Keeping clients' computers safe and profitable for over 30 years

Determine Your DNS Service

Preview:

DNS stands for Domain Name Server. This is the service that converts your request for a website into an address. For example, steveshank.com converts to 74.124.213.172. Your browser can only go to that address. It cannot go to a name. Most people just use whatever DNS server their Internet provider offers for free. However, that isn't necessarily either fast, reliable, secure, or private. Here's what a good DNS provider will do:

1. Provide fast results.
2. Not record where you go and then sell your Internet travel log.
3. Block some malicious sites.
4. Verify that you have a secure and authenticated connection like a bank does. This prevents anyone from intercepting the connection.
5. Checks that no one tampered with the address received.

I normally set up my clients with Quad9 for their DNS resolver. This is part of my standard new computer setup. Quad9 is a nonprofit foundation based in Switzerland focused on providing secure, private, and high-speed DNS services. It sources its blocklist from twenty different threat intelligence providers, which helps maintain a diverse and effective list of malicious domains, which it updates daily. The important thing to remember about Quad9 is that it blocks malicious sites, like malware, phishing, or botnet sites. Despite a massive list of sites (perhaps a million; the number is unknown), it is unlikely you'll ever get a false positive. Quad9 typically blocks over 100 million malware infections and phishing attacks per day. All operating systems allow you to specify your own DNS resolver, so you can change all your devices to use Quad9.

Besides setting your computers and mobile devices to a better DNS server, most routers will also allow you to choose your DNS server. If you do that on your router, then everything going through it is sent to a secure, fast DNS service. This means that your streaming TV and robot vacuum will also be using the safer and faster DNS resolver.

Quad9's addresses are:

• IPv4 Addresses: 9.9.9.9 (primary), 149.112.112.112 (secondary).
• IPv6 Addresses: 2620:fe::fe (primary), 2620:fe::9 (secondary).

Encryption Support:

• DNS-over-HTTPS (DoH): https://dns.quad9.net/dns-query
• DNS-over-TLS (DoT): tls://dns.quad9.net

CloudFlare also offers an excellent free service that is just as good.

Another Option
NextDNS is another option. This is a paid service that I use instead of the free Quad9 I use with clients' computers. NextDNS blocks ads, affiliates, tracking, metrics, telemetry, phishing, malware, scams, fakes, coins, and other stuff. So, many types of unwanted sites are blocked, not just the malware sites blocked by Quad9. They offer something for free, but I subscribe for $20/year.

On a typical day, Quad9 won't block anything because I am unlikely to hit a link to a malware site. However, NextDNS blocks over 500 queries a day from my TV, tablet, router, computer, and phone.

Because NextDNS blocks so many sites, it will sometimes block something you don't want blocked.

You must be aware and think about what is going on. Sometimes, you'll be blocked from something you want! For example, last week I went to YouTube from my TV set. It didn't come up. It seemed to me that YouTube was down. The next day it was still down. So, I checked the logs on NextDNS from my office computer. I found a tracker from YouTube that was blocked. I told NextDNS to allow it in the future. YouTube started working on my TV again. Now, when I use YouTube, that tracker is working to spy on me, but I'm able to watch the content I want on YouTube. I gave up some privacy for that content.

NextDNS lets me configure and tailor my blocking, and will occasionally block a tracker or something I am willing to allow. It takes some work. It preserves safety and privacy. Quad9 is a set it and forget it system that only protects you from malware sites, not trackers.