Most of us visit a wide range of websites every single day, including educational, entertainment, and news resources. The bitter reality is that the Internet is chock-full of malicious sites that spread malware, wheedle out sensitive information through phishing schemes, or hoodwink users into paying for services they don't need. Therefore, vigilance during web surfing is hugely important these days.
Malicious sites may contain ads that, when clicked, download harmful code onto your device in the blink of an eye. Here is a common scenario: when searching the web for some software, you may come across rogue app marketplaces that host booby-trapped program installers. These dodgy entities promote predatory code ranging from low-impact adware to extremely dangerous ransomware.
Phishing sites that mimic legitimate sign-in or registration pages to steal passwords or financial data are also very widespread. Sites that infect devices without any interaction with visitors are particularly dangerous. They contain scripts that are automatically executed on the client side, that is, on your computer or smartphone, and deposit spyware, bots, or file-encrypting ransomware behind the scenes.
Online resources with prohibited materials related to drugs or terrorism are in the shady area as well. In addition to violating the law, they often disseminate viruses as an extra layer of monetization.
One simple and affordable measure to stay protected against online perils is to use a secure DNS server. Let's see what this technology is, how it works, and how to choose the service that won't let you down.
DNS (Domain Name System) is one of the fundamental services on the Internet. It maps every web resource's IP address, which looks like a random hard-to-remember string, to an alphanumeric domain name. Here is an illustration: an arbitrary IP address 12.345.678.90 is automatically transformed into a human-readable URL like some-site.com. This service is often compared to a phone number directory.
DNS is a hierarchical system: each zone on the Internet has its dedicated DNS server (or a series of them) that knows all the domain names within its range. If this server gets a request for an unknown resource, it forwards it to a higher-level counterpart. Every time you look up information on any search engine, your request is routed to your DNS server. It will find the relevant site, no matter where on the Internet it is located.
Secure DNS servers are designed to protect you against malicious web resources and prevent your kids from accessing unwanted content. The main idea behind them is to keep a record of malicious sites, maintain up-to-date blacklists, and restrict access to these potentially harmful entities.
The use of a secure DNS server also strengthens your privacy by only storing your queries for a limited amount of time. Moreover, some services are capable of blocking ads and adware. A DNS server like that can be a decent – and safer – substitute for your ISP's servers.
Alibaba Cloud DNS
Alibaba Cloud is one of the world's best hosting providers that can bolster highly resilient infrastructure. It is the same infrastructure that supports Taobao - the largest e-commerce marketplace. Alibaba Cloud DNS provides businesses with an intelligent and secure service that converts domain names into IP addresses. Alibaba Cloud DNS takes into account your geographic location to return IP addresses. It covers major Internet Service Providers on 6 continents, and across 89 countries. The service supports most types of DNS records: CAA, MX, A, TXT, NS, AAAA, CNAME, and SRV. Alibaba Cloud DNS is a perfect option for web developers who require ease of use and for organizations that need international reliability in one powerful package.
In 2015, Cisco acquired the service called OpenDNS and redesigned it into its proprietary Cisco Umbrella product. It's not just a garden-variety DNS but a suite equipped with online security features such as a firewall, a web proxy that analyzes files in an isolated virtual environment, and a set of investigative tools.
This service is primarily intended for enterprise customers. You can choose any suitable format for your needs: Iaas, Paas, or SaaS. Due to numerous options, you may need to talk ещ Cisco tech support personnel or find an IT consulting company.
The corporate DNS server is configured to redirect DNS requests to 126.96.36.199 and 188.8.131.52 IP addresses, with the company's network being added to the Cisco Umbrella web page.
The client policies allow a variety of customizations. Users can specify the categories of sites and content to be blocked and configure the filtering rules based on applications as well as specific domain names. According to DNSPerf, an independent DNS analytics and comparison service, Cisco Umbrella ranks third in terms of performance.
This well-known free service was created in 2018. There are several modes of operation depending on the IP address you set. The main address is 184.108.40.206. Whereas it doesn't provide filtering features, you get a reliable and speedy DNS service with no strings attached.
Family mode is another option. Specifying 220.127.116.11 and 18.104.22.168 as your preferred and alternate DNS server IP addresses will block known malicious resources. If you additionally want to fend off adult materials, set the pair of addresses to 22.214.171.124 and 126.96.36.199.
The service supports Domain Name System Security Extensions (DNSSEC), which means that attackers won't be able to redirect you to fake web pages. The website of the service states that Cloudflare does not sell user data to advertising companies, and your requests are stored on the server for only 24 hours. DNSPerf rates Cloudflare as the fastest public DNS service in the world.
