This might be a stupid question for someone who is not technical, but what is the use of using a DNS server such as Quad9 for home use? Does it help with privacy? If so, how does it do that?
I tried to google around but all the articles are fairly technical.
In: 4
DNS is basically the address book of the internet – it is was associates IP addresses to the plain-english website address you know. So when you go to www.reddit.com, your computer will query a DNS server to learn what IP address the Reddit servers use, and _that_ is what allows you to connect to the website.
For an ELI5 analogy, if you want to send a letter to Bob Smith, you can’t just write “Bob Smith” on the envelope and expect the post office to know what to do – you’d look up Bob Smith in the phonebook (lol, dating myself here) and get Bob’s address, which you write on the envelope. **That** is what tells the post office what to do with the letter.
While the master DNS is run by a non-profit entity, most ISPs will cache DNS entries locally to speed things up. This means that when you go to a website, you are probably querying your ISPs DNS to get the IP address first.
This means that your ISP has a record of every website you visit. They don’t know what you did there (HTTPS protects against snooping) but they do know where you went. Since they know _your_ IP address as well, they have a full list of every website you go to thanks to DNS queries. This can be used for targeted advertising, best case, and actively monitoring your behavior, worst case.
Using a service like Quad9 means that you _don’t_ go to your ISPs DNS, which means they don’t have DNS query records (though they can still track you other ways).
It also protects against what are known as “man in the middle” attacks. Since DNS is the master address book, if you control said address book you can direct web traffic to any IP address you like. This means that when going to www.reddit.com, you _could_ be directed to a spoofed website that attempts to harvest your login credentials instead of Reddit proper.
Now, this is less of a concern for two reasons:
– Your ISP is not going to be sending you to spoofed websites. A random public wifi might, but you can trust your ISP in this regard.
– Spoofed websites won’t pass HTTPS checks, so your browser will warn you that the website is likely fradulent.
Less of a concern, but still worth mentioning.
Latest Answers