Hello Everyone, i’m KDT and today we are gonna be exploring on the topic Encrypted DNS. Many might wonder what it is so i’m gonna be explaining it in detail. The Installation Procedures will also be discussed for each OS and I will also discuss the importance of this and how this prevents a Cyber Attack.
WHAT IS DNS?
The Domain Name System (DNS) is the phone directory of the Internet. Basically, Humans access information online through domain names, like kdttechy.com or youtube.com. Web browsers interact through IP addresses and DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device. For Example, if i want to go to Google, i would type this google.com. This then gets converted as a IP addresses such as 18.104.22.168. This is how DNS works
So now that you know what is a DNS, let me explain the Security Concerns it has.
Some random person can listen in and see what websites you’re visiting by just looking at the DNS Traffic as gnerally it is not encrypted. It doesn’t matter even when the connection to the website is secure. There is also a famous attack based on this known as MITM(Man In The Middle Attack). Let’s see it in brief in the next section.
MITM(Man In The Middle Attack)
To attack a victim of a certain/specific network, He/She should be first connected to the same network as the victim. This is the main requirement for MITM attacks. After a Attacker is connected, He/She will run a IP Scanner which scans the entire network and outputs the Ip – Addresses of the people who are connected in it. Then he shall execute the attack which leads to a malicious outcome. For more info regarding this, Click Here
TURNING ON ENCRYPTED DNS
Ok, now let’s see how to turn on Encrypted DNS with regards to the different devices and OSs.
Chromium Based Browsers [Chrome, Brave etc]
- First Goto the settings and then navigate to Privacy and Security
- Now click on Security and now you could see the Secure DNS option at the bottom of the page.
- There are two options for you to go, either “With your current service provider” or Custom one. If you choose the first one, Secure DNS may not be available all the time as it is given. You could definitely use Cloudflare 22.214.171.124 in the Custom menu, It’s just recommended.
Other Browsers (Like Firefox)
- First Goto the settings and scrool to the bottom of the page.
- Then click the Settings button in the Network Settings Section.
- Now a menu will pop up, enable the DNS over HTTPS option in the very bottom of that prompt.
Image Source: Cloudflare Blog
- First Goto the settings and then navigate to Network Settings.
- This may vary from phone to phone slightly according to the manufacturer.
- Now, go to the Advanced Settings inside the Network Settings.
- You could now see the Private DNS option, click it enter the hostname. I would prefer Cloudflare which is 1dot1dot1dot1.cloudflare-dns.com
- Type exactly as mentioned above, you could also use other providers. But make sure to type the hostname or else it would not work.
IOS and Ipad
Unfortunately. for IOS and Ipad Staright-forward installation is not available right now. But there are some automated packages availabe in the internet to help you out in the process.
- Click here to go to the GitHub repository page.
- Choose whichever the file you want to access and click the View Raw which is available when the “three dot button”.
- Now, a prompt will appear asking you whether to download the configuration profile or not, Click Allow and the file will be downloaded.
- Now go to the settings, and you can see at the top that the Profile is downloaded. Click on it and again click the install button. Now go through the setup and you’re all set and done!
- You could also uninstall this by going into general and then profile and deleting it.
The installation in MAC is pretty identical to the pevious one. Follow the same steps, first go to the GitHub repository page and choose your desired file. Now follow the steps below:
- Right Click on where it says raw and select “Download Linked File As…” and choose the download destination.
- Now you have to rename the downloaded file. Strip off the .txt extension in the end. Also click the button use .mobileconfig.
- Now, click the file and the installation prompt will appear. Go through the installation and install it.
Unfortunately for Windows, this feature is not yet available and it’s still in the beta stage. But, you can still enable it in the browser and use it. If you want to know more about it, Click Here
Although we cannot stop all the cyber attacks related to networking with this solution, it atleast helps us to defend from the major ones. So, i insist everyone to turn DNS Encryption on in device right now if you haven’t done yet.
THANKS FOR READING!