DNSFilter debuted in 2015 and was a work in progress for three years. It is a commercial solution supporting various security features, including DNSSEC, DNS over TLS (query encryption), real-time site classification, as well as protection against botnets and phishing.
The service is available to both home and business customers. It allows you to store client request logs and configure policies. DNSFilter's server addresses are 188.8.131.52 and 184.108.40.206. The annual subscription price ranges from $216 to $1069, depending on the feature set and usage options. The DNSPerf service ranks it second fastest across the board.
Google Public DNS
This free public service has been operating since 2009. It provides accelerated loading of web pages due to data caching and protects your requests through the DNS over TLS and DNS over HTTPS technologies. The server addresses are 220.127.116.11 and 18.104.22.168.
According to Google's terms and conditions, user data is deleted within 48 hours, while location data vanishes from its servers within two weeks. The provider claims to keep your web browsing information secret, but its negative track record of mishandling such details might discourage privacy-minded users from leveraging the service. DNSPerf ranks Google Public DNS sixth in terms of speed.
Neustar UltraDNS Public
This is another popular free DNS service. Provided by American technology company Neustar, it offers several servers with different levels of filtering. The servers that use 22.214.171.124 and 126.96.36.199 IP addresses ensure a fast and reliable search for requested resources without blocking potentially harmful content.
To stay away from phishing and malware-riddled sites, you will need to specify the following preferred and alternate IPs in your DNS server settings: 188.8.131.52 and 184.108.40.206. If you want to block sites hosting pornography, violence, or gambling materials, set the DNS server addresses to 220.127.116.11 and 18.104.22.168.
Focused on filtering malicious websites and protecting your privacy, Quad9 is another worthwhile free service. Its website states that your IP address is never registered on its servers. The service leverages both commercial and publicly available sources of threat data. The biggest caveat is that it doesn't provide content filtering. To use Quad9, you need to enter 22.214.171.124 and 126.96.36.199 strings in your DNS settings. The service holds the seventh position in the DNSPerf rating.
The company's products for personal use are geared toward protecting children on the Internet. It comes as no surprise that they are often set up in schools. The DNS server blocks malicious resources as well as sites with paid subscriptions, pornography, online games, and other types of content you specify in the settings (there are a total of 60 categories you can select). The service blocks commercially flavored items such as ad banners and annoying pop-ups.
You can configure SkyDNS to forward requests to safe search pages that contain no harmful information related to drugs, explosives, etc. The settings can be specified via the service's official site that additionally tracks a user's requests. The IP address of this DNS service is 193.258.251.251. The cost starts at about $7 per year. SkyDNS also offers a line of products for corporate customers of any size.
You can use the above-mentioned DNSPerf service to choose a DNS server that meets your requirements. Just select your region or keep the default global values, and the site will display the query speeds, uptime, and other important details for different solutions. In this report, the quality of a DNS service depends on the stability of its server network. For instance, if it has four servers and one of them is currently unavailable, the quality will be 75%.
To find the fastest DNS server specifically for your computer, you can use the DNS Jumper application. When you run the "Fastest DNS" test, it will query all available servers and show their response time.
The story about secure DNS servers would be incomplete without a brief instruction on how to configure such a service. The paragraphs below describe the procedure for a computer running Windows 10.
Open Windows settings, go to "Network and Internet," and select "Network and Sharing Center." At the top right of the page, you will see your active connection and its current status. Select it and click the "Properties" button. Note that you need administrator privileges to modify these settings.
Then, click the "Internet Protocol Version 4 (TCP/IPv4)" entry, click "Properties," and enable the radio button next to the setting that says "Use the following DNS server addresses." Enter the preferred and alternate addresses from the service provider of your choice and click "OK" to confirm the changes.
A reliable DNS service is definitely worth a shot. It will give your online security a boost without causing a conspicuous decrease in the connection speed. It is still advised to configure a VPN on Windows or another OS to be on the safe side. Cloudflare, Google, Neustar, and Quad9 provide free protection against rogue sites and block access to unwanted content.
The services by Cisco and DNSFilter are more suitable for enterprise customers, as they come with a variety of features and extensive customization options. If you are looking for a solution to safeguard your kids on the Internet, you can't go wrong with Alibaba Cloud DNS that provides competitive functionality at a reasonable cost.
David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.
Alibaba Clouder - July 31, 2018
Alibaba Clouder - October 25, 2019
Alibaba Clouder - May 15, 2018
Alibaba Clouder - August 31, 2018
Alibaba Clouder - February 10, 2020
Alibaba Clouder - July 2, 2019
Alibaba Cloud DNS is an authoritative high-availability and secure domain name resolution and management service.Learn More
Alibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.Learn More
Allows you to access the nearest node based on the Domain Name System (DNS) architecture.Learn More