DNS over HTTPS
How does DNS work?
Protecting your privacy online is a hot topic for many. Though many websites have transitioned from HTTP to HTTPS, allowing web traffic to be secured, this does not protect your overall privacy. The internet still relies on older protocols to ensure you are accessing the right website or other online resources.
DNS, or the Domain Name Service, is one of those protocols we rely heavly on everyday. Every internet connected device has at least one IP address. DNS allows you to type in google.com and it resolves the IP address associated to it. One of the biggest issues with DNS is that it is one of those legacy protocols we rely on everyday. It has no built in security and runs completely in clear text. This allows your Internet Service Provider, or anyone capable of capturing internet traffic, to see what websites you access. This means that even if you are accessing a HTTPS website, others can still see your internet history.
Why is this bad?
As we continue on in the digital age, our internet history is being used against us. Website cookies, internet searches, and DNS queries are being sold to marketing companies. Everything you do is being bought and sold to a number of companies and marketing firms. These companies then take this information and use targeted ads in order to get you as the consumer to purchase online goods and services. There have been steps made to discourage and even eliminate this type of intrusion into our privacy however they have not been totally adopted due to complexity.
Protecting your online privacy
CloudFlare offers a number of different ways to protect your online searches. If you are looking to just configure the service on your local machine, instructions and downloads can be found at their Downloads page. Quad9 offers the same level of integration.
If you are looking to provide DNS over HTTPS for your entire household or business your in luck as well. There are simple ways to get this configured so that everyone can take advantage. Different types of routers, including pfSense, can be configured to run DNS over HTTPS. To do so, you can utilize Untangle and configure it to run DNS over port 853. The configuration will be placed into the custom option area and will look like this:
server: forward-zone: name: "." forward-ssl-upstream: yes forward-addr: [email protected] forward-addr: [email protected] forward-addr: 2606:4700:4700::[email protected] forward-addr: 2606:4700:4700::[email protected] forward-addr: [email protected] forward-addr: [email protected]
Once that is in place, and you have saved your configuration, you will now have an additional sense of privacy and security while online.