If you are concerned about your privacy online you might wonder what the DNS requests are, why they are not encrypted while almost everything else on the web is and you might also want to solve this.
You ended up on the right website since I will explain everything you need to know about this and how to protect yourself using Dns Over Https.
What is DNS
In the purest form it is a way to have a name like example.com translate to an ip address like 1.1.1.1
These ip addresses allow for computer to connect together and share data. Dns is really usefull because thanks to it you can type youtube.com in your web browser rather than typing 172.217.18.206 that is corresponding to this domain name. So it is very convenient for human to remember name instead of ip. With the araising of ipv6 we absolutely need this feature, you can’t expect anyone to remember such an ip: 2a00:1450:4007:817::200e
Why it is important for your privacy
So when you are looking up youtube.com for example you send a DNS request to your DNS server. I won’t go into details but you have to remember that our query contains the domain name of the site we are willing to see. So for youtube we have the following request being sent over the network to one computer which will in turn ask other computers for an answer.
You can see for yourself using “nslookup youtube.com” in your terminal.
You should end up with a result like this :
Server: 2a02:8428:df28:1301:6e38:a1ff:fed4:309f
Address: 2a02:8428:df28:1301:6e38:a1ff:fed4:309f#53
Non-authoritative answer:
Name: youtube.com
Address: 142.250.179.110In the Adress line we can see that the DNS answer an ip address for youtube.com
This is not encrypted so this very message is sent over the network for anyone to see, but it is not alone. Every website that you use make your system request domain name solving to your associated DNS server each request leaving their fingerprints on your network.
At the end of the day someone can know everything about your habits on the web, and it can be a lot. If I sit on the same network as you i may know your mail provider, your favorite website, the name of the company you work for, where you host your family pictures what is the name of your bank, etc…
All of this is sensitive data and shouldn’t be displayed to anyone sight.
Why it is important for your safety
DNS is not encrypted and then what ? It’s only the domain names that are left clear on the network the rest is encrypted….i don’t really care, do I ?
Yes but no. The https protocol that you use to access your bank account is bulletproof yes, BUT, if your DNS is not encrypted it might be intercepted and then altered to make you go to another web server. This is known as DNS poisoning. Against HTTPS website, modern browsers would prevent you from making any mistake and would stop the connection. Against http website or with a barebone browser on the other hand, you could make some terrible mistake. You could fill your credentials in a fake website, you could give. Of course the actual risk is limited but it is always better to have double security, verified and protected DNS requests and the secure mecanisms from your browser.
Encrypting DNS protects you against some threats on the web
Why it is important for your freedom
A governement can also make ISP, an Internet Service Provider, alter DNS queries to censor a website. If you are in France for exemple you can’t resolve thepiratebay.org and this is really sad because the internet was not designed that way. It was supposed to be a place for creativity and freedom. Tough thepiratebay.org may be blocked by other means this is an example amongst others. With DOH, nobody can change or intercept your request and you can easily use a DNS from another country wich doesn’t block the website on order of your governement.
It can help you get over the censorship of a country
Why it is not encrypted by default
The reason is quite simple, at the begining of the internet nobody thought the network would get this huge and with so many applications. Users, wich were well versed in the ways of the Internet wanted a simple way to remember the location of their server on the network. And boom, the DNS was born. It evolved to some sort of place to display much more information than ip addresses.
In summary it is a very old technology but a lot of things rely on it so we will have to do with it
How to encrypt it
Ok now on to the serious part, how do i encrypt it so that you leave me alone and let me enjoy the web ?
I will show you how to configure DOH or Dns Over Https. This will ensure your DNS request are sent trough an encrypted tunnel so that nobody can see or modify your requests.
Follow the guide, those are really simple steps anyone can go for :
- Use Firefox as your default browser
- Go to the menu bar at the top right corner, choose Preferences, in General go to the very bottom of the page Network Settings
- Click on Settings and check the Enable DNS over HTTPS box
- Pick a Doh DNS or choose one of the built-in choice. I personally use the one from Cloudflare.
- One last thing to do is to enable Add search bar in toolbar under Preference/Search. We have to do this because Firefox tries to resolve non-fqdn name with the combined “search/hostname” toolbar. When it does, it is not using DOH to resolve the domain name. So from now own use the address bar for full domain name and the search bar for everyday queries. This is kinda inconvenient but Firefox is designed that way at the time I am writing this post.
And you are done ! Congratulations, you can now roam the web freely ^^
Why I don’t talk about DOT
DNS over TLS or DOT is even smarter because you do it even sooner than DOH in the network layers, you directly encrypt your DNS request instead of using another encrypted protocol like HTTPS to carry them. But unfortunatly many ISPs are blocking lot of ports and nobody wants to reconfigure their network everytime they go somewhere. Every public wifi I have been on has https access because that’s what people do with internet nowadays anyway.
But again for the average user Dns Over Https in Firefox is the easiest way to have significant improvement on his private life.