DNS servers #124
Comments
|
Well it really depends on what you're trying to protect yourself from. Of course the DNS provider always knows and can track who queries what. It's also a matter of who you trust. Do you think your ISP tracks DNS requests and profiles people/customers according to that? For instance, I would never use Google's DNS servers, because they hog all the data that people might provide them with. You can hide your DNS traffic from your ISP for instance by using some VPN, but then the VPN provider knows this. So again, who do you trust? You can also use Tor for DNS, but then the exit nodes can spoof the responses (as DNSSEC is not that common yet). Again, do you trust Tor more than the ISP or some VPN provider. It's always a trade-off. Maybe some other user.js users can also provide tips with some alternative DNS providers/technologies. Well that was mostly about privacy, as DNS is inherently insecure protocol, the security aspects should also be considered, but that mostly boils down to networks (MiTM attacks and other stuff that might forge DNS responses) and whether you can trust the responses or not. That's why we need encrypted protocols and PKI... even if someone would fool your machine to connecting to some hostile host instead of the real place you were trying to go, your browser would spot this through TLS and warn you (just an example). |
|
You can setup dnscrypt if you don't want your dns queries to leak and are afraid of MitM https://dnscrypt.org/ |
|
dnscrypt is definitely worth it for security and not hard to use once you figure it out |
|
I don't really have any online activities that I need to hide. So this is not a big concern I guess. The performance factor is more important. I am running on Mac OS X and my Time Capsule works as a router so that is where I will do the DNS changes if that is any help. I am also located in Sweden if that is a factor when choosing DNS server. |
|
well people on your local network may be able to pretty much figure out what youre doing and what websites you are visiting, and your ISP and others definitely can, with regular DNS. there are a few swedish DNSCrypt servers, it doesn't affect performance that much to use it |
We still should have the right for privacy :) See: https://en.wikipedia.org/wiki/Nothing_to_hide_argument
In that case, remember that the FRA is indeed watching all the traffic over there. |
|
Might be a bit off-topic, but it's always good that people are interested about their security/privacy and are not afraid to ask questions. @MacProGirl: Hope we answered your question. |
and others
I don't know if this is very off topic or if I may ask,
Is it important to change DNS servers? For security and performance.
At the moment I am using my network provider's default DNS servers.
The text was updated successfully, but these errors were encountered: