Teacher
Professional
- Messages
- 2,670
- Reaction score
- 806
- Points
- 113
DNS servers can be used for more than just translating domain names into IP addresses. They are often used to filter sites by lists, to counteract malicious sites, and sometimes to circumvent certain restrictions. Below we will explain what secure DNS servers are and what functionality they offer.
Introduction
Every day we visit a large number of sites on the Internet for various purposes, whether professional, educational, entertainment or other resources. At the same time, you should be vigilant, because one of the most common security threats that anyone can face is malicious sites. Every day, attackers create a large number of such sites to infect viruses, theft, extortion, and other things.
Malicious sites can host banners that load dangerous content when clicked. Therefore, for example, a search on the Internet for the necessary "software" may end up downloading and installing malicious or infected programs, ranging from simple viruses to cryptographers. Phishing sites that pretend to be legitimate in order to get passwords from various resources, bank card data, etc. are very "popular". Sites that do not require any interaction with the user other than the very fact of accessing them are a serious danger. on your mobile phone, and the result of their execution is the installation of spyware, bots, and cryptographers. Sites with prohibited content such as pornography, drugs, and terrorism also pose a threat. It is worth noting that they can also often cause harm with the same viruses.
One of the simplest and most affordable measures to protect against malicious sites is to use secure DNS servers.
What is DNS?
The DNS (Domain Name System) service is one of the main ones for working on the Internet. It maps the digital IP address of each resource, which is difficult to perceive and poorly remembered by a person, to a convenient alphabetic domain name (173.194.73.139 → google.com). It is often compared to a directory of phone numbers. The DNS service operates on the principle of hierarchy: each zone on the Internet is responsible for its own DNS server (and not just one), which knows all the names in its zone, and if an unknown resource is requested from it, it redirects the request to a higher server.
Secure DNS servers are designed to protect you from malicious resources and your children from unwanted content. The main idea here is to constantly monitor malicious and unwanted sites, create black lists and restrict access. Using secure DNS servers increases the confidentiality of your requests (data is stored for a certain period of time, and then deleted). In addition, some services block ads. Such DNS servers can be a good substitute for your provider's servers.
Overview of popular secure DNS servers
Cisco Umbrella
In 2015, Cisco bought the secure DNS service OpenDNS, creating a Cisco Umbrella solution based on it. This is not just a secure DNS, but a complex for protecting against threats from the Internet, which also includes a firewall, a web proxy with the ability to analyze files in an isolated virtual environment, and tools for conducting investigations. The service is hosted in the cloud and is aimed at corporate clients. It is managed on the Cisco Umbrella web page. The corporate DNS server configures DNS redirection to the IP addresses 208.67.222.222 and 208.67.220.220, and then on the Cisco Umbrella page, the client company's network is added. Client policies contain a large number of settings: selecting site categories and content on them to block, blocking depending on the application used, and blocking by specific domain names. We will not describe other functions within the scope of our topic. Cisco Umbrella ranks 3rd in terms of performance in the ranking of the independent DNS server monitoring service DNSPerf.
Cloudflare
The service was created in 2018 by the company of the same name and is completely free. There are several modes of operation that are determined depending on the IP address you set that belongs to Cloudflare. The 1.1.1.1 address is the main one, DNS filtering is not performed, and you get a reliable and fast service. The second mode of operation is family mode: when specifying IP addresses 1.1.1.2 / 1.0.0.2 as DNS servers, malicious resources are blocked. If you also want to restrict adult content, set the addresses 1.1.1.3 / 1.0.0.3. The service supports DNSSEC, which means that attackers will not be able to redirect you to fake web pages. The service's website states that Cloudflare does not sell user data to advertising companies; your requests will be stored on the server for 24 hours. DNSPerf ranks Cloudflare as the fastest public DNS service in the world.
