Blog

Why Should I Switch to a Security and Privacy Focused DNS Server?

Protecting Your Cybersecurity and Online Privacy in 2022

Level: Introductory

Technology is an ever-evolving landscape and, in most cases, these evolutions enable positive changes for the user experience. That said, as society furthers its immersion into a connected lifestyle, the pool of malicious players continues to expand as well. Although the line separating one’s digital freedom and the security of one’s digital presence remains consistent, it is important to understand that you’re likely at more risk now than ever before when conducting day to day online activities and using connected devices. We constantly hear stories of those who have been taken advantage of by ill-intentioned actors online.

In the 90s, utilizing resource intensive antivirus software was considered key to remaining safe online. In the 2000s, the sentiment shifted to a sundry of malware scanning software and by the 2010s, two-factor authentication became a key message behind cybersecurity. As we settle into the era of Web 3.0, staying a step ahead of attempts to steal your financial and/or personal information is more important than ever. While the aforementioned tools all provide some value for users in specific cases, they aren’t a complete solution, which brings us to what may prove to be one of the most vital cybersecurity tools of our decade — DNS-based cyber-protection services.

What is DNS?

Before we begin, give yourself a pat on the back for taking online security and privacy seriously. If making the switch to a more robust DNS service is a new concept for you, we promise that it isn’t as complicated as it may at first seem.

DNS stands for Domain Name System. Think of DNS as the contact list of the internet. In this contact list, a directory of domain names is maintained. When you type a website’s address into your web browser (e.g.: Firefox, Brave, Safari), the browser communicates with your DNS service and asks for the internet protocol (IP) address for the site name in the URL you would like to visit. An IP address is simply a set of numbers that computers use to locate a website. The reason that we use web addresses with words is due to the fact they’re much easier for humans to use and recall as opposed to browsing by IP address — just like tapping on a contact’s name in your cell phone to call them instead of remembering their phone number and manually pressing each number to call someone.

In terms of browsing the internet, imagine trying to remember a series of numbers like 216.21.3.77 for every website that you visit. Instead, web browsers, email software, and everything else on the internet use the DNS to allow website IP addresses to be masked in a manner that is easier for us to remember, thus turning an IP address like 216.21.3.77 into simply “www.quad9.net”. In short, DNS services can be viewed as a translator of sorts between you, your computer, and all other computers connected to the internet.

Should I Change My Default DNS Server?

We get it. You’re probably wondering, “Why fix something that isn’t broken?” You have an internet service provider (ISP) that you assume works fine, and you have no problems browsing the internet, gaming, shopping, paying bills online, entering sensitive information across numerous websites, storing personally identifying data…see where we’re going with this? Have you ever wondered what would happen with that information were it to get into the wrong hands — if it hasn’t already?

So now you might understand why you’d be well-served to use a DNS service that has high privacy, but what about cybersecurity? Quad9 implements protections for all your devices by choosing what queries not to answer, which seems a bit strange but is quite effective. If you accidentally click on a phishing link in a very convincing email, you may not notice that the “www.mybanknaame[.]com” link that you thought was legitimate actually had a slight mis-spelling (two letter “a”s instead of one, in this hypothetical example.) Quad9 has an exceptionally large list of malware, phishing, botnet, and other domains that is kept up to the minute, and knows that “mybanknaame[.]com” is illegitimate. So when your computer sends the query for the fraudster’s host name to Quad9’s DNS system, the answer is given back that the name is not legitimate, and you are prevented from reaching the site. Simple!

“Okay, but I don’t want to pay for ANOTHER service…” — We get that too and fortunately, DNS services are one of the rare opportunities these days to improve your cybersecurity and privacy for free. Of course, not all DNS servers offer free DNS services, and even most DNS services don’t have a cybersecurity component. However, thanks to non-profit organizations like Quad9, anyone can boost their online protection — and maybe even performance — at no cost. Zero. No download, no software, no account, no registration, no email, no credit card info, no catches!

“What’s wrong with the DNS server that my ISP provides?” — Yet another sentiment often echoed by those yet to adopt a DNS service that has the end-user’s best interests in mind. While there may not be anything functionally wrong with your ISP-provided DNS service, chances are that it isn’t necessarily helping protect your privacy, security, or freedom of access to content. There is an incentive to monetize user data by the ISP (including DNS data) and little desire to offer high-quality threat blocking, at least not without a charge. Unfortunately, when it comes to ISP-provided DNS services, there’s simply no financial incentive for ISPs to provide a more robust, privacy-centric, and secure DNS solution.

Why Encrypting Your Data is More Important Than Ever Before

Since its inception around 1987, DNS has been an unencrypted protocol. That means everyone between your device and the resolver can see your queries and responses. Much like the transition of web pages from ‘http’ to ‘https’, encryption is now becoming more widely deployed in the DNS. While encryption is not a silver bullet against cyberattacks, DNS encryption can improve user privacy significantly.

The numerous options for those seeking a third-party DNS server can be overwhelming. In addition to finding a DNS server that fits your needs, you are also faced with determining how a given DNS server manages user data. Fortunately, this concern can be relieved by utilizing Quad9, which does not collect or sell user data, even if you just connect to them using traditional clear-text and well-supported methods. Quad9 was one of the early adopters of enhanced privacy standards like DoH, DoT, and DNSCrypt — which encrypts your connection to the resolver, thus keeping your queries and responses private.

It is no surprise that Quad9 was rated one of the top three best DNS Servers of 2022 by TechRadar. Structured as a non-profit organization, Quad9 has been offering free public DNS services that provide users with robust security protections, high-performance, and privacy since 2017. We collaborate with more than 20 threat intelligence providers around the world to block known malicious domains, helping prevent users’ computers and smart devices from connecting to malware-ridden and phishing websites.

Setting up your system to use Quad9’s DNS server is a quick and simple process. The Quad9 team has even created short video guides to walk users through the process of configuring their DNS server on both Mac and Windows systems, as well as other devices. Additionally, we are happy to provide on-boarding assistance in the event that you aren’t certain that you’ve implemented their service correctly.

Until next time stay safe, and keep private.

References:

  1. https://www.investopedia.com/web-20-web-30-5208698#toc-web-30
  2. https://www.techradar.com/news/best-dns-server