Information security

How to hide DNS requests from your ISP’s prying eyes

Encrypting the traffic between your device and a DNS service will prevent unauthorized persons from monitoring the traffic or committing a fraud.

The end of net neutrality and the weakening of ISPs’ rules for managing network traffic have raised many privacy concerns.  ISPs (and other outsiders monitoring passing traffic) have long had a tool like Domain Name Servers (DNS) to easily monitor people’s behavior on the Internet.  Even if they still haven’t monetized (or changed traffic) from that data, they will likely start soon.

DNS is simply the phone book of the Web and gives the real network IP address associated with hosting and domain names of sites and other Internet services.  For example, it converts www.secromix.com to ip address.  Your ISP offers DNS in its package, but it can also log DNS traffic.

Open DNS services allow you to bypass provider services in the interest of privacy and security, as well as to evade content filtering, spying, and censorship in some countries. Cloudflare introduced its new free, high-performance DNS service on April 1st, with the goal of improving user privacy on the Internet. It also promises to use encryption to entirely mask DNS traffic from prying eyes. DNSSense, which is part of SecroMix, examines, analyzes, and categorizes DNS traffic in order to assist avoid undesired traffic by detecting harmful network traffic such as Malware, C&C Botnet, Ransomware, and Phishing.

DNS encryption

It’s not as simple as changing the address in the network settings to enable DNS encryption for users. Currently, no operating system supports direct DNS encryption without additional software.  And not all services are the same in terms of software and performance.

There are numerous reasons to improve the security of your DNS traffic. Although web traffic and other communications can be protected by cryptographic methods such as “Transport Layer Security,” almost all DNS traffic is sent unencrypted (TLS). This means that your ISP (or anyone else between you and the internet) can log the websites you visit, even if you’re using a third-party DNS, and use the information for your benefit, such as content filtering and data collection for advertising.

ISPs will most likely try to monetize routine DNS traffic more aggressively, and those who want to use this data to harm users, government agencies, and criminals will do so. However, it is unlikely that major operating system developers will strive to secure DNS in a way that is accessible and reliable to most people, because they are often concerned with monetization like ISPs.  Furthermore, some governments may object to the modifications because they want to keep their DNS tracking capabilities.

So, for the time being, these protocols will remain a tool for the few people who are truly concerned about the privacy of their data and are prepared to put in some effort to protect it We hope that firms like DNSCrypt and DNSSense stay active and help to move the situation forward.