android.
More info: https://www.quad9.net
OpenDNS / 220.127.116.11
- One of the oldest DNS (now owned by Cisco)
- High speed
- Phishing sites are blocked as well as adult content (optional)
- History of your internet activity kept for the past 12 months
Primary and secondary DNS servers: 18.104.22.168 22.214.171.124
How to set up on Android: DNS OpenDNS hostname setup on Android.
More info: https://www.opendns.com
Google Public DNS / 126.96.36.199
Primary and secondary DNS servers: 188.8.131.52 184.108.40.206
How to set up on Android: DNS Google hostname setup on Android.
If you are not using any VPN (which usually include their own DNS), Cloudflare which is free, fast et has a 0-log policy, seem an excellent option. Other option, more oriented on filtering ads is Quad9.