DNS for Scam Protection
DNS Servers: General Info
What is DNS?
DNS stands for Dynamic Name System and it is the glue that holds the Internet together. Consider that there are BILLIONS of websites and Trillions of email addresses and countless numbers of each are being changed, created and deleted every day. For your computer to hold all the information needed to get to any of these places would be impossible and so, in line with the democratic, distributed model of the Internet, people make sure that their websites/domain names/email addresses are easily reachable by registering with interconnecting hubs called Domain Name Servers (DNS).
What does DNS Do?
The purpose of DNS is to translate a domain name (contained in a website, or an email address, such as 'www. microsoft.com' or 'firstname.lastname@example.org') into an IP address (eg. 192.168.0.2).
When you signup with an Internet Service Provider (ISP), you will have been told to set your DNS Servers (normally two of them) to two strings of numbers and dots. For example, Surewest is my ISP and their DNS servers are:
|Primary DNS server
|Secondary DNS server
So - it works - why should I care?
The problem with this system is that it is wide open to abuse. There are many ways that this system can be used and abused, for example:
- Your DNS resolution is only as good as your ISP allows. If their DNS servers are ill-maintained or overloaded, your lookups may take a lot longer than they should.
- Just because the domain name of a website mentions kitties and fluffy bunnies, it doesnt mean that it's not a porn site.
- A mis-spelled bank domain name is probably a spoof website, trying to get you to enter your bank access details for a scammer.
- Your employees can spend all their working day surfing unsuitable websites, wasting company time and potentially making you liable for their contributions.
- The DNS system makes no decisions of any kind about the content of or suitability of or legality of websites - it is just a tool.
- When your kids use google or any other search engine to search for stuff, the results returned may expose them to violent and/or sexual images which would horrify you.
So, what other options are there?
A lot of Businesses already use access filtering software to restrict the websites their employees can reach. eBay, MySpace, FaceBook, YouTube etc. are often considered timewasting sites. They often use keyword-related rules to prevent access to pornographic/violent sites. Schools/colleges also use filtering to do the same thing but for home users there is no system administrator except you.
Businesses Filter-type Applications include software from Blue Coat Systems, Postini (Owned by Google), SurfControl/Websense etc.
We all know about viruses, worms and trojans now - we all have anti-virus protection (You do don't you? - of course you do!) but very few home users have any form of filtering of Internet content. There are commercially available tools to probide this service, in the form of 'Net Nanny' style offerings but they involve you installing software on (all) your PCs (and Macs and Cellphones and Internet - connected TVS etc), but the approach I prefer is to use a DNS service called OpenDNS
... and OpenDNS is what exactly?
It's a website and a service that replaces the DNS servers your ISP gave you with their 'active' ones. Here they are, in fact ; 220.127.116.11 and 18.104.22.168.
If you did nothing else except changing your DNS servers, you could benefit from the Improved lookup speed , Phishing/Spoof website protection (OpenDNS operates PhishTank, the Web's most trusted source of phishing data).
When someone in your household tries to visit a phishing Web site, OpenDNS blocks the site and notifies them of the site's malicious intent.
If you sign up for the (FREE) service though, your options are immense. You register your network and then start laying down the rules about your network.
See the image for an example of the types of content you can block.
Google has recently announced that it is offering a replacement DNS service, called Google Public DNS. Due to the huge reach and expertise of Google, it is likely to be very fast and secure but lacks the domain name filtering aspects of OpenDNS.
To try it out, you change your network settings to use the IP addresses 22.214.171.124 and 126.96.36.199 as your DNS servers. More instructions are here.
General information about Internet Protocol (IP) addresses
How to change your DNS Servers in Microsoft Windows
DNS settings are specified in the TCP/IP Properties window for the selected network connection.
Example: Changing DNS server settings on Microsoft Windows Vista
- Go the Control Panel.
- Click Network and Internet, then Network and Sharing Center, then Manage network connections.
- Select the connection for which you want to configure DNS. For example:
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
- To change the settings for an Ethernet connection, right-click Local Area Connection, and click Properties.
- To change the settings for a wireless connection, right-click Wireless Network Connection, and click Properties.
- Select the Networking tab. Under This connection uses the following items, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
- Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, write them down for future reference, and remove them from this window.
- Click OK.
- Select Use the following DNS server addresses. If there are any IP addresses listed in the Preferred DNS server or Alternate DNS server, write them down for future reference.
- Then. depending on which system you are going to use:
Restart the connection you selected in step 3.
Test that your setup is working correctly; see Testing your new settings.
Repeat the procedure for additional network connections you want to change.
- FOR GOOGLE PUBLIC DNS
Replace those addresses with the IP addresses of the Google DNS servers: 188.8.131.52 and 184.108.40.206.
- FOR OPENDNS
Replace those addresses with the IP addresses of the OpenDNS servers: 220.127.116.11 and 18.104.22.168.