Dit bericht is ook beschikbaar in: Nederlands

What is DNS and what does it have to do with privacy?

What is DNS?

DNS is an abbreviation of Domain Name System. You can think of it as the phone book of the Internet. A DNS translates domain names to IP addresses so that browsers can load Internet resources. 

What is the point of DNS?

Domain names are the human-readable website addresses we use every day. For example, Duckduckgo’s domain name is duckduckgo.com. To visit DuckDuckGo, simply enter duckduckgo.com in your web browser’s address bar.

However, a Web browser does not understand where “duckduckgo.com” is located. Behind the scenes, the Internet and other networks use numeric IP addresses. One of the IP addresses used by duckduckgo.co.uk is 52.213.95.108. Typing this number into your web browser’s address bar will also take you to DuckDuckGo’s website.

You can compare it to the difference between a street name and a zip code. If you ask an Amsterdammer what the shortest route to zip code 1013 GN(ip address) is, most Amsterdammers will not know where to send you. Most people will recognize the short Prinsengracht(domain name). In this metaphor, you are the browser and the Amsterdamer is the dns resolver.

What does a DNS server do?

DNS servers translate domain names to their corresponding IP addresses. When you type a domain name into your browser, your computer contacts your configured DNS server and asks what IP address is associated with the domain name. Your browser then connects to the IP address and retrieves the correct web page for you.

Most people use their Internet Service Provider’s (ISP) default DNS servers.

What is DNS Spoofing?

Some viruses and other malware programs can change the default DNS server of your Internet settings to one managed by a malicious organization or scammer. You type in duckduckgo. com, but instead of the dns server sending you to the correct ip address of duckduckgo (52.213.95.108), you are sent to the ip address (and thus fake website) of the scammer. This is also called dns spoofing. DNSSEC helps to prevent this. DNSSEC adds a digital signature to the DNS information. This ensures that when people search for your site, they come to your site.

What is DNS over HTTPS (DoH)?

When you send data using HTTP, it’s in plain text, making it readable by almost anyone (just like regular DNS). DNS-over-HTTPS (the S stands for secure) sends your typed domain name to a DoH-compatible DNS server using an encrypted HTTPS connection. That way, no one who intercepts the data can read it. Some DNS services support DNS over HTTPS.

DNS and Privacy

Each time you use a DNS server, it records your IP address (and therefore your approximate location), the domain name you looked up, the current time and the name of your ISP. Many organizations that run DNS servers are beginning to learn that there is money in those logs. For example, if you visit many websites with information about health conditions, that is quite interesting to insurers or pharmacists. Note: They (isp/dns provider) can only see through dns which websites you visit.

If you do not set up the DNS servers on your computer or router yourself (manually), your DNS requests will run on your ISP’s DNS servers. Using your ISP’s default DNS servers can lead to certain problems while surfing the Internet such as reduced security and privacy. However, it is also possible to choose another dns provider. Google has its own public dns service with the address 8.8.8.8. Using the Google dns does imply that dns requests go through Google. Google stores the user’s full ip address, location information, domain name requested, transport protocol and various other data. This is privacy-sensitive data. We do not recommend using Google’s dns service.

More privacy and fewer ads

Some dns services also block ads and trackers. For example, AdGuard DNS has a database of privacy-unfriendly domain names that serve ads, trackers and fraud. Thanks to these advertising filters, the domains used for tracking and to display ads are detected. Instead of looking up the real address of those sites, it will send a fake address instead. That way you do get the right web page presented to you, but without advertising.

Find more information on reliable DNS services on our dns resolvers page.

SHARE ARTICLE

Leave a Reply

Your email address will not be published. Required fields are marked *

Seen a (language) error? Let us know!

New! Choose your language