Why should you (perhaps) change the DNS
Caution
This article was published more than a year ago, there may have been developments.
Please take this into account.
The DNS acronym means “Domani Name System”, an established standard for resolving IP addresses. In practice it is the system that translates an unintelligible address such as 142.250.184.35 in an intelligible one such as google.it. We think of DNS as a telephone directory. We write the site address in the URL bar, the DNS relates the site to its IP address.
“Set the right DNS” it is a meaningless sentence because the chosen DNS can have different functions and different needs may be that lead to the choice of one or the other DNS. There are DNS with a lower ping than others (usually geographically closer), which will allow you to resolve the domain name a few tenths of a second before the others, there are DNS that allow traffic monitoring, le white list e le black list, others block sites with explicit content, some block online advertisements. It goes without saying that there is no DNS “right”, but different DNS for different functions.
Let's see a quick overview of some DNS available.
Adguard
Adguard is a private DNS system that offers three different types of DNS. Most “famous” block intrusive ads, online tracking, virus e malware. It offers a good compromise in speed / services offered and basic services are free.
The three types of DNS offered are:
- “Default” – removes advertising, SPAM, cookie intrusivi, virus e malware.
- “Family protection” – in addition to anything that is removed from the default DNS it removes content intended for an adult audience.
- “Not filtering” – it does not apply any type of filter, it works like a generic DNS.
In addition to the DNS service, Adguard offers a low-cost VPN, pretty fast, based on servers around the world, without log (no data tracking, as required by European Community law).
In addition, Adguard promotes its applications for Windows, Mac and Android. In this case, it is proprietary software, from the negligible cost, which would secure the Windows PC / Mac, or the Android device.
OpenDNS
The DNS of OpenDNS they have been my favorites for some time. The service is present from afar 2005 and through the web interface it allows the reading of the navigation logs (legal as long as you check i own navigation log).
After the acquisition of Cisco they integrated the excellent service they already offered with some premium packages. At the moment the packages offered are 4:
Offer | What does it include | Cost |
---|---|---|
Family Shield | Block adult content | Free |
Home | The classic OpenDNS service, with web interface and navigation based filters | Free |
Home VIP | Service “Home” with a year of statistics and the management of a whitelist | 19.95$ per year |
Umbrella Prosumer | Protects your computer everywhere using specific software (up to 5 users / up to 3 devices per user) | 20.00$ for each user |
Looking at the site, the impression is that the offers are further diversified between “Enterprise“, “Partners” and “Consumer“, but the first two items refer to Cisco's Umbrella offers: a set of cloud services designed for user safety that do not necessarily have to do with the set DNS.
Cloudflare DNS
The Cloudflare's DNS service on the other hand, he is much younger. In a short time he managed to position himself among the best in terms of speed and safety. While many DNS managers sell browsing data to advertisers (in the United States it is legal), Cloudflare has opted for transparency towards users, cutting out the commercial logic.
Thanks to the widespread distribution of Cloudflare servers all over the world, the company can offer an excellent service in terms of speed. By connecting to the DNS address (unique in the world) by Cloudflare the request will be automatically routed to the closest Cloudflare DNS server and processed in the shortest possible time (we are around 15ms in my case).
Security is higher than with many ISPs (Telecom, Tiscali, Fastweb, etc.) because Cloudflare uses a strong encryption system called DNSSEC. This system makes a data breach or on-path attack more difficult for a hacker.
Google Public DNS
I have used it for several years too Google Public DNS. They were once the fastest DNS online, now they have been overtaken by Cloudflare, but I haven't ditched google DNS for speed, but for privacy.
Google apparently retains some data permanently, others are deleted later 24 / 48 hours. Permanent records do not include personal information or the IP address, while they include, for example, the location of the user at the city level, and after two weeks they are converted into a permanent record of small random samples, deleting unnecessary data. I know, it's not very easy to understand, but keep in mind that Google permanently records some data that binds you to its services through its DNS.
The temporary logs instead are formed by the IP address, they tell them to learn about any DDoS attacks and fix the problems, such as the temporary unavailability of one or more sites for one or more users. Temporary logs are deleted 24 / 48 hours after harvest.
I am not particularly satisfied with Google's treatment of my data, but it is still a better treatment than that given to me by my internet provider, that easily sells my data to companies for marketing purposes and keeps logs as much as they like.
Conclusions
The reasons that lead us to change the default DNS can be different. As you can see it doesn't exist in DNS “right” the “mistaken”, however there are users who are informed or not. You are now more informed than before and can consciously choose the DNS that best meets your needs.
0 Comments