06 March 2011

How DNS Can Keep You Safe AND Speed Up your Internet Connection

A number of my friends aren’t aware what DNS is let alone how it can help keep you and your family safe, plus speed up your internet connection so I decided to write an introduction.

What is DNS?
DNS stands for Domain Name System, for a detailed description see Wikipedia or other sources but basically when you type www.Google.com into your browser, your computer needs to translate that into an IP address (a numerical label) which will be something like 74.125.230.147 in order to request the Google home page.

How can it help my safety?
Child Safety
By manipulating your DNS you can control what sites can be ‘seen’ by your computer or network. With a service like OpenDNS you can change what your computers will be able to resolve from a name into an IP address and thus what sites they can access. If you need more granular control you should look into controlling the DNS for your individual computers. I cover that below.

Malware and Phishing
DNS can help by not allowing malware (malicious software) to communicate back to botnets and blocking known Phishing sites. For more information on how OpwnDNS helps go to this article on the OpenDNS knowledge base or search it for the term “Malware” or “Phishing” therein.

How can it help speed up my internet connection?
A large number of sites contain advertising like the banner ads down the side or on the top of articles. These ads are often images or flash components and have to be requested by the browser independently of the page itself, from their respective ad servers. These ad servers are often slow to respond and the browser often won’t show any of a page until all the elements are loaded. So basically the page and all its content you want will probably download fairly quickly but the ads will take their time to arrive and you have to wait for them before you can see the page. If you deny access to many well known advert servers then this no longer happens, plus you don’t get bombarded by adverts.

This sounds great. How can I use it?
There are basically two places you can control your DNS:

  • On your router: the settings will apply to all the computers on your network.
  • On an individual device: e.g. computer, phone etc. This gives more granular control e.g. if you want to keep your child’s computer safer but still allow yourself free-reign on the internet. This can be achieved via altering your DNS host settings or editing your hosts file (see below).

I’m sure there are many services (e.g. Google Public DNS) offering the ability to control your DNS but for me the best at the time of writing is OpenDNS.com. They offer a range of services from free to enterprise (paid) subscriptions and their site contains clear and concise information about how to set things up.

Hosts Files
If you’re on a Windows or Mac machine and more technically minded you can also achieve similar results by altering your hosts file:

  • Windows: edit C:\WINDOWS\system32\drivers\etc\hosts NB: You’ll need to run Notepad as administrator: Right click it in the Start menu then select “Run as Administrator”, then open the file.
  • Mac: edit /private/etc/hosts
  • Android: As of writing I couldn’t figure out how to do this as the system is re-written on every re-boot.

NB if you’re on a Linux host e.g. Mac and you use a Windows file you’ll need to convert the text file to Unix format by replacing the line endings (e.g. using Notepad++, Edit, EOL Conversion).

On either machine the principle is the same, you include entries like:
127.0.0.1 ad.doubleclick.com
which says to the machine: when you need ad.doubleclick.com, go to 127.0.0.1 which is the computers own ip address. When the browser does this it will find nothing and just serve a blank or ‘not found’ message for that part of the page.

You can find further information on this method on this site which although it is Windows centric contains valuable resources (e.g. example hosts files) for either platform.

No comments:

Post a Comment