DNSFilter
DNS Filter company has been creating its service since 2015 for three years. DNSFilter is a fully paid service with support for various security features. Among the main ones are DNSSEC, DNS over TLS (request encryption), real-time site classification, protection against botnets and phishing. You can use the service at home or on the basis of your company with the ability to store logs of customer requests and configure policies. The addresses of the DNSFilter servers are 102.247.36.36 and 103.247.37.37. The subscription price ranges from $216 to $1,069 per year, depending on the set of features and use cases. In the rating of the DNSPerf service, it ranks 2nd in terms of speed.
Google Public DNS
The service from a well-known American corporation has been operating since 2009. It is a free public service. Provides accelerated loading of web pages due to data caching, as well as request protection through the use of DNS over TLS and DNS over HTTPS technologies. The server addresses are 8.8.8.8 and 8.8.4.4. Google prescribes in its terms that user data will be deleted within 48 hours, and provider and location data within two weeks. The confidentiality of your data is claimed, but from time to time there are reasons to doubt this. The service ranks 6th in terms of speed in the DNSPerf rating.
Neustar UltraDNS Public
Free DNS service from the American company Neustar. The service offers several servers with varying degrees of filtering. Servers with addresses 64.6.64.6 and 64.6.65.6 provide fast and reliable search for requested resources without blocking. Blocking of malicious, phishing, and spyware sites is performed by specifying the addresses 156.154.70.2 and 156.154.71.2. If you want to restrict sites that contain content with pornography, violence, or gambling, then set the IP addresses 156.154.70.3 and 156.154.71.3 as DNS servers. The service is ranked fifth in the DNSPerf rating.
Quad9
Another good free service. Attention is paid here not only to filtering malicious resources, but also to your privacy. The Quad9 website states that when using this service, your IP address is never registered on its servers. The service uses both commercial and public sources of data on security threats. However, content filtering is not performed during its operation. To use Quad9, you need to set the IP addresses 9.9.9.9 and 149.112.112.112 in the DNS settings. The service is placed on the 7th line of the DNSPerf rating.
SkyDNS
Russian cloud service for content filtering. The company's personal products are aimed at protecting children on the Internet, and they are also implemented in a large number of schools. The DNS server blocks malicious resources, as well as sites with paid subscriptions, pornography, online games, and any other topics that you set in the settings (60 categories). Ad banners, pop-ups, and other ads are blocked. You can set up redirection to secure search, where users will find information that is not harmful (i.e., nothing about bombs, drugs, etc.).
Yandex.DNS
The service from a well-known Russian company has been operating since 2013. It is completely free and has three modes of operation. The basic version — IP addresses 77.88.8.8 и 77.88.8.1 - does not filter requests. Safe mode - 77.88.8.88 and 77.88.8.2 - blocks malicious sites. The third set of servers - 77.88.8.7 и 77.88.8.3 - performs content filtering of adult content. Yandex. DNS closes the top ten of the DNSPerf rating, but since there are a huge number of services, this generally indicates good performance.
How do I choose a DNS server?
To select a DNS service, you can use the already mentioned DNSPerf service.
DNSPerf Rating
Select the region where you are located, or global totals, and the service will show the response time of DNS services to queries, uptime, and quality of service. The quality of a DNS service depends on the availability and number of servers: for example, if the service has four servers and one of them is unavailable, the quality will be 75 %.
To determine the fastest DNS server specifically for your computer, you can use the DNS Jumper program. When running the "Fast DNS" test, it will poll all available servers and show their response time.
Quick DNS Jumper Test
How to set DNS server addresses
A story about secure DNS servers would not be complete without a quick setup guide for home users. We will show the necessary actions using the example of Windows 10.
In the Windows Control Panel, in the "Network and Internet" category, you will need to click on "Network and Sharing Center". In the upper-right part of the page, you will see a link to the active connection status (see Figure 3, where it is called "Ethernet"). In the status window that opens when you click on the link, there is a "Properties" button; please note that you need administrator rights to change the properties.
Configuring DNS servers for a home user in Windows 10
Conclusions
Try to use secure DNS definitely worth it. You will strengthen your online security and still hardly feel any difference in speed. If you choose Cloudflare, Yandex.DNS, Google, Neustar, Quad9 services, you can protect yourself from fake sites for free and in some cases you can block access to unwanted content. Solutions from Cisco and DNSFilter with a wide variety of features and settings are more suitable for protecting organizations.
