This post is part of my Crypto Security series. I recommend checking out all of them.
- Increase security, privacy, and speed by switching to Brave Browser
- Why you should be using a passphrase with a hardware wallet
- Increase security by using browser profiles
- How to create and use a cold wallet on Hive
- [PSA] Always test!
- Create your own metal seed key backup
- Why you should never use SMS for important two factor authentication
What is DNS?
DNS (Domain Name System) is one of the most critical components of the Internet. It is the system that converts IP addresses like 184.108.40.206 to human readable host names like bittrex.com. Without it, the Internet would be virtually unusable to humans.
Every time you enter an address into your browser, your computer queries your assigned DNS servers for the IP of the host name you entered. For example, if you entered bittrex.com, DNS would respond with the 220.127.116.11 IP and your browser would connect to that IP. While it is possible to have multiple host names assigned to the same IP, that's beyond the scope of this guide.
What is the risk with unencrypted DNS?
These DNS requests are unencrypted and can easily be picked up by any computer on your network and any service in the middle like your Internet Service Provider or VPN provider. These requests can be stored to build a profile of your activity on a daily basis.
While you may not care if someone knows you visit http://papertoilet.com/ or even https://pornhub.com, there are other risks to using unencrypted DNS. There are attacks called MitM (Man In The Middle) that can hijack your DNS requests and return a potentially malicious IP instead of your legitimate destination. Using third party networks like schools, libraries, even your friends house can potentially intercept your DNS requests and log them or worse modify them.
How do I encrypt my DNS?
There are many ways to encrypt your DNS and most modern browsers have built-in DNS encryption built in. Unfortunately, most of them require a lot of work on your end and few are fully supported.
There is one option that is free and easy and I highly recommend doing immediately to take advantage of encrypted DNS now.
Change your DNS servers to 18.104.22.168 & 22.214.171.124.
Cloudflare spent a fortune to buy those IPs back in 2018 to provide faster DNS with more security. At the time it did not support encrypted DNS but it provided other security features such as a promise not to use and sell your data, something that most ISPs are doing right now. They also promise not to censor your activity, another problem currently happening with certain ISPs.
Not only will using Cloudflare's DNS provide you with more security, you will also notice it is the fastest DNS resolver on the planet according to DNSPerf.
You can verify if you are using encrypted DNS by visiting here and clicking **Check My Browser).
You should see something like this.
The final option ESNI is being abandoned for a new protocol and you will likely fail on this as most browsers do not support it.
If you are going to be your own bank, you need to act as if you are one by locking your doors.
Posted Using LeoFinance Beta