Secure Your DNS

Domain Name System (DNS)

Most activities on the Internet require pointing to a specific device by use of an address. For example, to use my email, the email software must be able to locate my email server. It does this by looking for mail.mintzit.com.

While such human-readable names (called a Fully Qualified Domain Name, or FQDN) work well for you and me, not so much for computers. Computers expect to use a TCP-IP address. In the case of this server, that is 172.217.3.39.

The translation from FQDN to TCP-IP address is done by way of the Domain Name System (DNS). The process works like this:

1. The user, software, or setting enters the FQDN. For this example, I may enter it in a web browser so that I may view my email.
2. The browser has no idea how to find the FQDN, so it sends the request to the designated DNS
3. The DNS server maintains a database of all registered FQDN and their TCP-IP address. It sends the search result back to my computer, the browser then takes me to my email.

The system works amazingly fast and is highly stable. The concern is that your Internet provider is also likely your DNS provider. This allows them to monitor and log most of your Internet activity without your consent or knowledge.

If you use VPN, and your VPN provider has DNS Leak Protection, your Internet provider cannot see your DNS queries. But you probably aren’t using VPN all of the time.

To protect your Internet activity from being logged by your Internet provider, manually configure your DNS server to be one that ensures your privacy. I recommend the 1.1.1.1 and 1.0.0.1 servers hosted by Cloudflare[1].

Assignment: Secure DNS Traffic (Windows)

In this assignment, you manually configure your DNS settings to use Cloudflare instead of the default (typically your Internet provider) DNS.

1. Open Control Panel.
2. Click Network and Internet.
3. Click Network and Sharing Center.
4. Click Change adapter settings.
5. Right-click the network interface currently connected to the Internet, and then select
6. Select Internet Protocol Version 4 (TCP/IPv4).
7. Click the Properties
8. Select Use the following DNSserver addresses. 
9. Enter 1.1.1 as the Preferred DNSserver.
10. Enter 0.0.1 as the Alternate DNSserver.
11. Click the OK
12. Exit the Control Panel

From now on, all of your DNS searches will be performed securely by Cloudflare.

Assignment: Secure DNS Traffic (macOS)

In this assignment, you manually configure your DNS settings to use Cloudflare instead of the default (typically your Internet provider) DNS.

1. Open Apple menu > System Preferences > Network.
2. Click the lock icon, and then authenticate as an administrator.
3. Click Advanced
4. Click DNS.
5. Click the + button. The existing DNS entries should disappear.
6. Enter 1.1.1 as the first entry.
7. Click the + button.
8. Enter 0.0.1 as the second entry.
9. Click the OK
10. Click the Apply

From now on, all of your DNS searches will be performed securely by Cloudflare.

Assignment: Secure DNS Traffic (iOS)

In this assignment, you manually configure your DNS settings to use Cloudflare instead of the default (typically your Internet provider) DNS.

1. Open Settings > Wi-Fi > current Wi-Fi SSID Info icon > Configure DNS.
2. Select Manual.
3. Delete the existing DNS entries.
4. Tap Add Server.
5. Enter 1.1.1 as the first entry.
6. Tap Add Server.
7. Enter 0.0.1 as the second entry.
8. Tap Save.
9. Exit Settings.

From now on, all of your DNS searches will be performed securely by Cloudflare

[1] https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/