Domain Name System: Your ISP Records Every Website You've Visited #FBF

Originally published March 31, 2021

I feel old saying this, but do you remember phone books? We used to have these enormous books filled with phone numbers for the people and places in our area. People in one large directory, the White Pages, businesses in the other, the Yellow Pages.[1] Need the number for a plumber? Look it up in the phone book.

Nowadays, we have smartphones with all our phone numbers and can find any business's number with the internet. However, the internet itself only works because it has a similar collection of numbers known as IP address. We then store these websites and their numerical addresses in the "Domain Name System (DNS) ... the phonebook of the Internet."

The real Yellow Pages.

Where Is this DNS Server?

DNS is a vital part of Network Infrastructure. For simplicity's sake, whenever we sign up with an Internet Service Provider (ISP), they agree to provide a DNS service as part of our internet agreement. If we sign up for Comcast, our DNS is programmed to be the nearest Comcast DNS server. The same is true for CenturyLink, Spectrum, and likely every other ISP. By the way, this is also true for our smartphones. In this case, our cellular-service provider (such as Verizon, AT-T, T-Mobile, etc.) provides the DNS server.

Theoretically, this is a good thing. If we want to go to a website, we enter the website's name, and our ISP's DNS server tells our computer how to get to this website. For example, want to go to Google? Just type "google.com" into your browser, and Comcast's DNS server tells your computer to head over to 108.177.122.138.[2]

A Record of every Website You've Ever Went To

There is a catch to this: Recorded in their DNS servers is the name of every website you have ever gone to.

I want that to sink in for a second: There is a record of every single website you have ever visited. Ever.[3] And no amount of clearing out your browser's History will get rid of that record of your browsing history. According to Anthony Heddings at How-To Geek, "Browsing history like this is the kind of valuable data off of which many companies make huge profits" and that this is such a big issue that the Federal Trade Commission was investigating this practice.

A DNS that Serves Us

Just because your ISP's DNS is easy doesn't mean that it's your only option. Furthermore, relying on the local DNS provider is often a significant cause of internet issues. James "Professor" Messer explains, "There's a saying among network administrators that the problem is always somehow related to DNS."

There is an alternative to problematic private DNS servers: public DNS servers. These public servers perform all the DNS functions, "serving as the Internet's phone book" but without recording your website history. Furthermore, some (e.g.: Google, Lifewire, etc.) argue that using a public DNS server can make your internet experience faster.

Paradoxically, since it has "spearheaded an entire industry that uses tracking and third-party cookies that follow us around the internet," Google is the number one name in public DNS. They provide a fantastic DNS service! You would be hard-pressed to find someone in IT who does not know its iconic IP addresses by heart: 8.8.8.8 and 8.8.4.4.

Challenger-brand Cloudflare has been gunning for Google's top slot by offering their DNS: 1.1.1.1 and 1.0.0.1. Cloudflare advocates that their DNS is more secure and is the fastest DNS service in the world. Cloudflare—unlike internet service providers—only holds on to logs for 24 hours ("for debugging purposes"). Then they purge these. Cloudflare even offers other iterations of their DSN for families that blocks malware and/or adult content.

Perhaps the noblest of the public DNS providers is Quad9. This not-for-profit organization recently relocated to Switzerland because of this country's famous privacy laws. Quad9's primary DNS server is what you think it would be: 9.9.9.9. However, unlike Google's 8.8.4.4 and Cloudflare's 1.0.0.1 secondary DNSs that are simple alterations to these IP addresses, Quad9's secondary DNS is 149.112.112.112. Perhaps Quad9 explains why we should use their service: "Your use of Quad9 may prevent a ransomware attack, prevent your bank account from being compromised, or protect your laptop from being used as part of an illicit criminal attack on others."

What Can You Do?

Convinced? Here's all you have to do to change the DNS on your Windows computer:

  • Get into your Network Connections by pulling up Control Panel, clicking "Network and Internet," and then hitting "Network and Sharing Center."
  • Double click on Ethernet or Wi-Fi.
  • Click on Properties.
  • Double click on "Internet Protocol Version 4 (TCP/IP)."
  • Click "Use the following DNS server addresses" and enter the DNS of your choosing.
  • Click Okay, Okay, and Close.

Your PC is now faster and safer—all while keeping your browsing history private. And it's just as easy to change the DNS settings on your Android and iOS devices. Quad9 even offers a video on how to change DNS settings on macOS.

Better yet, if you want this level of protection for all of your devices (including your Amazon Echo, Google Home Mini, Nest Doorbell, and the rest of your Internet of Things), change the DNS settings in your router and/or wireless access point. Now, every device that connects to your network will automatically connect to the DNS that you set.

Here are the various popups needed to navigate to change the DNS server on Windows 10.

 

 

[1] We weren't very clever back in the day, so these colors here denoted the actual color of these book's pages.

[2] By the way, you can type https://108.177.122.138/ into your browser, and you'll also go to Google.

[3] Okay, so your ISP only has a record of every website you went to while you had service with them, but that means all of your earlier websites are on the servers of your former ISP(s).