What is DNS?
DNS stands for Dynamic Name System and it is the glue that holds the Internet together. Consider that there are BILLIONS of websites and Trillions of email addresses and countless numbers of each are being changed, created and deleted every day. For your computer to hold all the information needed to get to any of these places would be impossible and so, in line with the democratic, distributed model of the Internet, people make sure that their websites/domain names/email addresses are easily reachable by registering with interconnecting hubs called Domain Name Servers (DNS).
What does DNS Do?
The purpose of DNS is to translate a domain name (contained in a website, or an email address, such as 'www. microsoft.com' or 'email@example.com') into an IP address (eg. 192.168.0.2).
When you signup with an Internet Service Provider (ISP), you will have been told to set your DNS Servers (normally two of them) to two strings of numbers and dots. For example, Surewest is my ISP and their DNS servers are:
|Primary DNS server||188.8.131.52|
|Secondary DNS server||184.108.40.206|
So - it works - why should I care?
The problem with this system is that it is wide open to abuse. There are many ways that this system can be used and abused, for example:
So, what other options are there?
A lot of Businesses already use access filtering software to restrict the websites their employees can reach. eBay, MySpace, FaceBook, YouTube etc. are often considered timewasting sites. They often use keyword-related rules to prevent access to pornographic/violent sites. Schools/colleges also use filtering to do the same thing but for home users there is no system administrator except you.
Businesses Filter-type Applications include software from Blue Coat Systems, Postini (Owned by Google), SurfControl/Websense etc.
We all know about viruses, worms and trojans now - we all have anti-virus protection (You do don't you? - of course you do!) but very few home users have any form of filtering of Internet content. There are commercially available tools to probide this service, in the form of 'Net Nanny' style offerings but they involve you installing software on (all) your PCs (and Macs and Cellphones and Internet - connected TVS etc), but the approach I prefer is to use a DNS service called OpenDNS
... and OpenDNS is what exactly?
It's a website and a service that replaces the DNS servers your ISP gave you with their 'active' ones. Here they are, in fact ; 220.127.116.11 and 18.104.22.168.
If you did nothing else except changing your DNS servers, you could benefit from the Improved lookup speed , Phishing/Spoof website protection (OpenDNS operates PhishTank, the Web's most trusted source of phishing data).
When someone in your household tries to visit a phishing Web site, OpenDNS blocks the site and notifies them of the site's malicious intent.
If you sign up for the (FREE) service though, your options are immense. You register your network and then start laying down the rules about your network. See the image for an example of the types of content you can block.
Google has recently announced that it is offering a replacement DNS service, called Google Public DNS. Due to the huge reach and expertise of Google, it is likely to be very fast and secure but lacks the domain name filtering aspects of OpenDNS.
To try it out, you change your network settings to use the IP addresses 22.214.171.124 and 126.96.36.199 as your DNS servers. More instructions are here.
DNS settings are specified in the TCP/IP Properties window for the selected network connection.
Example: Changing DNS server settings on Microsoft Windows Vista