(c) www.anti-malware.ru
Introduction
Every day we visit a large number of sites on the Internet for various purposes, whether professional, educational, entertainment or other resources. At the same time, you should be vigilant, because one of the most common security threats that anyone can face is malicious sites. Every day, attackers create a large number of such sites to infect viruses, theft, extortion, and other things.
Malicious sites can host banners that load dangerous content when clicked. Therefore, for example, a search on the Internet for the necessary "software" may end up downloading and installing malicious or infected programs, ranging from simple viruses to cryptographers. Phishing sites that pretend to be legitimate in order to get passwords from various resources, bank card data, etc. are very "popular". Sites that do not require any interaction with the user other than the very fact of accessing them are a serious danger. on your mobile phone, and the result of their execution is the installation of spyware, bots, and cryptographers. Sites with prohibited content such as pornography, drugs, and terrorism also pose a threat. It is worth noting that they can also often cause harm with the same viruses.
One of the simplest and most affordable measures to protect against malicious sites is to use secure DNS servers.
What is DNS?
The DNS (Domain Name System) service is one of the main ones for working on the Internet. It maps the digital IP address of each resource, which is difficult to perceive and poorly remembered by a person, to a convenient alphabetic domain name (173.194.73.139 → google.com). It is often compared to a directory of phone numbers. The DNS service operates on the principle of hierarchy: each zone on the Internet is responsible for its own DNS server (and not just one), which knows all the names in its zone, and if an unknown resource is requested from it, it redirects the request to a higher server.
Secure DNS servers are designed to protect you from malicious resources and your children from unwanted content. The main idea here is to constantly monitor malicious and unwanted sites, create black lists and restrict access. Using secure DNS servers increases the confidentiality of your requests (data is stored for a certain period of time, and then deleted). In addition, some services block ads. Such DNS servers can be a good substitute for your provider's servers.
Overview of popular secure DNS servers
Cisco Umbrella
In 2015, Cisco bought the secure DNS service OpenDNS, creating a Cisco Umbrella solution based on it. This is not just a secure DNS, but a complex for protecting against threats from the Internet, which also includes a firewall, a web proxy with the ability to analyze files in an isolated virtual environment, and tools for conducting investigations. The service is hosted in the cloud and is aimed at corporate clients. It is managed on the Cisco Umbrella web page. The corporate DNS server configures DNS redirection to the IP addresses 208.67.222.222 and 208.67.220.220, and then on the Cisco Umbrella page, the client company's network is added. Client policies contain a large number of settings: selecting site categories and content on them to block, blocking depending on the application used, and blocking by specific domain names. We will not describe other functions within the scope of our topic. Cisco Umbrella ranks 3rd in terms of performance in the ranking of the independent DNS server monitoring service DNSPerf.
Cloudflare
The service was created in 2018 by the company of the same name and is completely free. There are several modes of operation that are determined depending on the IP address you set that belongs to Cloudflare. The 1.1.1.1 address is the main one, DNS filtering is not performed, and you get a reliable and fast service. The second mode of operation is family mode: when specifying IP addresses 1.1.1.2 / 1.0.0.2 as DNS servers, malicious resources are blocked. If you also want to restrict adult content, set the addresses 1.1.1.3 / 1.0.0.3. The service supports DNSSEC, which means that attackers will not be able to redirect you to fake web pages. The service's website states that Cloudflare does not sell user data to advertising companies; your requests will be stored on the server for 24 hours. DNSPerf ranks Cloudflare as the fastest public DNS service in the world.
DNSFilter
DNS Filter company has been creating its service since 2015 for three years. DNSFilter is a fully paid service with support for various security features. Among the main ones are DNSSEC, DNS over TLS (request encryption), real-time site classification, protection against botnets and phishing. You can use the service at home or on the basis of your company with the ability to store logs of customer requests and configure policies. The addresses of the DNSFilter servers are 102.247.36.36 and 103.247.37.37. The subscription price ranges from $216 to $1,069 per year, depending on the set of features and use cases. In the rating of the DNSPerf service, it ranks 2nd in terms of speed.
