You can use something as simple as your default DNS server to control the inflow and outflow of YOUR data to various telemetry (remote data measurement) collectors from Microsoft, Google, Apple, etc.
You are likely aware that when you load a webpage, the DNS server logs your IP requests. Many websites and services sell your data to advertisers, and your data is connected to you thanks to your browser fingerprint and whatever personal information you disclose.
Why do we need DNS security?
If you use Windows, many services within the operating system are sharing your data with Microsoft servers. Do you know what your data are being used for, and what intelligence and predictive behaviour models such a collection of this valuable data can enable?
DNS is a huge privacy and censorship issue since the provider that handles your DNS requests knows all the pages you visit, and can do what they want with that data or sell it for profit. Are Google DNS or OpenDNS trustworthy options without a VPN?
Learn more about choosing DNS servers.
First: what does a Domain Name System (DNS) do?
The Domain Name System (DNS) resolves domain names into IP addresses, which browsers use to load internet pages. Every device connected to the internet is mapped to its own IP address, which is used by other devices to locate the device.
Whenever you (your browser or program) connects to a server, not only are you getting information from that server, but that server is getting information from you.
DNS logs are not only collected via Internet browsers. DNS can be compromised by spoofing or by changing a machine’s HOSTS file.
DNS Tracking: Your ISP sees everything your computer IP resolves to via the Internet if you use your ISP’s DNS servers. See The Privacy Risk of Using Your ISP’s DNS. ISPs can see what domains you visit and will target you for certain services and/or sell your data to advertisers who will do the same. Your data is big business.
DNS Leakage: When Utilizing a VPN or Tor, sometimes your website traffic is not wholly routed through your chosen DNS server but goes back to your ISP DNS server, and is therefore viewable.
DNS Redirections to Malicious Sites or Programs. Bad guys can send you phishing emails and substitute their domain IP address for the domain IP address you think you are resolving to — a bank, your important accounts, whatever. Another possibility in this age of censorship and wrongthink is that your ISP could prevent access to certain domains by redirecting your machine’s IP request to a site that pushes the approved propaganda.
Solutions to DNS Threats
Utilizing a service like OpenDNS or Pi-hole can block DNS resolution to undesirable sites. Or you can accomplish the same by configuring individual machines.
You can use both approaches, and if you need access to a site on a specific machine, configure that machine’s HOSTS file to resolve to the correct IP. The computer will look at its HOSTS file before consulting the remote DNS server.
Individual machine controls are better (vs. using a network DNS blocker like OpenDNS) if you need to use specific services from Microsoft and want to block most of the telemetry. Thus you could enable the DNS resolution to OneDrive but block other connections at other times for other machines.
Benefits of Installing Pi-Hole
Pi-hole is a service that you host yourself on any Ubuntu-running hardware. Pi-hole blocks ad servers from loading when you browse to different websites, and will therefore prevent a lot of data about you from being shared with those servers that load when you visit certain sites. By preventing ads from loading, you also conserve bandwidth. Win-win!
DNS protection provides an additional layer of protection between your computer and the internet by blacklisting certain sites, preventing sites from loading, and filtering out unwanted content. By using secure DNS servers both at home and at work, users can avoid unnecessary risks and the potential for malicious attack, not to mention the collection and sale of personal data.
Pi-Hole as a Recursive DNS Server Installation Steps [Video Above]
- Install Ubuntu Server 20.04 (https://ubuntu.com/download/server)
- Install Pi-Hole – sudo curl -sSL https://install.pi-hole.net | bash
- Set the Web Admin Password – pihole -a -p [password]
- Install Unbound DNS – sudo apt install unbound
- Create Unbound Configuration File – sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
- Copy example config – https://docs.pi-hole.net/guides/dns/u…
- Restart Unbound to apply Configuration – sudo service unbound restart
- Disable Forwarding DNS in PiHole Set Custom DNS in PiHole – 127.0.0.1#5335
- And you’re done!
- Bonus points for sending all DNS traffic through a VPN Gateway to encrypt all outbound requests – https://youtu.be/xFficDCEv3c