Domain Name Service (DNS) is used in all web communications to simplify the process of accessing websites. Domain names such as google.com are converted to an IP address or several by which the computers exchange information across the network.
DNS communications are sent unencrypted meaning that any party on the same network or between you and the DNS servers you are using can read these queries to know the websites or services you are accessing. This is a simple way to gain a list of services that you use.
Newer technologies like DNS over HTTPS (DoH) ensure that the DNS queries are sent encrypted, these have been implemented into operating systems like Windows 10 & 11 but are not enabled by default and have to be configured manually.
DNS & Phishing
A common method of attack involves changing the DNS client settings on a network and redirecting DNS queries to a server controlled by the attacker. Mainly used to easily redirect users to phishing sites to capture their login details, but also provide data collection to plan attacks (IE banking services or social platform information).
DNS & Tracking
Another aspect of DNS is as a tool to stop some of the tracking techniques used by applications and web services, many application collects statistical data on your activities for diagnostic purposes and provides data for predictive functionality. It is becoming more common for it to be used in the creation of data sets that are sold to advertisers.
Steps to Increase your Privacy and Security
Configuring your DNS settings on your machine will ensure you do not receive compromised DNS servers from any network.
Use a public well-known DNS server that provides DNS over HTTPS to ensure your communications are encrypted to prevent monitoring of your traffic.
Some public servers offer filtering options to remove common trackers and ads.
Below is a list of servers with details about their filtering and anonimity levels
For maximum security and privacy, you should run your own internal encrypted DNS server. A popular open-source product is Pihole that can provide filtering to remove tracking and advertisements from all devices on your network providing complete control over your DNS query data.