Google Public DNS
The service from a well-known American corporation has been operating since 2009. It is a free public service. Provides accelerated loading of web pages due to data caching, as well as request protection through the use of DNS over TLS and DNS over HTTPS technologies. The server addresses are 8.8.8.8 and 8.8.4.4. Google prescribes in its terms that user data will be deleted within 48 hours, and provider and location data within two weeks. The confidentiality of your data is claimed, but from time to time there are reasons to doubt this. The service ranks 6th in terms of speed in the DNSPerf rating.
Neustar UltraDNS Public
Free DNS service from the American company Neustar. The service offers several servers with varying degrees of filtering. Servers with addresses 64.6.64.6 and 64.6.65.6 provide fast and reliable search for requested resources without blocking. Blocking of malicious, phishing, and spyware sites is performed by specifying the addresses 156.154.70.2 and 156.154.71.2. If you want to restrict sites that contain content with pornography, violence, or gambling, then set the IP addresses 156.154.70.3 and 156.154.71.3 as DNS servers. The service is ranked fifth in the DNSPerf rating.
Quad9
Another good free service. Attention is paid here not only to filtering malicious resources, but also to your privacy. The Quad9 website states that when using this service, your IP address is never registered on its servers. The service uses both commercial and public sources of data on security threats. However, content filtering is not performed during its operation. To use Quad9, you need to set the IP addresses 9.9.9.9 and 149.112.112.112 in the DNS settings. The service is placed on the 7th line of the DNSPerf rating.
SkyDNS
Russian cloud service for content filtering. The company's personal products are aimed at protecting children on the Internet, and they are also implemented in a large number of schools. The DNS server blocks malicious resources, as well as sites with paid subscriptions, pornography, online games, and any other topics that you set in the settings (60 categories). Ad banners, pop-ups, and other ads are blocked. You can set up redirection to secure search, where users will find information that is not harmful (i.e., nothing about bombs, drugs, etc.).
Yandex.DNS
The service from a well-known Russian company has been operating since 2013. It is completely free and has three modes of operation. The basic version — IP addresses 77.88.8.8 и 77.88.8.1 - does not filter requests. Safe mode - 77.88.8.88 and 77.88.8.2 - blocks malicious sites. The third set of servers - 77.88.8.7 и 77.88.8.3 - performs content filtering of adult content. Yandex. DNS closes the top ten of the DNSPerf rating, but since there are a huge number of services, this generally indicates good performance.
How do I choose a DNS server?
To select a DNS service, you can use the already mentioned DNSPerf service.
DNSPerf Rating
Select the region where you are located, or global totals, and the service will show the response time of DNS services to queries, uptime, and quality of service. The quality of a DNS service depends on the availability and number of servers: for example, if the service has four servers and one of them is unavailable, the quality will be 75 %.
To determine the fastest DNS server specifically for your computer, you can use the DNS Jumper program. When running the "Fast DNS" test, it will poll all available servers and show their response time.
Quick DNS Jumper Test
How to set DNS server addresses
A story about secure DNS servers would not be complete without a quick setup guide for home users. We will show the necessary actions using the example of Windows 10.
In the Windows Control Panel, in the "Network and Internet" category, you will need to click on "Network and Sharing Center". In the upper-right part of the page, you will see a link to the active connection status (see Figure 3, where it is called "Ethernet"). In the status window that opens when you click on the link, there is a "Properties" button; please note that you need administrator rights to change the properties.
Configuring DNS servers for a home user in Windows 10
Conclusions
Try to use secure DNS definitely worth it. You will strengthen your online security and still hardly feel any difference in speed. If you choose Cloudflare, Yandex.DNS, Google, Neustar, Quad9 services, you can protect yourself from fake sites for free and in some cases you can block access to unwanted content. Solutions from Cisco and DNSFilter with a wide variety of features and settings are more suitable for protecting organizations.
(c) www.anti-malware.ru
