DNS: what it is and why you should change!

DNS, or Domain Name System (sometimes called Domain Name Service) is a system (or service) that translates easy to understand domain names into IP addresses.  An analogy for DNS is it's like the telephone book of the Internet (for those under 30 who don't know what a telephone book is, it's a big book that telephone companies used to publish that had a list of people, their home addresses, and telephone numbers).  

When you type a website address, called a "fully qualified domain name" or FQDN, into your web browser's address bar, your computer actually needs the web server's Internet Protocol (IP) address in order to connect to the website.  For example, the address for my site, digitalsheepdog.com has an IP address of 13.225.230.50.  DNS is the service your computer uses to do this.  When you type in "www.digitalsheepdog.com", your computer does a DNS query to get the IP address of my website.

You can actually try this yourself.  If you're on a Windows computer open your command prompt, or on a Mac open terminal, then type "nslookup" and the name of any website.

DNS and Security

Since DNS is at the heart of all Internet activity, it actually can play a critical part in the security of your entire home network.  DNS controls what websites users can get to from your network.  In particular you can block access to adult, pornographic, or any other types of sites you don't want children or others using your home network by simply using a DNS service that doesn't respond when a device does a DNS query for an objectional website.

Additionally, you can block malicious websites or significantly impact certain types of malicious software (malware) from infecting computers on your network.  Many types of malware have to connect back to a "command and control" server when they are doing their dirty deeds.  This is especially true for "ransomware" (more in this in a future post).  By blocking malware's ability to lookup the IP address of the website/server it's trying to connect to, you can prevent it from functioning and reduce the impact of malware infections.

So how do you do this?  Very simply, there are a few free DNS solutions that you can use.

CloudFlare is a security company that offers a free DNS service for families.  By simply changing your DNS server from the ones that your ISP provides to 1.1.1.3 (primary) and 1.0.0.3 (secondary), you can block a whole range of both malware and adult websites.  CloudFlare has an article that details the service on their website.

OpenDNS is another free DNS service provided by Cisco that is very similar to CloudFlare.  Their DNS servers are 208.67.222.222 and 208.67.220.220.  More information about this service is found on the OpenDNS website.

Depending on the type of home router you have, you may be able to change the DNS server centrally so that all devices on your network get one of these servers in their network configuration.  However, you may have to configure these individually on each device.

Bottom line:  Using a free, secure, DNS service is a great way to keep objectionable websites off your devices and improve the security of your home network!

This article was updated on 13 September 2020