DNS for Scam Protection   

DNS Servers: General Info

What is DNS?
DNS stands for Dynamic Name System and it is the glue that holds the Internet together. Consider that there are BILLIONS of websites and Trillions of email addresses and countless numbers of each are being changed, created and deleted every day. For your computer to hold all the information needed to get to any of these places would be impossible and so, in line with the democratic, distributed model of the Internet, people make sure that their websites/domain names/email addresses are easily reachable by registering with interconnecting hubs called Domain Name Servers (DNS).

What does DNS Do?

The purpose of DNS is to translate a domain name (contained in a website, or an email address, such as 'www. microsoft.com' or 'fred@dumbtube.com') into an IP address (eg. 192.168.0.2).

When you signup with an Internet Service Provider (ISP), you will have been told to set your DNS Servers (normally two of them) to two strings of numbers and dots. For example, Surewest is my ISP and their DNS servers are:

Primary DNS server 66.60.130.2
Secondary DNS server    66.60.130.6

So - it works - why should I care?

The problem with this system is that it is wide open to abuse. There are many ways that this system can be used and abused, for example:

  1. Your DNS resolution is only as good as your ISP allows. If their DNS servers are ill-maintained or overloaded, your lookups may take a lot longer than they should.
  2. Just because the domain name of a website mentions kitties and fluffy bunnies, it doesnt mean that it's not a porn site.
  3. A mis-spelled bank domain name is probably a spoof website, trying to get you to enter your bank access details for a scammer.
  4. Your employees can spend all their working day surfing unsuitable websites, wasting company time and potentially making you liable for their contributions.
  5. The DNS system makes no decisions of any kind about the content of or suitability of or legality of websites - it is just a tool.
  6. When your kids use google or any other search engine to search for stuff, the results returned may expose them to violent and/or sexual images which would horrify you.

So, what other options are there?

A lot of Businesses already use access filtering software to restrict the websites their employees can reach. eBay, MySpace, FaceBook, YouTube etc. are often considered timewasting sites. They often use keyword-related rules to prevent access to pornographic/violent sites. Schools/colleges also use filtering to do the same thing but for home users there is no system administrator except you.

Businesses Filter-type Applications include software from Blue Coat Systems, Postini (Owned by Google), SurfControl/Websense etc.

We all know about viruses, worms and trojans now - we all have anti-virus protection (You do don't you? - of course you do!) but very few home users have any form of filtering of Internet content. There are commercially available tools to probide this service, in the form of 'Net Nanny' style offerings but they involve you installing software on (all) your PCs (and Macs and Cellphones and Internet - connected TVS etc), but the approach I prefer is to use a DNS service called OpenDNSOpenDNS Dashboard

... and OpenDNS is what exactly?
It's a website and a service that replaces the DNS servers your ISP gave you with their 'active' ones. Here they are, in fact ; 208.67.222.222 and 208.67.220.220.

If you did nothing else except changing your DNS servers, you could benefit from the Improved lookup speed , Phishing/Spoof website protection (OpenDNS operates PhishTank, the Web's most trusted source of phishing data).

When someone in your household tries to visit a phishing Web site, OpenDNS blocks the site and notifies them of the site's malicious intent.

If you sign up for the (FREE) service though, your options are immense. You register your network and then start laying down the rules about your network. See the image for an example of the types of content you can block.

Other Options

Google has recently announced that it is offering a replacement DNS service, called Google Public DNS. Due to the huge reach and expertise of Google, it is likely to be very fast and secure but lacks the domain name filtering aspects of OpenDNS.

To try it out, you change your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers. More instructions are here.



General information about Internet Protocol (IP) addresses

  • What is an IP address?
    An IP address is a number which computers use to identify a location on the network, whether the public Internet or a private network. The number is in the format #.#.#.# where the # may be any number from 0 to 255. For example, 123.12.1.0.

  • Do I have an IP address?
    If your computer (or laptop, smartphone, TV etc) is connected to the Internet, the answer is generally yes. Since you are obviously connected at this moment, your IP address is probably Your IP Address

  • How do web sites use IP addresses?
    Websites use IP addresses to find out a little about you, as a visitor. WIth your IP addresss, they can tell where you are geographically to quite a high precision of accuracy. They can also tell if you have visited before and, if they store that information, what kind of things you are interested in. For example, click the box below to see where your IP address shows that you live. This may be off by a few miles or spookily accurate, but it shows how powerful this is as a demographic tool.
    Show me my Geographic Info based on my IP Address

  • What is a dynamic IP address?
    Simply, a dynamic IP address is one that changes periodically. The ISP (Internet Service Provider) or network provider makes the change, not the individual user.
    Note: Static IP addresses are easier for the individual, but a static IP address may cost more or not be available from your ISP. Ask your provider.

  • Public versus private IP address
    OpenDNS, like all public Internet services, only sees your "public" IP address when you make a DNS request. At an office or school or behind a router at home, your individual computer may have a different, private IP address, visible only to those inside your network. If an IP address starts with 192.168 or 10.10, for example, that is a private network IP address, not available to the public Internet.

How to change your DNS Servers in Microsoft Windows

DNS settings are specified in the TCP/IP Properties window for the selected network connection. 

Example: Changing DNS server settings on Microsoft Windows Vista

  1. Go the Control Panel.
  2. Click Network and Internet, then Network and Sharing Center, then Manage network connections.
  3. Select the connection for which you want to configure DNS. For example:
    • To change the settings for an Ethernet connection, right-click Local Area Connection, and click Properties.
    • To change the settings for a wireless connection, right-click Wireless Network Connection, and click Properties.
    If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Select the Networking tab. Under This connection uses the following items, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  5. Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, write them down for future reference, and remove them from this window.
  6. Click OK.
  7. Select Use the following DNS server addresses. If there are any IP addresses listed in the Preferred DNS server or Alternate DNS server, write them down for future reference.
  8. Then. depending on which system you are going to use:
    • FOR GOOGLE PUBLIC DNS
      Replace those addresses with the IP addresses of the Google DNS servers: 8.8.8.8 and 8.8.4.4.
    • FOR OPENDNS
      Replace those addresses with the IP addresses of the OpenDNS servers: 208.67.222.222 and 208.67.220.220.
  9. Restart the connection you selected in step 3.
  10. Test that your setup is working correctly; see Testing your new settings.
  11. Repeat the procedure for additional network connections you want to change.

 

/home2/scamdex/public_html/scam-articles/dns-servers
Click Now!